From 5c84cffa315c9fe74cb15787d5ec99efdd1ee841 Mon Sep 17 00:00:00 2001 From: Vaishnavi Hire Date: Tue, 16 Aug 2022 14:42:10 -0400 Subject: [PATCH 01/11] Update to KF 1.6 fix dex configmap path (#2179) (cherry picked from commit 353254a1a0a2b7b7b6d89d3174d5a0ab77162005) Add kserve networkpolicy (#2189) * Create kserve * Rename kserve to kserve.yaml * Update kustomization.yaml (cherry picked from commit 5e9fedb195261cec2bea39349a85c1f7214cb6d0) Sync kubeflow/pipelines manifests 1.8.2 (#2223) * Update kubeflow/pipelines manifests from 1.8.2 * update example, tests (cherry picked from commit e7942110cd53428d1533bba1a4b4a93ecaefeb2e) Update kubeflow/kfp-tekton manifests from v1.2.1 (#2222) Signed-off-by: Yihong Wang (cherry picked from commit 5b1256f19a728908a7245db7460c3f742b01fb1e) Update minio and metadata-envoy networkpolicy (#2205) * Update minio.yaml * Add files via upload * Update kustomization.yaml (cherry picked from commit cbc18ece40722598ad95329296d794026358a9c7) Test that each component can be applied in a K8s 1.22 cluster (#2230) * Add GH action for testing JWA manifests. * Update permissions. * Add GH actions for PodDefaults. * Add GH actions for PodDefaults fix typo. * Add GH actions for applying manifests in KinD for each component. * Fix cert manager installation in all Actions. * Address review comments for all GH actions. (cherry picked from commit 76f3cf27c6b820d1f29dbe075f8feb820dd4115a) common: Add Istio 1.14.1 manifests (#2233) * common: Add Istio 1.14.1 manifests Signed-off-by: Dimitris Poulopoulos * testing: Update install Istio GH action script Update GH actions to use Istio 1.14 for testing. Signed-off-by: Dimitris Poulopoulos (cherry picked from commit 7a74ea210b10d27f18d055acd02fae665989c457) Sync kubeflow training operator manifests v1.5.0 rc.0 (#2232) * readme: Use new link for training-operator Don't use the tf-operator but training-operator Signed-off-by: Kimonas Sotirchos * hack: Update sync script for Training Operator Signed-off-by: Kimonas Sotirchos * Update kubeflow/training-operator manifests from v1.5.0-rc.0 (cherry picked from commit 6fce75e1b7de65a24a0453dd0ff660fbdfbf6523) Update kubeflow/katib manifests from v0.14.0-rc.0 (#2234) (cherry picked from commit dcbd493e66934dc74eea65c098ac3e442c7d4760) chore: Remove outdated Istio manifests (#2163) (cherry picked from commit bec0e266fc7be46d2f39a706e9b6ca8dcce7d044) Update README with Istio 1.4.1 (#2235) Signed-off-by: Anna Jung (VMware) (cherry picked from commit f8318a84a52b9c38fb41b2a6a4052cb5694112b1) Remove istio 1.11 (#2236) Signed-off-by: Anna Jung (VMware) (cherry picked from commit 5c600ad99c1d7a281384a86e66e6f67862ecffa9) Update Knative 1.4 (#2231) * knative: Update README for v1.4.0 Signed-off-by: Kimonas Sotirchos * knative: wget latest manifests Signed-off-by: Kimonas Sotirchos * knative: Remove all comments Signed-off-by: Kimonas Sotirchos * knative: Remove knative-ingress-gateway Had to manually remove a `{}` object at the end, introduced by the yq command. Signed-off-by: Kimonas Sotirchos * knative: Update README for removing {} Signed-off-by: Kimonas Sotirchos * knative: Set metadata.name in post-install-job Signed-off-by: Kimonas Sotirchos * knative-eventing: Update with v1.4.0 manifests Signed-off-by: Kimonas Sotirchos * knative-eventing: Remove comments Signed-off-by: Kimonas Sotirchos * knative-eventing: Remove anchors Signed-off-by: Kimonas Sotirchos * knative-eventing: Install only core Signed-off-by: Kimonas Sotirchos (cherry picked from commit c602b5c816d5d5e808892b8e0eee3c1d9b57c125) Move all tests under tests dir (#2237) * tests: Move everything under tests Signed-off-by: Kimonas Sotirchos * test: Move everything under test Signed-off-by: Kimonas Sotirchos (cherry picked from commit 666bb8cfab3b23a798b6df0e5c1e5813a3181707) remove kfserving component (#2239) (cherry picked from commit e05f2c6961f0eb786d8ebfc84b3c9431fab61fdf) Change images of KinD configuration files to be compatible with v0.14.0 (#2238) * Change images of KinD configuration files to be compatible with v0.14.0 * Move everything under the tests folder. * Update actions with the new name of the config file. (cherry picked from commit 72214705534d107c3a6615a6fdeadb146fe4b090) Sync kserve manifests for v0.8.0 (#2240) * Update kserve manifests from v0.8.0 Update kserve/kserve manifests from 8079f375cbcedc4d45a1b4aade2e2308ea6f9ae8 Update kserve/models-web-app manifests from v0.8.0 * add auto script for kserve and kserve models webapp manifests * update readme and kustomization * add rretry in kserve install for webhook * ignore error while installing * move cmds to script to allow local testing and remove sleep * move crd wait outside set +e (cherry picked from commit c3db49bd2f201922d6cac56b165cddfbc46e2253) Update kubeflow/kubeflow manifests from v1.6.0-rc.0 (#2242) (cherry picked from commit 6b60781cf8062dbb28285316ff606bc090a4f2b5) Update Dex for K8s 1.22 (#2243) * dex: Update for K8s 1.22 Needed to update the deprecated APIs from v1beta1 to v1 for: * CRD for AuthCode * ClusterRole * ClusterRoleBinding Signed-off-by: Kimonas Sotirchos * gh-actions: CI action for Dex Create a GH Action that tests if: 1. Dex manifests can be applied in a KinD K8s 1.22 cluster 2. All pods can become ready Signed-off-by: Kimonas Sotirchos * dex: Update image to 2.31.2 Signed-off-by: Kimonas Sotirchos (cherry picked from commit dca107164e13366240c6ddd1bd50a83f65cf67a7) Update kubeflow/pipelines manifests from 2.0.0-alpha.3 (#2250) * Update kubeflow/pipelines manifests from 2.0.0-alpha.3 Signed-off-by: Anna Jung (VMware) * Move pipeline manifest test commands to a separate script Signed-off-by: Anna Jung (VMware) * Change pipeline installation command back to apply crd only Signed-off-by: Anna Jung (VMware) (cherry picked from commit d701e97451863899779fc21815da2c8a1b870298) istio: Remove Istio 1.14 overlays (#2252) Remove overlays in 'kubeflow-istio-resources' for version 1.14. Signed-off-by: Dimitris Poulopoulos (cherry picked from commit 707f8f6d2af4d10de0e1f28eb36fcd819c628f2b) knative: Updrade Knative to version 1.2 (#2251) * Update the README file * Fetch the manifests for Knative serving 1.2.5 * Fetch the manifests for Knative eventing 1.2.4 * Remove comments, anchors and aliases Signed-off-by: Dimitris Poulopoulos (cherry picked from commit 0660ee00d0787706bcf0122bf7b266781724011f) readme: Update component versions (#2253) Signed-off-by: Kimonas Sotirchos Fix typo in the networkpolicies (#2254) Use KServe component in tests instead of KFServing (#2164) * Use KServe component in tests instead of KFServing as it is updated upstream https://github.com/kubeflow/pipelines/blob/master/samples/contrib/kubeflow-e2e-mnist/kubeflow-e2e-mnist.ipynb * Add permalink Extend Katib GH action to also create an experiment and assert it succeeds (#2249) * Extend Katib GH action to also create an experiment and assert it succeeds. (#2248) * Rearrange folders for KF objects in tests. Sync kserve web app manifests v0.8.1 (#2256) * hack: Destinct sync script for the web app Signed-off-by: Kimonas Sotirchos * Update kserve web app manifests from v0.8.1 * hack: Update the kserve sync script Signed-off-by: Kimonas Sotirchos * e2e: Increase the timeout to 10mins We've seen that quite frequently the test times out either because: 1. Pulling images can be slower depending on the connection 2. There might be some delays with the components to complete We've noticed this for the Training Operator worker pod. Signed-off-by: Kimonas Sotirchos * e2e: Change the cleanup script for kserve.io The clean up script would previously try to delete kubeflow.org inference services. Signed-off-by: Kimonas Sotirchos Update kubeflow/kubeflow manifests from v1.6.0-rc.1 (#2260) --- .github/workflows/centraldb_kind_test.yaml | 31 + .github/workflows/dex_kind_test.yaml | 30 + .github/workflows/jwa_kind_test.yaml | 31 + .github/workflows/katib_kind_test.yaml | 40 + .github/workflows/kserve_kind_test.yaml | 30 + .../workflows/nb_controller_kind_test.yaml | 31 + .github/workflows/pipeline_kind_test.yaml | 30 + .github/workflows/poddefaults_kind_test.yaml | 34 + .github/workflows/profiles_kind_test.yaml | 31 + .../workflows/tb_controller_kind_test.yaml | 31 + .../workflows/train_operator_kind_test.yaml | 31 + .github/workflows/twa_kind_test.yaml | 31 + .github/workflows/vwa_kind_test.yaml | 31 + README.md | 62 +- apps/admission-webhook/upstream/base/crd.yaml | 92 +- .../upstream/base/deployment.yaml | 2 +- .../upstream/base/kustomization.yaml | 5 +- .../base/mutating-webhook-configuration.yaml | 9 +- .../mutating-webhook-configuration.yaml | 2 +- .../upstream/base/deployment.yaml | 2 +- .../upstream/base/kustomization.yaml | 5 +- .../base/configs/spawner_ui_config.yaml | 20 +- .../upstream/base/deployment.yaml | 4 +- .../upstream/base/kustomization.yaml | 5 +- .../jupyter-web-app/upstream/base/params.env | 1 + .../upstream/base/kustomization.yaml | 5 +- .../crd/bases/kubeflow.org_notebooks.yaml | 11677 ++++++++--- .../upstream/crd/kustomization.yaml | 10 - .../crd/patches/cainjection_in_notebooks.yaml | 2 +- .../upstream/crd/patches/old_crd.yaml | 64 - .../crd/patches/trivial_conversion_patch.yaml | 5 +- .../crd/patches/webhook_in_notebooks.yaml | 2 +- .../upstream/default/kustomization.yaml | 2 +- .../upstream/manager/manager.yaml | 16 +- .../upstream/rbac/role.yaml | 2 +- .../upstream/samples/_v1_notebook.yaml | 11 + .../upstream/samples/_v1alpha1_notebook.yaml | 11 + .../upstream/samples/_v1beta1_notebook.yaml | 11 + .../cert-generator/cert-generator.yaml | 2 +- .../cert-generator/kustomization.yaml | 1 + .../components/cert-generator/rbac.yaml | 2 + .../components/controller/controller.yaml | 1 + .../components/controller/katib-config.yaml | 42 +- .../components/controller/kustomization.yaml | 1 + .../upstream/components/controller/rbac.yaml | 1 + .../components/controller/service.yaml | 1 + .../controller/trial-templates.yaml | 11 +- .../upstream/components/crd/experiment.yaml | 1 + .../components/crd/kustomization.yaml | 1 + .../upstream/components/crd/suggestion.yaml | 1 + apps/katib/upstream/components/crd/trial.yaml | 1 + .../components/db-manager/db-manager.yaml | 1 + .../components/db-manager/kustomization.yaml | 1 + .../components/db-manager/service.yaml | 1 + .../components/mysql/kustomization.yaml | 1 + .../upstream/components/mysql/mysql.yaml | 9 +- apps/katib/upstream/components/mysql/pvc.yaml | 1 + .../upstream/components/mysql/secret.yaml | 3 +- .../upstream/components/mysql/service.yaml | 1 + .../components/namespace/kustomization.yaml | 1 + .../components/namespace/namespace.yaml | 1 + .../upstream/components/ui/kustomization.yaml | 1 + apps/katib/upstream/components/ui/rbac.yaml | 1 + .../katib/upstream/components/ui/service.yaml | 1 + apps/katib/upstream/components/ui/ui.yaml | 1 + .../components/webhook/kustomization.yaml | 1 + .../upstream/components/webhook/webhooks.yaml | 1 + .../katib-cert-manager/certificate.yaml | 1 + .../katib-cert-manager/kustomization.yaml | 7 +- .../installs/katib-cert-manager/params.yaml | 1 + .../patches/katib-cert-injection.yaml | 1 + .../katib-external-db/kustomization.yaml | 9 +- .../katib-external-db/patches/db-manager.yaml | 1 + .../katib-leader-election/kustomization.yaml | 1 + .../leader-election-rbac.yaml | 1 + .../patches/controller.yaml | 1 + .../katib-openshift/kustomization.yaml | 6 +- .../patches/service-serving-cert.yaml | 1 + .../patches/webhook-inject-cabundle.yaml | 1 + .../katib-standalone/kustomization.yaml | 9 +- .../kubeflow-katib-roles.yaml | 1 + .../katib-with-kubeflow/kustomization.yaml | 7 +- .../installs/katib-with-kubeflow/params.yaml | 1 + .../patches/remove-namespace.yaml | 1 + .../ui-virtual-service.yaml | 1 + apps/kfp-tekton/upstream/Makefile | 4 +- .../base/cache-deployer/kustomization.yaml | 2 +- .../upstream/base/cache/kustomization.yaml | 2 +- .../generic/pipeline-install-config.yaml | 9 +- .../composite-controller.yaml | 4 +- .../pipelines-profile-controller/sync.py | 20 + .../multi-user/view-edit-cluster-roles.yaml | 17 + .../viewer-controller/cluster-role.yaml | 1 + .../base/metadata/base/kustomization.yaml | 2 +- .../base/metadata-grpc-deployment.yaml | 2 +- .../upstream/base/pipeline/kustomization.yaml | 14 +- .../metadata-writer/kustomization.yaml | 2 +- .../ml-pipeline-apiserver-deployment.yaml | 4 +- .../ml-pipeline-apiserver-service.yaml | 4 + .../pipeline/ml-pipeline-viewer-crd-role.yaml | 1 + .../cloudsql-proxy-deployment.yaml | 44 +- .../env/gcp/inverse-proxy/kustomization.yaml | 2 +- .../env/plain-multi-user/kustomization.yaml | 1 + .../workflow-controller-configmap-patch.yaml | 6 +- .../cluster-scoped/kustomization.yaml | 5 + .../upstream/third-party/argo/.krmignore | 1 + .../upstream/third-party/argo/Kptfile | 6 + .../upstream/third-party/argo/README.md | 6 +- .../workflow-controller-configmap-patch.yaml | 8 +- .../workflow-controller-deployment-patch.yaml | 4 +- .../argo/upstream/manifests/Kptfile | 13 +- .../argo-server/argo-server-deployment.yaml | 8 +- .../base/argo-server/argo-server-sa.yaml | 2 +- .../base/argo-server/argo-server-service.yaml | 2 +- .../base/argo-server/kustomization.yaml | 1 - .../argoproj.io_clusterworkflowtemplates.yaml | 859 +- .../crds/full/argoproj.io_cronworkflows.yaml | 859 +- .../argoproj.io_workfloweventbindings.yaml | 33 +- .../base/crds/full/argoproj.io_workflows.yaml | 2556 ++- .../full/argoproj.io_workflowtasksets.yaml | 6887 +++++++ .../full/argoproj.io_workflowtemplates.yaml | 859 +- .../base/crds/full/kustomization.yaml | 2 +- .../manifests/base/crds/kustomization.yaml | 1 - .../argoproj.io_clusterworkflowtemplates.yaml | 2 +- .../minimal/argoproj.io_cronworkflows.yaml | 2 +- .../argoproj.io_workfloweventbindings.yaml | 2 +- .../crds/minimal/argoproj.io_workflows.yaml | 2 +- .../minimal/argoproj.io_workflowtasksets.yaml | 39 + .../argoproj.io_workflowtemplates.yaml | 2 +- .../base/crds/minimal/kustomization.yaml | 2 +- .../manifests/base/kustomization.yaml | 1 - .../workflow-controller/kustomization.yaml | 1 - .../workflow-controller-configmap.yaml | 2 +- .../workflow-controller-deployment.yaml | 6 +- .../workflow-controller-metrics-service.yaml | 2 +- .../workflow-controller-sa.yaml | 2 +- .../argo-server-clusterole.yaml | 2 +- .../argo-server-clusterolebinding.yaml | 2 +- .../argo-server-rbac/kustomization.yaml | 1 - .../cluster-install/kustomization.yaml | 1 - .../kustomization.yaml | 1 - .../workflow-aggregate-roles.yaml | 10 +- .../workflow-controller-clusterrole.yaml | 14 +- ...orkflow-controller-clusterrolebinding.yaml | 2 +- .../workflow-controller-role.yaml | 2 +- .../workflow-controller-rolebinding.yaml | 2 +- .../argo-server-rbac/argo-server-role.yaml | 2 +- .../argo-server-rolebinding.yaml | 2 +- .../argo-server-rbac/kustomization.yaml | 1 - .../namespace-install/kustomization.yaml | 6 +- .../overlays/argo-server-deployment.yaml | 3 + .../workflow-controller-deployment.yaml | 3 + .../kustomization.yaml | 1 - .../workflow-controller-role.yaml | 4 +- .../workflow-controller-rolebinding.yaml | 2 +- .../base/argo-server-sso-secret.yaml | 2 +- .../base/artifact-repositories-configmap.yaml | 4 +- .../base/cluster-workflow-template-rbac.yaml | 8 +- .../base/kubelet-executor-clusterrole.yaml | 4 +- ...t-executor-default-clusterrolebinding.yaml | 2 +- .../quick-start/base/kustomization.yaml | 2 - .../quick-start/base/minio/kustomization.yaml | 3 +- .../quick-start/base/minio/minio-deploy.yaml | 4 +- .../quick-start/base/minio/minio-pod.yaml | 4 +- .../quick-start/base/minio/minio-service.yaml | 2 +- .../base/minio/my-minio-cred-secret.yaml | 2 +- .../base/overlays/argo-server-deployment.yaml | 4 +- .../workflow-controller-configmap.yaml | 2 +- .../base/prometheus/kustomization.yaml | 1 - .../prometheus/prometheus-config-cluster.yaml | 2 +- .../prometheus/prometheus-deployment.yaml | 6 +- .../base/prometheus/prometheus-service.yaml | 2 +- ...argo-workflows-webhook-clients-secret.yaml | 6 +- .../base/webhooks/github.com-rolebinding.yaml | 4 +- .../base/webhooks/github.com-sa.yaml | 2 +- .../base/webhooks/kustomization.yaml | 1 - .../submit-workflow-template-role.yaml | 4 +- .../base/workflow-default-rolebinding.yaml | 2 +- .../quick-start/base/workflow-role.yaml | 17 +- .../quick-start/minimal/kustomization.yaml | 1 - .../mysql/argo-mysql-config-secret.yaml | 2 +- .../quick-start/mysql/kustomization.yaml | 4 +- .../quick-start/mysql/mysql-deployment.yaml | 4 +- .../quick-start/mysql/mysql-service.yaml | 4 +- .../workflow-controller-configmap.yaml | 4 +- .../postgres/argo-postgres-config-secret.yaml | 2 +- .../quick-start/postgres/kustomization.yaml | 4 +- .../workflow-controller-configmap.yaml | 4 +- .../postgres/postgres-deployment.yaml | 4 +- .../postgres/postgres-service.yaml | 4 +- .../quick-start/sso/dex/dev-svc.yaml | 2 +- .../manifests/quick-start/sso/dex/dex-cm.yaml | 5 +- .../quick-start/sso/dex/dex-deploy.yaml | 4 +- .../manifests/quick-start/sso/dex/dex-rb.yaml | 2 +- .../quick-start/sso/dex/dex-role.yaml | 2 +- .../manifests/quick-start/sso/dex/dex-sa.yaml | 2 +- .../quick-start/sso/dex/kustomization.yaml | 2 - .../quick-start/sso/kustomization.yaml | 4 +- .../sso/overlays/argo-server-sa.yaml | 2 +- .../workflow-controller-configmap.yaml | 5 +- .../kfp-csi-s3/csi-s3-deployment.yaml | 14 +- .../third-party/kfp-csi-s3/kustomization.yaml | 8 + .../third-party/kfp-csi-s3/params.yaml | 8 + .../metacontroller/base/kustomization.yaml | 8 +- .../metacontroller/base/stateful-set.yaml | 42 +- .../openshift/standalone/anyuid-scc.yaml | 2 +- .../openshift/standalone/privileged-scc.yaml | 2 +- .../tekton-custom-task/kustomization.yaml | 4 +- .../tekton-dashboard-release.yaml | 18 +- .../base/tektoncd-install/tekton-release.yaml | 90 +- .../upstream/certmanager/certificate.yaml | 24 - .../upstream/certmanager/kustomization.yaml | 5 - .../upstream/certmanager/kustomizeconfig.yaml | 16 - .../upstream/configmap/inferenceservice.yaml | 187 - .../upstream/configmap/kustomization.yaml | 2 - .../kfserving/upstream/crd/kustomization.yaml | 21 - .../upstream/crd/patches/protocol.yaml | 83 - ...erving.kubeflow.org_inferenceservices.yaml | 15983 ---------------- .../serving.kubeflow.org_trainedmodels.yaml | 114 - .../cainjection_conversion_webhook.yaml | 8 - .../inferenceservice_conversion_webhook.yaml | 19 - .../upstream/default/kustomization.yaml | 71 - .../default/manager_auth_proxy_patch.yaml | 24 - .../upstream/default/manager_image_patch.yaml | 12 - .../manager_prometheus_metrics_patch.yaml | 19 - .../default/manager_resources_patch.yaml | 15 - apps/kfserving/upstream/default/params.env | 1 - apps/kfserving/upstream/default/params.yaml | 17 - .../default/webhookcainjection_patch.yaml | 28 - .../upstream/manager/kustomization.yaml | 3 - apps/kfserving/upstream/manager/manager.yaml | 60 - apps/kfserving/upstream/manager/service.yaml | 23 - .../dev-image-config/kustomization.yaml | 5 - .../development/configmap/ko_resolve_agent | 1 - .../development/configmap/ko_resolve_batcher | 1 - .../development/configmap/ko_resolve_logger | 1 - .../overlays/development/kustomization.yaml | 6 - .../overlays/kubeflow/cluster-role.yaml | 83 - .../overlays/kubeflow/kustomization.yaml | 48 - .../upstream/overlays/kubeflow/params.env | 1 - .../upstream/overlays/kubeflow/params.yaml | 4 - .../overlays/kubeflow/patches/namespace.yaml | 6 - .../kubeflow/patches/statefulset.yaml | 10 - .../kubeflow/patches/web-app-sidecar.yaml | 10 - .../kubeflow/patches/web-app-vsvc.yaml | 6 - .../web-app-authorization-policy.yaml | 18 - .../test/configmap/inferenceservice.yaml | 187 - .../upstream/overlays/test/kustomization.yaml | 6 - .../overlays/test/manager_image_patch.yaml | 12 - .../upstream/rbac/auth_proxy_role.yaml | 13 - .../rbac/auth_proxy_role_binding.yaml | 12 - .../upstream/rbac/auth_proxy_service.yaml | 20 - .../upstream/rbac/kustomization.yaml | 11 - .../upstream/rbac/leader_election_role.yaml | 32 - .../rbac/leader_election_role_binding.yaml | 12 - apps/kfserving/upstream/rbac/role.yaml | 188 - .../kfserving/upstream/rbac/role_binding.yaml | 12 - .../upstream/web-app/deployment.yaml | 25 - apps/kfserving/upstream/web-app/istio.yaml | 21 - .../upstream/web-app/kustomization.yaml | 12 - apps/kfserving/upstream/web-app/rbac.yaml | 68 - apps/kfserving/upstream/web-app/service.yaml | 14 - .../upstream/webhook/kustomization.yaml | 6 - .../upstream/webhook/kustomizeconfig.yaml | 25 - .../kfserving/upstream/webhook/manifests.yaml | 138 - apps/kfserving/upstream/webhook/service.yaml | 11 - apps/pipeline/upstream/OWNERS | 1 - .../base/cache-deployer/kustomization.yaml | 2 +- .../upstream/base/cache/kustomization.yaml | 2 +- .../generic/pipeline-install-config.yaml | 2 +- .../pipelines-profile-controller/sync.py | 6 +- .../pipelines-profile-controller/test_sync.py | 6 +- .../base/metadata/base/kustomization.yaml | 2 +- .../upstream/base/pipeline/kustomization.yaml | 12 +- .../metadata-writer/kustomization.yaml | 2 +- .../ml-pipeline-apiserver-deployment.yaml | 15 + apps/pipeline/upstream/env/aws/README.md | 2 +- .../cert-manager/base/cache-cert-issuer.yaml | 6 + .../env/cert-manager/base/cache-cert.yaml | 15 + .../base/cache-webhook-config.yaml | 25 + .../env/cert-manager/base/kustomization.yaml | 13 + .../env/cert-manager/base/params.yaml | 13 + .../kustomization.yaml | 7 + .../dev/delete-cache-deployer.yaml | 18 + .../env/cert-manager/dev/kustomization.yaml | 47 + .../env/cert-manager/dev/namespace.yaml | 4 + .../upstream/env/cert-manager/dev/params.yaml | 4 + .../delete-cache-deployer.yaml | 36 + .../kustomization.yaml | 28 + .../env/gcp/inverse-proxy/kustomization.yaml | 2 +- .../workflow-controller-configmap-patch.yaml | 6 +- .../workflow-controller-configmap-patch.yaml | 6 +- .../workflow-controller-configmap-patch.yaml | 6 +- .../workflow-controller-configmap-patch.yaml | 6 +- .../workflow-controller-deployment-patch.yaml | 4 +- .../argo/upstream/manifests/Kptfile | 6 +- .../argo-server/argo-server-deployment.yaml | 4 + .../argoproj.io_clusterworkflowtemplates.yaml | 1027 +- .../crds/full/argoproj.io_cronworkflows.yaml | 1029 +- .../argoproj.io_workfloweventbindings.yaml | 2 + .../base/crds/full/argoproj.io_workflows.yaml | 2921 ++- .../full/argoproj.io_workflowtaskresults.yaml | 426 + .../full/argoproj.io_workflowtasksets.yaml | 219 +- .../full/argoproj.io_workflowtemplates.yaml | 1027 +- .../base/crds/full/kustomization.yaml | 1 + .../argoproj.io_workflowtaskresults.yaml | 425 + .../minimal/argoproj.io_workflowtasksets.yaml | 2 + .../base/crds/minimal/kustomization.yaml | 1 + .../workflow-controller/kustomization.yaml | 1 + .../workflow-controller-deployment.yaml | 1 + .../workflow-controller-metrics-service.yaml | 5 + .../workflow-controller-priorityclass.yaml | 5 + .../argo-server-clusterole.yaml | 3 + .../cluster-install/kustomization.yaml | 1 + .../workflow-controller-clusterrole.yaml | 10 + .../argo-server-rbac/argo-server-role.yaml | 3 + .../workflow-controller-role.yaml | 17 + .../base/agent-default-rolebinding.yaml | 11 + .../quick-start/base/agent-role.yaml | 24 + .../base/executor-default-rolebinding.yaml | 11 + .../base/executor/docker/executor-role.yaml | 17 + .../base/executor/emissary/executor-role.yaml | 15 + .../base/executor/k8sapi/executor-role.yaml | 36 + .../base/executor/kubelet/executor-role.yaml | 17 + .../kubelet-executor-clusterrole.yaml | 0 ...t-executor-default-clusterrolebinding.yaml | 0 .../base/executor/pns/executor-role.yaml | 27 + .../quick-start/base/kustomization.yaml | 12 +- .../base/memoizer-default-rolebinding.yaml | 11 + .../quick-start/base/memoizer-role.yaml | 16 + .../quick-start/base/minio/minio-deploy.yaml | 2 +- .../quick-start/base/minio/minio-pod.yaml | 34 - .../workflow-controller-configmap.yaml | 9 +- .../base/pod-manager-default-rolebinding.yaml | 11 + .../quick-start/base/pod-manager-role.yaml | 17 + .../base/workflow-default-rolebinding.yaml | 2 +- .../workflow-manager-default-rolebinding.yaml | 11 + .../base/workflow-manager-role.yaml | 16 + .../quick-start/base/workflow-role.yaml | 63 - .../quick-start/minimal/kustomization.yaml | 2 + .../workflow-controller-configmap.yaml | 9 + .../workflow-controller-configmap.yaml | 4 + .../workflow-controller-configmap.yaml | 4 + .../workflow-controller-configmap.yaml | 3 +- .../mysql/base/mysql-deployment.yaml | 2 +- .../profiles/upstream/base/kustomization.yaml | 5 +- .../crd/bases/kubeflow.org_profiles.yaml | 137 +- apps/profiles/upstream/crd/kustomization.yaml | 8 +- .../upstream/crd/kustomizeconfig.yaml | 6 +- .../crd/patches/cainjection_in_profiles.yaml | 3 +- .../crd/patches/trivial_conversion_patch.yaml | 1 + .../crd/patches/webhook_in_profiles.yaml | 19 +- .../upstream/default/kustomization.yaml | 22 +- .../default/manager_auth_proxy_patch.yaml | 24 +- .../upstream/manager/kustomization.yaml | 4 +- apps/profiles/upstream/manager/manager.yaml | 23 +- .../overlays/kubeflow/kustomization.yaml | 5 +- .../overlays/kubeflow/patches/kfam.yaml | 2 +- .../upstream/prometheus/kustomization.yaml | 2 + .../profiles/upstream/prometheus/monitor.yaml | 20 + .../rbac/auth_proxy_client_clusterrole.yaml | 9 + .../upstream/rbac/auth_proxy_role.yaml | 12 +- .../upstream/rbac/auth_proxy_service.yaml | 5 +- .../profiles/upstream/rbac/kustomization.yaml | 9 +- .../rbac/leader_election_role_binding.yaml | 2 +- .../upstream/rbac/profile_editor_role.yaml | 24 + .../upstream/rbac/profile_viewer_role.yaml | 20 + apps/profiles/upstream/rbac/role.yaml | 39 + apps/profiles/upstream/rbac/role_binding.yaml | 6 +- .../upstream/rbac/service_account.yaml | 5 + .../upstream/samples/_v1_profile.yaml | 6 + .../upstream/samples/_v1beta1_profile.yaml | 6 + .../upstream/samples/profile_v1_aws_iam.yaml | 12 - .../upstream/samples/profile_v1_profile.yaml | 12 - .../samples/profile_v1beta1_profile.yaml | 17 - .../upstream/base/kustomization.yaml | 32 +- .../base/patches/add_controller_config.yaml | 3 +- .../base/patches/add_service_account.yaml | 3 +- ...tensorboard.kubeflow.org_tensorboards.yaml | 125 +- .../upstream/crd/kustomization.yaml | 8 +- .../upstream/crd/kustomizeconfig.yaml | 6 +- .../patches/cainjection_in_tensorboards.yaml | 5 +- .../crd/patches/webhook_in_tensorboards.yaml | 21 +- .../upstream/default/kustomization.yaml | 36 +- .../default/manager_auth_proxy_patch.yaml | 43 +- .../manager_prometheus_metrics_patch.yaml | 3 +- .../default/manager_webhook_patch.yaml | 3 +- .../manager/controller_manager_config.yaml | 11 + .../upstream/manager/manager.yaml | 47 +- .../upstream/prometheus/kustomization.yaml | 2 + .../upstream/prometheus/monitor.yaml | 20 + .../rbac/auth_proxy_client_clusterrole.yaml | 9 + .../upstream/rbac/auth_proxy_role.yaml | 20 +- .../rbac/auth_proxy_role_binding.yaml | 6 +- .../upstream/rbac/auth_proxy_service.yaml | 11 +- .../upstream/rbac/kustomization.yaml | 27 +- .../upstream/rbac/leader_election_role.yaml | 57 +- .../rbac/leader_election_role_binding.yaml | 6 +- .../upstream/rbac/role.yaml | 8 +- .../upstream/rbac/role_binding.yaml | 6 +- .../upstream/rbac/service_account.yaml | 5 + .../tensorboard_v1alpha1_tensorboard.yaml | 2 +- .../upstream/base/deployment.yaml | 4 +- .../upstream/base/kustomization.yaml | 5 +- .../upstream/base/params.env | 1 + .../base/crds/kubeflow.org_mpijobs.yaml | 2476 ++- .../base/crds/kubeflow.org_mxjobs.yaml | 2482 ++- .../base/crds/kubeflow.org_pytorchjobs.yaml | 2543 ++- .../base/crds/kubeflow.org_tfjobs.yaml | 2476 ++- .../base/crds/kubeflow.org_xgboostjobs.yaml | 2476 ++- .../upstream/base/deployment.yaml | 6 +- .../kubeflow/kubeflow-training-roles.yaml | 4 + .../overlays/kubeflow/kustomization.yaml | 3 +- .../overlays/standalone/kustomization.yaml | 3 +- .../upstream/base/deployment.yaml | 4 +- .../upstream/base/kustomization.yaml | 5 +- apps/volumes-web-app/upstream/base/params.env | 1 + common/dex/base/crds.yaml | 15 +- common/dex/base/deployment.yaml | 2 +- .../base/cluster-local-gateway.yaml | 322 - .../base/kustomization.yaml | 12 - .../istio-install/base/kustomization.yaml | 15 - .../istio-namespace/base/kustomization.yaml | 6 - common/istio-1-11/profile.yaml | 197 - common/{istio-1-11 => istio-1-14}/README.md | 0 .../base/cluster-local-gateway.yaml | 47 +- .../base/gateway-authorizationpolicy.yaml | 0 .../cluster-local-gateway/base/gateway.yaml | 0 .../base/kustomization.yaml | 4 + .../base/patches/remove-pdb.yaml | 0 .../istio-crds/base/crd.yaml | 952 +- .../istio-crds/base/kustomization.yaml | 0 .../base/deny_all_authorizationpolicy.yaml | 0 .../istio-install/base/gateway.yaml | 0 .../base/gateway_authorizationpolicy.yaml | 0 .../istio-install/base/install.yaml | 1568 +- .../istio-install}/base/kustomization.yaml | 3 +- .../istio-configmap-disable-tracing.yaml | 0 .../base/patches/remove-pdb.yaml | 0 .../istio-install/base/patches/service.yaml | 0 .../istio-install/base/x-forwarded-host.yaml | 0 .../istio-namespace/base/kustomization.yaml | 4 + .../istio-namespace/base/namespace.yaml | 0 .../base/cluster-roles.yaml | 0 .../base/kf-istio-resources.yaml | 0 .../base/kustomization.yaml | 0 .../profile-overlay.yaml | 0 common/{istio-1-9 => istio-1-14}/profile.yaml | 0 .../split-istio-packages | 0 common/istio-1-9/README.md | 93 - .../base/gateway-authorizationpolicy.yaml | 14 - .../cluster-local-gateway/base/gateway.yaml | 17 - .../base/patches/remove-pdb.yaml | 6 - common/istio-1-9/istio-crds/base/crd.yaml | 3499 ---- .../base/deny_all_authorizationpolicy.yaml | 9 - .../istio-1-9/istio-install/base/gateway.yaml | 17 - .../base/gateway_authorizationpolicy.yaml | 14 - .../istio-1-9/istio-install/base/install.yaml | 2552 --- .../istio-install/base/kustomization.yaml | 15 - .../istio-configmap-disable-tracing.yaml | 20 - .../base/patches/remove-pdb.yaml | 13 - .../istio-install/base/patches/service.yaml | 7 - .../istio-install/base/x-forwarded-host.yaml | 42 - .../istio-namespace/base/namespace.yaml | 7 - .../base/cluster-roles.yaml | 55 - .../base/kf-istio-resources.yaml | 14 - .../base/kustomization.yaml | 6 - common/istio-1-9/profile-overlay.yaml | 54 - common/istio-1-9/split-istio-packages | 72 - .../envoy-filter.yaml | 29 - .../kustomization.yaml | 5 - common/knative/README.md | 36 +- .../base/eventing-post-install-jobs.yaml | 127 +- .../knative-eventing/base/kustomization.yaml | 4 +- .../base/upstream/eventing-core.yaml | 5127 ++--- .../base/upstream/in-memory-channel.yaml | 1294 +- .../base/upstream/mt-channel-broker.yaml | 103 +- .../base/serving-post-install-jobs.yaml | 25 +- .../base/istio-authorization-policy.yaml | 2 +- .../base/upstream/net-istio.yaml | 311 +- .../base/upstream/serving-core.yaml | 3666 +++- contrib/kserve/kserve/kserve-runtimes.yaml | 256 + contrib/kserve/kserve/kserve.yaml | 12379 +++++++----- contrib/kserve/kserve/kserve_kubeflow.yaml | 10301 ++++++---- contrib/kserve/kserve/kustomization.yaml | 17 +- contrib/kserve/kserve/params.env | 1 + .../models-web-app/base/deployment.yaml | 21 +- .../models-web-app/base/kustomization.yaml | 7 +- .../overlays/kubeflow/kustomization.yaml | 1 - .../kubeflow/patches/web-app-vsvc.yaml | 4 + .../{kfserving.yaml => kserve.yaml} | 4 +- contrib/networkpolicies/kustomization.yaml | 4 +- ...odels-web-app.yaml => metadata-envoy.yaml} | 8 +- contrib/networkpolicies/minio.yaml | 6 + example/kustomization.yaml | 18 +- hack/setup-kubeflow-light.sh | 12 +- hack/sync-kserve-kserve-manifests.sh | 87 + hack/sync-kserve-web-app-manifests.sh | 68 + hack/sync-training-operator-manifests.sh | 7 + openshift/README.md | 6 + openshift/example/istio/kustomization.yaml | 16 + .../base/kustomization.yaml | 25 +- openshift/openshiftstack/kustomization.yaml | 10 +- prow_config.yaml | 11 +- tests/README.md | 4 +- tests/e2e/README.md | 2 +- tests/e2e/hack/cleanup_yamls.sh | 2 +- tests/e2e/mnist.py | 8 +- tests/e2e/settings.py | 2 +- tests/e2e/utils/isvc.py | 2 +- tests/e2e/utils/kfserving.py | 29 - tests/e2e/utils/kserve.py | 28 + tests/gh-actions/install_cert_manager.sh | 9 + tests/gh-actions/install_istio.sh | 7 + tests/gh-actions/install_kind.sh | 10 + tests/gh-actions/install_kserve.sh | 13 + tests/gh-actions/install_kustomize.sh | 5 + tests/gh-actions/install_pipelines.sh | 10 + tests/gh-actions/kf-objects/katib_test.yaml | 78 + .../gh-actions}/kind-cluster-1-20.yaml | 7 +- .../gh-actions}/kind-cluster-1-21.yaml | 7 +- tests/gh-actions/kind-cluster-1-22.yaml | 25 + 522 files changed, 60539 insertions(+), 47753 deletions(-) create mode 100644 .github/workflows/centraldb_kind_test.yaml create mode 100644 .github/workflows/dex_kind_test.yaml create mode 100644 .github/workflows/jwa_kind_test.yaml create mode 100644 .github/workflows/katib_kind_test.yaml create mode 100644 .github/workflows/kserve_kind_test.yaml create mode 100644 .github/workflows/nb_controller_kind_test.yaml create mode 100644 .github/workflows/pipeline_kind_test.yaml create mode 100644 .github/workflows/poddefaults_kind_test.yaml create mode 100644 .github/workflows/profiles_kind_test.yaml create mode 100644 .github/workflows/tb_controller_kind_test.yaml create mode 100644 .github/workflows/train_operator_kind_test.yaml create mode 100644 .github/workflows/twa_kind_test.yaml create mode 100644 .github/workflows/vwa_kind_test.yaml delete mode 100644 apps/jupyter/notebook-controller/upstream/crd/patches/old_crd.yaml create mode 100644 apps/jupyter/notebook-controller/upstream/samples/_v1_notebook.yaml create mode 100644 apps/jupyter/notebook-controller/upstream/samples/_v1alpha1_notebook.yaml create mode 100644 apps/jupyter/notebook-controller/upstream/samples/_v1beta1_notebook.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/.krmignore create mode 100644 apps/kfp-tekton/upstream/third-party/argo/Kptfile create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtasksets.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtasksets.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/overlays/argo-server-deployment.yaml create mode 100644 apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/overlays/workflow-controller-deployment.yaml delete mode 100644 apps/kfserving/upstream/certmanager/certificate.yaml delete mode 100644 apps/kfserving/upstream/certmanager/kustomization.yaml delete mode 100644 apps/kfserving/upstream/certmanager/kustomizeconfig.yaml delete mode 100644 apps/kfserving/upstream/configmap/inferenceservice.yaml delete mode 100644 apps/kfserving/upstream/configmap/kustomization.yaml delete mode 100644 apps/kfserving/upstream/crd/kustomization.yaml delete mode 100644 apps/kfserving/upstream/crd/patches/protocol.yaml delete mode 100644 apps/kfserving/upstream/crd/serving.kubeflow.org_inferenceservices.yaml delete mode 100644 apps/kfserving/upstream/crd/serving.kubeflow.org_trainedmodels.yaml delete mode 100644 apps/kfserving/upstream/default/cainjection_conversion_webhook.yaml delete mode 100644 apps/kfserving/upstream/default/inferenceservice_conversion_webhook.yaml delete mode 100644 apps/kfserving/upstream/default/kustomization.yaml delete mode 100644 apps/kfserving/upstream/default/manager_auth_proxy_patch.yaml delete mode 100644 apps/kfserving/upstream/default/manager_image_patch.yaml delete mode 100644 apps/kfserving/upstream/default/manager_prometheus_metrics_patch.yaml delete mode 100644 apps/kfserving/upstream/default/manager_resources_patch.yaml delete mode 100644 apps/kfserving/upstream/default/params.env delete mode 100644 apps/kfserving/upstream/default/params.yaml delete mode 100644 apps/kfserving/upstream/default/webhookcainjection_patch.yaml delete mode 100644 apps/kfserving/upstream/manager/kustomization.yaml delete mode 100644 apps/kfserving/upstream/manager/manager.yaml delete mode 100644 apps/kfserving/upstream/manager/service.yaml delete mode 100644 apps/kfserving/upstream/overlays/dev-image-config/kustomization.yaml delete mode 100644 apps/kfserving/upstream/overlays/development/configmap/ko_resolve_agent delete mode 100644 apps/kfserving/upstream/overlays/development/configmap/ko_resolve_batcher delete mode 100644 apps/kfserving/upstream/overlays/development/configmap/ko_resolve_logger delete mode 100644 apps/kfserving/upstream/overlays/development/kustomization.yaml delete mode 100644 apps/kfserving/upstream/overlays/kubeflow/cluster-role.yaml delete mode 100644 apps/kfserving/upstream/overlays/kubeflow/kustomization.yaml delete mode 100644 apps/kfserving/upstream/overlays/kubeflow/params.env delete mode 100644 apps/kfserving/upstream/overlays/kubeflow/params.yaml delete mode 100644 apps/kfserving/upstream/overlays/kubeflow/patches/namespace.yaml delete mode 100644 apps/kfserving/upstream/overlays/kubeflow/patches/statefulset.yaml delete mode 100644 apps/kfserving/upstream/overlays/kubeflow/patches/web-app-sidecar.yaml delete mode 100644 apps/kfserving/upstream/overlays/kubeflow/patches/web-app-vsvc.yaml delete mode 100644 apps/kfserving/upstream/overlays/kubeflow/web-app-authorization-policy.yaml delete mode 100644 apps/kfserving/upstream/overlays/test/configmap/inferenceservice.yaml delete mode 100644 apps/kfserving/upstream/overlays/test/kustomization.yaml delete mode 100644 apps/kfserving/upstream/overlays/test/manager_image_patch.yaml delete mode 100644 apps/kfserving/upstream/rbac/auth_proxy_role.yaml delete mode 100644 apps/kfserving/upstream/rbac/auth_proxy_role_binding.yaml delete mode 100644 apps/kfserving/upstream/rbac/auth_proxy_service.yaml delete mode 100644 apps/kfserving/upstream/rbac/kustomization.yaml delete mode 100644 apps/kfserving/upstream/rbac/leader_election_role.yaml delete mode 100644 apps/kfserving/upstream/rbac/leader_election_role_binding.yaml delete mode 100644 apps/kfserving/upstream/rbac/role.yaml delete mode 100644 apps/kfserving/upstream/rbac/role_binding.yaml delete mode 100644 apps/kfserving/upstream/web-app/deployment.yaml delete mode 100644 apps/kfserving/upstream/web-app/istio.yaml delete mode 100644 apps/kfserving/upstream/web-app/kustomization.yaml delete mode 100644 apps/kfserving/upstream/web-app/rbac.yaml delete mode 100644 apps/kfserving/upstream/web-app/service.yaml delete mode 100644 apps/kfserving/upstream/webhook/kustomization.yaml delete mode 100644 apps/kfserving/upstream/webhook/kustomizeconfig.yaml delete mode 100644 apps/kfserving/upstream/webhook/manifests.yaml delete mode 100644 apps/kfserving/upstream/webhook/service.yaml create mode 100644 apps/pipeline/upstream/env/cert-manager/base/cache-cert-issuer.yaml create mode 100644 apps/pipeline/upstream/env/cert-manager/base/cache-cert.yaml create mode 100644 apps/pipeline/upstream/env/cert-manager/base/cache-webhook-config.yaml create mode 100644 apps/pipeline/upstream/env/cert-manager/base/kustomization.yaml create mode 100644 apps/pipeline/upstream/env/cert-manager/base/params.yaml create mode 100644 apps/pipeline/upstream/env/cert-manager/cluster-scoped-resources/kustomization.yaml create mode 100644 apps/pipeline/upstream/env/cert-manager/dev/delete-cache-deployer.yaml create mode 100644 apps/pipeline/upstream/env/cert-manager/dev/kustomization.yaml create mode 100644 apps/pipeline/upstream/env/cert-manager/dev/namespace.yaml create mode 100644 apps/pipeline/upstream/env/cert-manager/dev/params.yaml create mode 100644 apps/pipeline/upstream/env/cert-manager/platform-agnostic-multi-user/delete-cache-deployer.yaml create mode 100644 apps/pipeline/upstream/env/cert-manager/platform-agnostic-multi-user/kustomization.yaml create mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtaskresults.yaml create mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtaskresults.yaml create mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-priorityclass.yaml create mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/agent-default-rolebinding.yaml create mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/agent-role.yaml create mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor-default-rolebinding.yaml create mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/docker/executor-role.yaml create mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/emissary/executor-role.yaml create mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/k8sapi/executor-role.yaml create mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/kubelet/executor-role.yaml rename apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/{ => executor/kubelet}/kubelet-executor-clusterrole.yaml (100%) rename apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/{ => executor/kubelet}/kubelet-executor-default-clusterrolebinding.yaml (100%) create mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/pns/executor-role.yaml create mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/memoizer-default-rolebinding.yaml create mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/memoizer-role.yaml delete mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-pod.yaml create mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/pod-manager-default-rolebinding.yaml create mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/pod-manager-role.yaml create mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-manager-default-rolebinding.yaml create mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-manager-role.yaml delete mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-role.yaml create mode 100644 apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/minimal/overlays/workflow-controller-configmap.yaml create mode 100644 apps/profiles/upstream/prometheus/kustomization.yaml create mode 100644 apps/profiles/upstream/prometheus/monitor.yaml create mode 100644 apps/profiles/upstream/rbac/auth_proxy_client_clusterrole.yaml create mode 100644 apps/profiles/upstream/rbac/profile_editor_role.yaml create mode 100644 apps/profiles/upstream/rbac/profile_viewer_role.yaml create mode 100644 apps/profiles/upstream/rbac/role.yaml create mode 100644 apps/profiles/upstream/rbac/service_account.yaml create mode 100644 apps/profiles/upstream/samples/_v1_profile.yaml create mode 100644 apps/profiles/upstream/samples/_v1beta1_profile.yaml delete mode 100644 apps/profiles/upstream/samples/profile_v1_aws_iam.yaml delete mode 100644 apps/profiles/upstream/samples/profile_v1_profile.yaml delete mode 100644 apps/profiles/upstream/samples/profile_v1beta1_profile.yaml create mode 100644 apps/tensorboard/tensorboard-controller/upstream/manager/controller_manager_config.yaml create mode 100644 apps/tensorboard/tensorboard-controller/upstream/prometheus/kustomization.yaml create mode 100644 apps/tensorboard/tensorboard-controller/upstream/prometheus/monitor.yaml create mode 100644 apps/tensorboard/tensorboard-controller/upstream/rbac/auth_proxy_client_clusterrole.yaml create mode 100644 apps/tensorboard/tensorboard-controller/upstream/rbac/service_account.yaml delete mode 100644 common/istio-1-11/cluster-local-gateway/base/cluster-local-gateway.yaml delete mode 100644 common/istio-1-11/cluster-local-gateway/base/kustomization.yaml delete mode 100644 common/istio-1-11/istio-install/base/kustomization.yaml delete mode 100644 common/istio-1-11/istio-namespace/base/kustomization.yaml delete mode 100644 common/istio-1-11/profile.yaml rename common/{istio-1-11 => istio-1-14}/README.md (100%) rename common/{istio-1-9 => istio-1-14}/cluster-local-gateway/base/cluster-local-gateway.yaml (92%) rename common/{istio-1-11 => istio-1-14}/cluster-local-gateway/base/gateway-authorizationpolicy.yaml (100%) rename common/{istio-1-11 => istio-1-14}/cluster-local-gateway/base/gateway.yaml (100%) rename common/{istio-1-9 => istio-1-14}/cluster-local-gateway/base/kustomization.yaml (79%) rename common/{istio-1-11 => istio-1-14}/cluster-local-gateway/base/patches/remove-pdb.yaml (100%) rename common/{istio-1-11 => istio-1-14}/istio-crds/base/crd.yaml (88%) rename common/{istio-1-11 => istio-1-14}/istio-crds/base/kustomization.yaml (100%) rename common/{istio-1-11 => istio-1-14}/istio-install/base/deny_all_authorizationpolicy.yaml (100%) rename common/{istio-1-11 => istio-1-14}/istio-install/base/gateway.yaml (100%) rename common/{istio-1-11 => istio-1-14}/istio-install/base/gateway_authorizationpolicy.yaml (100%) rename common/{istio-1-11 => istio-1-14}/istio-install/base/install.yaml (76%) rename common/{istio-1-9/istio-crds => istio-1-14/istio-install}/base/kustomization.yaml (86%) rename common/{istio-1-11 => istio-1-14}/istio-install/base/patches/istio-configmap-disable-tracing.yaml (100%) rename common/{istio-1-11 => istio-1-14}/istio-install/base/patches/remove-pdb.yaml (100%) rename common/{istio-1-11 => istio-1-14}/istio-install/base/patches/service.yaml (100%) rename common/{istio-1-11 => istio-1-14}/istio-install/base/x-forwarded-host.yaml (100%) rename common/{istio-1-9 => istio-1-14}/istio-namespace/base/kustomization.yaml (66%) rename common/{istio-1-11 => istio-1-14}/istio-namespace/base/namespace.yaml (100%) rename common/{istio-1-11 => istio-1-14}/kubeflow-istio-resources/base/cluster-roles.yaml (100%) rename common/{istio-1-11 => istio-1-14}/kubeflow-istio-resources/base/kf-istio-resources.yaml (100%) rename common/{istio-1-11 => istio-1-14}/kubeflow-istio-resources/base/kustomization.yaml (100%) rename common/{istio-1-11 => istio-1-14}/profile-overlay.yaml (100%) rename common/{istio-1-9 => istio-1-14}/profile.yaml (100%) rename common/{istio-1-11 => istio-1-14}/split-istio-packages (100%) mode change 100755 => 100644 delete mode 100644 common/istio-1-9/README.md delete mode 100644 common/istio-1-9/cluster-local-gateway/base/gateway-authorizationpolicy.yaml delete mode 100644 common/istio-1-9/cluster-local-gateway/base/gateway.yaml delete mode 100644 common/istio-1-9/cluster-local-gateway/base/patches/remove-pdb.yaml delete mode 100644 common/istio-1-9/istio-crds/base/crd.yaml delete mode 100644 common/istio-1-9/istio-install/base/deny_all_authorizationpolicy.yaml delete mode 100644 common/istio-1-9/istio-install/base/gateway.yaml delete mode 100644 common/istio-1-9/istio-install/base/gateway_authorizationpolicy.yaml delete mode 100644 common/istio-1-9/istio-install/base/install.yaml delete mode 100644 common/istio-1-9/istio-install/base/kustomization.yaml delete mode 100644 common/istio-1-9/istio-install/base/patches/istio-configmap-disable-tracing.yaml delete mode 100644 common/istio-1-9/istio-install/base/patches/remove-pdb.yaml delete mode 100644 common/istio-1-9/istio-install/base/patches/service.yaml delete mode 100644 common/istio-1-9/istio-install/base/x-forwarded-host.yaml delete mode 100644 common/istio-1-9/istio-namespace/base/namespace.yaml delete mode 100644 common/istio-1-9/kubeflow-istio-resources/base/cluster-roles.yaml delete mode 100644 common/istio-1-9/kubeflow-istio-resources/base/kf-istio-resources.yaml delete mode 100644 common/istio-1-9/kubeflow-istio-resources/base/kustomization.yaml delete mode 100644 common/istio-1-9/profile-overlay.yaml delete mode 100644 common/istio-1-9/split-istio-packages delete mode 100644 common/istio/add-anonymous-user-filter-istio-1.6/envoy-filter.yaml delete mode 100644 common/istio/add-anonymous-user-filter-istio-1.6/kustomization.yaml create mode 100644 contrib/kserve/kserve/kserve-runtimes.yaml create mode 100644 contrib/kserve/kserve/params.env rename contrib/networkpolicies/{kfserving.yaml => kserve.yaml} (84%) rename contrib/networkpolicies/{kfserving-models-web-app.yaml => metadata-envoy.yaml} (78%) create mode 100755 hack/sync-kserve-kserve-manifests.sh create mode 100755 hack/sync-kserve-web-app-manifests.sh create mode 100644 openshift/example/istio/kustomization.yaml delete mode 100644 tests/e2e/utils/kfserving.py create mode 100644 tests/e2e/utils/kserve.py create mode 100755 tests/gh-actions/install_cert_manager.sh create mode 100755 tests/gh-actions/install_istio.sh create mode 100755 tests/gh-actions/install_kind.sh create mode 100755 tests/gh-actions/install_kserve.sh create mode 100755 tests/gh-actions/install_kustomize.sh create mode 100755 tests/gh-actions/install_pipelines.sh create mode 100644 tests/gh-actions/kf-objects/katib_test.yaml rename {hack => tests/gh-actions}/kind-cluster-1-20.yaml (66%) rename {hack => tests/gh-actions}/kind-cluster-1-21.yaml (66%) create mode 100644 tests/gh-actions/kind-cluster-1-22.yaml diff --git a/.github/workflows/centraldb_kind_test.yaml b/.github/workflows/centraldb_kind_test.yaml new file mode 100644 index 0000000000..d931176c1a --- /dev/null +++ b/.github/workflows/centraldb_kind_test.yaml @@ -0,0 +1,31 @@ +name: Build & Apply CentralDashboard manifests in KinD +on: + pull_request: + paths: + - apps/centraldashboard/upstream/** + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install KinD + run: ./tests/gh-actions/install_kind.sh + + - name: Create KinD Cluster + run: kind create cluster --config tests/gh-actions/kind-cluster-1-22.yaml + + - name: Install kustomize + run: ./tests/gh-actions/install_kustomize.sh + + - name: Install Istio + run: ./tests/gh-actions/install_istio.sh + + - name: Build & Apply manifests + run: | + cd apps/centraldashboard/upstream + kubectl create ns kubeflow + kustomize build overlays/kserve | kubectl apply -f - + kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout 180s diff --git a/.github/workflows/dex_kind_test.yaml b/.github/workflows/dex_kind_test.yaml new file mode 100644 index 0000000000..3459ca4754 --- /dev/null +++ b/.github/workflows/dex_kind_test.yaml @@ -0,0 +1,30 @@ +name: Build & Apply Dex manifests in KinD +on: + pull_request: + paths: + - common/dex/base/** + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install KinD + run: ./tests/gh-actions/install_kind.sh + + - name: Create KinD Cluster + run: kind create cluster --config tests/gh-actions/kind-cluster-1-22.yaml + + - name: Install kustomize + run: ./tests/gh-actions/install_kustomize.sh + + - name: Install Istio + run: ./tests/gh-actions/install_istio.sh + + - name: Build & Apply manifests + run: | + cd common/dex + kustomize build overlays/istio | kubectl apply -f - + kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout 180s diff --git a/.github/workflows/jwa_kind_test.yaml b/.github/workflows/jwa_kind_test.yaml new file mode 100644 index 0000000000..13d235b69c --- /dev/null +++ b/.github/workflows/jwa_kind_test.yaml @@ -0,0 +1,31 @@ +name: Build & Apply JWA manifests in KinD +on: + pull_request: + paths: + - apps/jupyter/jupyter-web-app/upstream/** + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install KinD + run: ./tests/gh-actions/install_kind.sh + + - name: Create KinD Cluster + run: kind create cluster --config tests/gh-actions/kind-cluster-1-22.yaml + + - name: Install kustomize + run: ./tests/gh-actions/install_kustomize.sh + + - name: Install Istio + run: ./tests/gh-actions/install_istio.sh + + - name: Build & Apply manifests + run: | + cd apps/jupyter/jupyter-web-app/upstream + kubectl create ns kubeflow + kustomize build overlays/istio | kubectl apply -f - + kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout 180s diff --git a/.github/workflows/katib_kind_test.yaml b/.github/workflows/katib_kind_test.yaml new file mode 100644 index 0000000000..c10943c55f --- /dev/null +++ b/.github/workflows/katib_kind_test.yaml @@ -0,0 +1,40 @@ +name: Build & Apply Katib manifests in KinD +on: + pull_request: + paths: + - apps/katib/upstream/** + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install KinD + run: ./tests/gh-actions/install_kind.sh + + - name: Create KinD Cluster + run: kind create cluster --config tests/gh-actions/kind-cluster-1-22.yaml + + - name: Install kustomize + run: ./tests/gh-actions/install_kustomize.sh + + - name: Install Istio + run: ./tests/gh-actions/install_istio.sh + + - name: Install cert-manager + run: ./tests/gh-actions/install_cert_manager.sh + + - name: Build & Apply manifests + run: | + cd apps/katib/upstream + kubectl create ns kubeflow + kustomize build installs/katib-with-kubeflow | kubectl apply -f - + kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout 180s + + - name: Create katib experiment + run: | + kubectl apply -f tests/gh-actions/katib_test.yaml + kubectl wait --for=condition=Succeeded trials.kubeflow.org -n kubeflow-user --all --timeout 300s + kubectl wait --for=condition=Succeeded experiments.kubeflow.org -n kubeflow-user --all --timeout 300s diff --git a/.github/workflows/kserve_kind_test.yaml b/.github/workflows/kserve_kind_test.yaml new file mode 100644 index 0000000000..16da13db33 --- /dev/null +++ b/.github/workflows/kserve_kind_test.yaml @@ -0,0 +1,30 @@ +name: Build & Apply KServe manifests in KinD +on: + pull_request: + paths: + - contrib/kserve/** + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install KinD + run: ./tests/gh-actions/install_kind.sh + + - name: Create KinD Cluster + run: kind create cluster --config tests/gh-actions/kind-cluster-1-22.yaml + + - name: Install kustomize + run: ./tests/gh-actions/install_kustomize.sh + + - name: Install Istio + run: ./tests/gh-actions/install_istio.sh + + - name: Install cert-manager + run: ./tests/gh-actions/install_cert_manager.sh + + - name: Build & Apply manifests + run: ./tests/gh-actions/install_kserve.sh diff --git a/.github/workflows/nb_controller_kind_test.yaml b/.github/workflows/nb_controller_kind_test.yaml new file mode 100644 index 0000000000..783e4c85d9 --- /dev/null +++ b/.github/workflows/nb_controller_kind_test.yaml @@ -0,0 +1,31 @@ +name: Build & Apply Notebook Controller manifests in KinD +on: + pull_request: + paths: + - apps/jupyter/notebook-controller/upstream/** + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install KinD + run: ./tests/gh-actions/install_kind.sh + + - name: Create KinD Cluster + run: kind create cluster --config tests/gh-actions/kind-cluster-1-22.yaml + + - name: Install kustomize + run: ./tests/gh-actions/install_kustomize.sh + + - name: Install Istio + run: ./tests/gh-actions/install_istio.sh + + - name: Build & Apply manifests + run: | + cd apps/jupyter/notebook-controller/upstream + kubectl create ns kubeflow + kustomize build overlays/kubeflow | kubectl apply -f - + kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout 180s diff --git a/.github/workflows/pipeline_kind_test.yaml b/.github/workflows/pipeline_kind_test.yaml new file mode 100644 index 0000000000..2790c71607 --- /dev/null +++ b/.github/workflows/pipeline_kind_test.yaml @@ -0,0 +1,30 @@ +name: Build & Apply Kubeflow Pipelines manifests in KinD +on: + pull_request: + paths: + - apps/pipeline/upstream/** + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install KinD + run: ./tests/gh-actions/install_kind.sh + + - name: Create KinD Cluster + run: kind create cluster --config tests/gh-actions/kind-cluster-1-22.yaml + + - name: Install kustomize + run: ./tests/gh-actions/install_kustomize.sh + + - name: Install Istio + run: ./tests/gh-actions/install_istio.sh + + - name: Install cert-manager + run: ./tests/gh-actions/install_cert_manager.sh + + - name: Build & Apply manifests + run: ./tests/gh-actions/install_pipelines.sh diff --git a/.github/workflows/poddefaults_kind_test.yaml b/.github/workflows/poddefaults_kind_test.yaml new file mode 100644 index 0000000000..25575b6809 --- /dev/null +++ b/.github/workflows/poddefaults_kind_test.yaml @@ -0,0 +1,34 @@ +name: Build & Apply PodDefaults manifests in KinD +on: + pull_request: + paths: + - apps/admission-webhook/upstream/** + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install KinD + run: ./tests/gh-actions/install_kind.sh + + - name: Create KinD Cluster + run: kind create cluster --config tests/gh-actions/kind-cluster-1-22.yaml + + - name: Install kustomize + run: ./tests/gh-actions/install_kustomize.sh + + - name: Install Istio + run: ./tests/gh-actions/install_istio.sh + + - name: Install cert-manager + run: ./tests/gh-actions/install_cert_manager.sh + + - name: Build & Apply manifests + run: | + cd apps/admission-webhook/upstream + kubectl create ns kubeflow + kustomize build overlays/cert-manager | kubectl apply -f - + kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout 180s diff --git a/.github/workflows/profiles_kind_test.yaml b/.github/workflows/profiles_kind_test.yaml new file mode 100644 index 0000000000..88293fb8aa --- /dev/null +++ b/.github/workflows/profiles_kind_test.yaml @@ -0,0 +1,31 @@ +name: Build & Apply Profiles manifests in KinD +on: + pull_request: + paths: + - apps/profiles/upstream/** + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install KinD + run: ./tests/gh-actions/install_kind.sh + + - name: Create KinD Cluster + run: kind create cluster --config tests/gh-actions/kind-cluster-1-22.yaml + + - name: Install kustomize + run: ./tests/gh-actions/install_kustomize.sh + + - name: Install Istio + run: ./tests/gh-actions/install_istio.sh + + - name: Build & Apply manifests + run: | + cd apps/profiles/upstream + kubectl create ns kubeflow + kustomize build overlays/kubeflow | kubectl apply -f - + kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout 180s diff --git a/.github/workflows/tb_controller_kind_test.yaml b/.github/workflows/tb_controller_kind_test.yaml new file mode 100644 index 0000000000..316422fd1e --- /dev/null +++ b/.github/workflows/tb_controller_kind_test.yaml @@ -0,0 +1,31 @@ +name: Build & Apply Tensorboard Controller manifests in KinD +on: + pull_request: + paths: + - apps/tensorboard/tensorboard-controller/upstream/** + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install KinD + run: ./tests/gh-actions/install_kind.sh + + - name: Create KinD Cluster + run: kind create cluster --config tests/gh-actions/kind-cluster-1-22.yaml + + - name: Install kustomize + run: ./tests/gh-actions/install_kustomize.sh + + - name: Install Istio + run: ./tests/gh-actions/install_istio.sh + + - name: Build & Apply manifests + run: | + cd apps/tensorboard/tensorboard-controller/upstream + kubectl create ns kubeflow + kustomize build overlays/kubeflow | kubectl apply -f - + kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout 180s diff --git a/.github/workflows/train_operator_kind_test.yaml b/.github/workflows/train_operator_kind_test.yaml new file mode 100644 index 0000000000..b710ce175e --- /dev/null +++ b/.github/workflows/train_operator_kind_test.yaml @@ -0,0 +1,31 @@ +name: Build & Apply Training Operator manifests in KinD +on: + pull_request: + paths: + - apps/training-operator/upstream/** + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install KinD + run: ./tests/gh-actions/install_kind.sh + + - name: Create KinD Cluster + run: kind create cluster --config tests/gh-actions/kind-cluster-1-22.yaml + + - name: Install kustomize + run: ./tests/gh-actions/install_kustomize.sh + + - name: Install Istio + run: ./tests/gh-actions/install_istio.sh + + - name: Build & Apply manifests + run: | + cd apps/training-operator/upstream + kubectl create ns kubeflow + kustomize build overlays/kubeflow | kubectl apply -f - + kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout 180s diff --git a/.github/workflows/twa_kind_test.yaml b/.github/workflows/twa_kind_test.yaml new file mode 100644 index 0000000000..7b68870adb --- /dev/null +++ b/.github/workflows/twa_kind_test.yaml @@ -0,0 +1,31 @@ +name: Build & Apply TWA manifests in KinD +on: + pull_request: + paths: + - apps/tensorboard/tensorboards-web-app/upstream/** + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install KinD + run: ./tests/gh-actions/install_kind.sh + + - name: Create KinD Cluster + run: kind create cluster --config tests/gh-actions/kind-cluster-1-22.yaml + + - name: Install kustomize + run: ./tests/gh-actions/install_kustomize.sh + + - name: Install Istio + run: ./tests/gh-actions/install_istio.sh + + - name: Build & Apply manifests + run: | + cd apps/tensorboard/tensorboards-web-app/upstream + kubectl create ns kubeflow + kustomize build overlays/istio | kubectl apply -f - + kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout 180s diff --git a/.github/workflows/vwa_kind_test.yaml b/.github/workflows/vwa_kind_test.yaml new file mode 100644 index 0000000000..3d31a4cd64 --- /dev/null +++ b/.github/workflows/vwa_kind_test.yaml @@ -0,0 +1,31 @@ +name: Build & Apply VWA manifests in KinD +on: + pull_request: + paths: + - apps/volumes-web-app/upstream/** + +jobs: + build: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install KinD + run: ./tests/gh-actions/install_kind.sh + + - name: Create KinD Cluster + run: kind create cluster --config tests/gh-actions/kind-cluster-1-22.yaml + + - name: Install kustomize + run: ./tests/gh-actions/install_kustomize.sh + + - name: Install Istio + run: ./tests/gh-actions/install_istio.sh + + - name: Build & Apply manifests + run: | + cd apps/volumes-web-app/upstream + kubectl create ns kubeflow + kustomize build overlays/istio | kubectl apply -f - + kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout 180s diff --git a/README.md b/README.md index e110165f8b..f9fc94022e 100644 --- a/README.md +++ b/README.md @@ -41,28 +41,28 @@ This repo periodically syncs all official Kubeflow components from their respect | Component | Local Manifests Path | Upstream Revision | | - | - | - | -| Training Operator | apps/training-operator/upstream | [v1.4.0](https://github.com/kubeflow/tf-operator/tree/v1.4.0/manifests) | -| Notebook Controller | apps/jupyter/notebook-controller/upstream | [v1.5.0](https://github.com/kubeflow/kubeflow/tree/v1.5.0/components/notebook-controller/config) | -| Tensorboard Controller | apps/tensorboard/tensorboard-controller/upstream | [v1.5.0](https://github.com/kubeflow/kubeflow/tree/v1.5.0/components/tensorboard-controller/config) | -| Central Dashboard | apps/centraldashboard/upstream | [v1.5.0](https://github.com/kubeflow/kubeflow/tree/v1.5.0/components/centraldashboard/manifests) | -| Profiles + KFAM | apps/profiles/upstream | [v1.5.0](https://github.com/kubeflow/kubeflow/tree/v1.5.0/components/profile-controller/config) | -| PodDefaults Webhook | apps/admission-webhook/upstream | [v1.5.0](https://github.com/kubeflow/kubeflow/tree/v1.5.0/components/admission-webhook/manifests) | -| Jupyter Web App | apps/jupyter/jupyter-web-app/upstream | [v1.5.0](https://github.com/kubeflow/kubeflow/tree/v1.5.0/components/crud-web-apps/jupyter/manifests) | -| Tensorboards Web App | apps/tensorboard/tensorboards-web-app/upstream | [v1.5.0](https://github.com/kubeflow/kubeflow/tree/v1.5.0/components/crud-web-apps/tensorboards/manifests) | -| Volumes Web App | apps/volumes-web-app/upstream | [v1.5.0](https://github.com/kubeflow/kubeflow/tree/v1.5.0/components/crud-web-apps/volumes/manifests) | -| Katib | apps/katib/upstream | [v0.13.0](https://github.com/kubeflow/katib/tree/v0.13.0/manifests/v1beta1) | -| KFServing | apps/kfserving/upstream | [v0.6.1](https://github.com/kubeflow/kfserving/releases/tag/v0.6.1) | -| KServe | contrib/kserve/upstream | [v0.7.0](https://github.com/kserve/kserve/tree/v0.7.0) | -| Kubeflow Pipelines | apps/pipeline/upstream | [1.8.1](https://github.com/kubeflow/pipelines/tree/1.8.1/manifests/kustomize) | -| Kubeflow Tekton Pipelines | apps/kfp-tekton/upstream | [v1.1.1](https://github.com/kubeflow/kfp-tekton/tree/v1.1.1/manifests/kustomize) | +| Training Operator | apps/training-operator/upstream | [v1.5.0-rc.0](https://github.com/kubeflow/training-operator/tree/v1.5.0-rc.0/manifests) | +| Notebook Controller | apps/jupyter/notebook-controller/upstream | [v1.6.0-rc.1](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.1/components/notebook-controller/config) | +| Tensorboard Controller | apps/tensorboard/tensorboard-controller/upstream | [v1.6.0-rc.1](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.1/components/tensorboard-controller/config) | +| Central Dashboard | apps/centraldashboard/upstream | [v1.6.0-rc.1](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.1/components/centraldashboard/manifests) | +| Profiles + KFAM | apps/profiles/upstream | [v1.6.0-rc.1](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.1/components/profile-controller/config) | +| PodDefaults Webhook | apps/admission-webhook/upstream | [v1.6.0-rc.1](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.1/components/admission-webhook/manifests) | +| Jupyter Web App | apps/jupyter/jupyter-web-app/upstream | [v1.6.0-rc.1](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.1/components/crud-web-apps/jupyter/manifests) | +| Tensorboards Web App | apps/tensorboard/tensorboards-web-app/upstream | [v1.6.0-rc.1](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.1/components/crud-web-apps/tensorboards/manifests) | +| Volumes Web App | apps/volumes-web-app/upstream | [v1.6.0-rc.1](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.1/components/crud-web-apps/volumes/manifests) | +| Katib | apps/katib/upstream | [v0.14.0-rc.0](https://github.com/kubeflow/katib/tree/v0.14.0-rc.0/manifests/v1beta1) | +| KServe | contrib/kserve/kserve | [release-0.8](https://github.com/kserve/kserve/tree/8079f375cbcedc4d45a1b4aade2e2308ea6f9ae8/install/v0.8.0) | +| KServe Models Web App | contrib/kserve/models-web-app | [v0.8.1](https://github.com/kserve/models-web-app/tree/v0.8.1/config) | +| Kubeflow Pipelines | apps/pipeline/upstream | [2.0.0-alpha.3](https://github.com/kubeflow/pipelines/tree/2.0.0-alpha.3/manifests/kustomize) | +| Kubeflow Tekton Pipelines | apps/kfp-tekton/upstream | [v1.2.1](https://github.com/kubeflow/kfp-tekton/tree/v1.2.1/manifests/kustomize) | The following is also a matrix with versions from common components that are used from the different projects of Kubeflow: | Component | Local Manifests Path | Upstream Revision | | - | - | - | -| Istio | common/istio-1-11 | [1.11.0](https://github.com/istio/istio/releases/tag/1.11.0) | -| Knative | common/knative | [0.22.1](https://github.com/knative/serving/releases/tag/v0.22.1) | +| Istio | common/istio-1-14 | [1.14.1](https://github.com/istio/istio/releases/tag/1.14.1) | +| Knative | common/knative | [1.2.5](https://github.com/knative/serving/releases/tag/knative-v1.2.5) | ## Installation @@ -80,10 +80,7 @@ The `example` directory contains an example kustomization for the single command ### Prerequisites -- `Kubernetes` (up to `1.21`) with a default [StorageClass](https://kubernetes.io/docs/concepts/storage/storage-classes/) - - :warning: Kubeflow 1.5.0 is not compatible with version 1.22 and onwards. - You can track the remaining work for K8s 1.22 support in - [kubeflow/kubeflow#6353](https://github.com/kubeflow/kubeflow/issues/6353) +- `Kubernetes` (up to `1.22`) with a default [StorageClass](https://kubernetes.io/docs/concepts/storage/storage-classes/) - `kustomize` (version `3.2.0`) ([download link](https://github.com/kubernetes-sigs/kustomize/releases/tag/v3.2.0)) - :warning: Kubeflow 1.5.0 is not compatible with the latest versions of of kustomize 4.x. This is due to changes in the order resources are sorted and printed. Please see [kubernetes-sigs/kustomize#3794](https://github.com/kubernetes-sigs/kustomize/issues/3794) and [kubeflow/manifests#1797](https://github.com/kubeflow/manifests/issues/1797). We know this is not ideal and are working with the upstream kustomize team to add support for the latest versions of kustomize as soon as we can. - `kubectl` @@ -136,9 +133,9 @@ network authorization and implement routing policies. Install Istio: ```sh -kustomize build common/istio-1-11/istio-crds/base | kubectl apply -f - -kustomize build common/istio-1-11/istio-namespace/base | kubectl apply -f - -kustomize build common/istio-1-11/istio-install/base | kubectl apply -f - +kustomize build common/istio-1-14/istio-crds/base | kubectl apply -f - +kustomize build common/istio-1-14/istio-namespace/base | kubectl apply -f - +kustomize build common/istio-1-14/istio-install/base | kubectl apply -f - ``` #### Dex @@ -161,13 +158,13 @@ kustomize build common/oidc-authservice/base | kubectl apply -f - #### Knative -Knative is used by the KFServing official Kubeflow component. +Knative is used by the KServe official Kubeflow component. Install Knative Serving: ```sh kustomize build common/knative/knative-serving/overlays/gateways | kubectl apply -f - -kustomize build common/istio-1-11/cluster-local-gateway/base | kubectl apply -f - +kustomize build common/istio-1-14/cluster-local-gateway/base | kubectl apply -f - ``` Optionally, you can install Knative Eventing which can be used for inference request logging: @@ -209,7 +206,7 @@ well. Install istio resources: ```sh -kustomize build common/istio-1-11/kubeflow-istio-resources/base | kubectl apply -f - +kustomize build common/istio-1-14/kubeflow-istio-resources/base | kubectl apply -f - ``` #### Kubeflow Pipelines @@ -217,7 +214,7 @@ kustomize build common/istio-1-11/kubeflow-istio-resources/base | kubectl apply Install the [Multi-User Kubeflow Pipelines](https://www.kubeflow.org/docs/components/pipelines/multi-user/) official Kubeflow component: ```sh -kustomize build apps/pipeline/upstream/env/platform-agnostic-multi-user | kubectl apply -f - +kustomize build apps/pipeline/upstream/env/cert-manager/platform-agnostic-multi-user | kubectl apply -f - ``` If your container runtime is not docker, use pns executor instead: @@ -247,7 +244,7 @@ You can learn more about their differences in [Installation Options for Kubeflow Besides installation instructions in Kubeflow Pipelines Standalone documentation, you need to apply two virtual services to expose [Kubeflow Pipelines UI](https://github.com/kubeflow/pipelines/blob/1.7.0/manifests/kustomize/base/installs/multi-user/virtual-service.yaml) and [Metadata API](https://github.com/kubeflow/pipelines/blob/1.7.0/manifests/kustomize/base/metadata/options/istio/virtual-service.yaml) in kubeflow-gateway. -#### KServe / KFServing +#### KServe KFServing was rebranded to KServe. @@ -265,13 +262,6 @@ kustomize build contrib/kserve/models-web-app/overlays/kubeflow | kubectl apply - ../contrib/kserve/models-web-app/overlays/kubeflow -For those not ready to migrate to KServe, you can still install KFServing v0.6.1 with -the following command, but we recommend migrating to KServe as soon as possible: - -```sh -kustomize build apps/kfserving/upstream/overlays/kubeflow | kubectl apply -f - -``` - #### Katib Install the Katib official Kubeflow component: @@ -407,7 +397,7 @@ For security reasons, we don't want to use the default password for the default python3 -c 'from passlib.hash import bcrypt; import getpass; print(bcrypt.using(rounds=12, ident="2y").hash(getpass.getpass()))' ``` -2. Edit `dex/base/config-map.yaml` and fill the relevant field with the hash of the password you chose: +2. Edit `common/dex/base/config-map.yaml` and fill the relevant field with the hash of the password you chose: ```yaml ... diff --git a/apps/admission-webhook/upstream/base/crd.yaml b/apps/admission-webhook/upstream/base/crd.yaml index 65f755619d..c1bb44786f 100644 --- a/apps/admission-webhook/upstream/base/crd.yaml +++ b/apps/admission-webhook/upstream/base/crd.yaml @@ -1,4 +1,4 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: poddefaults.kubeflow.org @@ -8,46 +8,62 @@ spec: kind: PodDefault plural: poddefaults singular: poddefault + preserveUnknownFields: false scope: Namespaced - version: v1alpha1 - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: + versions: + - name: v1alpha1 + served: true + storage: true + schema: + openAPIV3Schema: properties: - desc: + apiVersion: type: string - serviceAccountName: + kind: type: string - automountServiceAccountToken: - type: boolean - env: - items: - type: object - type: array - envFrom: - items: - type: object - type: array - selector: + metadata: type: object - volumeMounts: - items: - type: object - type: array - volumes: - items: - type: object - type: array - required: - - selector - type: object - status: + spec: + properties: + desc: + type: string + serviceAccountName: + type: string + automountServiceAccountToken: + type: boolean + env: + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + x-kubernetes-preserve-unknown-fields: true + envFrom: + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + x-kubernetes-preserve-unknown-fields: true + selector: + type: object + x-kubernetes-preserve-unknown-fields: true + volumeMounts: + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + x-kubernetes-preserve-unknown-fields: true + volumes: + items: + type: object + x-kubernetes-preserve-unknown-fields: true + type: array + x-kubernetes-preserve-unknown-fields: true + required: + - selector + type: object + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-preserve-unknown-fields: true type: object - type: object + x-kubernetes-preserve-unknown-fields: true diff --git a/apps/admission-webhook/upstream/base/deployment.yaml b/apps/admission-webhook/upstream/base/deployment.yaml index 54c81788ce..ecab97ab86 100644 --- a/apps/admission-webhook/upstream/base/deployment.yaml +++ b/apps/admission-webhook/upstream/base/deployment.yaml @@ -9,7 +9,7 @@ spec: sidecar.istio.io/inject: "false" spec: containers: - - image: public.ecr.aws/j1r0q0g6/notebooks/admission-webhook + - image: docker.io/kubeflownotebookswg/poddefaults-webhook name: admission-webhook volumeMounts: - mountPath: /etc/webhook/certs diff --git a/apps/admission-webhook/upstream/base/kustomization.yaml b/apps/admission-webhook/upstream/base/kustomization.yaml index 2f0ded6537..4c382cc87e 100644 --- a/apps/admission-webhook/upstream/base/kustomization.yaml +++ b/apps/admission-webhook/upstream/base/kustomization.yaml @@ -14,9 +14,8 @@ commonLabels: app.kubernetes.io/component: poddefaults app.kubernetes.io/name: poddefaults images: -- name: public.ecr.aws/j1r0q0g6/notebooks/admission-webhook - newName: public.ecr.aws/j1r0q0g6/notebooks/admission-webhook - newTag: v1.5.0 +- name: docker.io/kubeflownotebookswg/poddefaults-webhook + newTag: v1.6.0-rc.1 namespace: kubeflow generatorOptions: disableNameSuffixHash: true diff --git a/apps/admission-webhook/upstream/base/mutating-webhook-configuration.yaml b/apps/admission-webhook/upstream/base/mutating-webhook-configuration.yaml index 12f9f1a9dc..2875482889 100644 --- a/apps/admission-webhook/upstream/base/mutating-webhook-configuration.yaml +++ b/apps/admission-webhook/upstream/base/mutating-webhook-configuration.yaml @@ -1,13 +1,18 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: mutating-webhook-configuration webhooks: -- clientConfig: +- admissionReviewVersions: + - v1beta1 + - v1 + clientConfig: caBundle: "" service: name: service path: /apply-poddefault + sideEffects: None + failurePolicy: Fail name: $(podDefaultsDeploymentName).kubeflow.org namespaceSelector: matchLabels: diff --git a/apps/admission-webhook/upstream/overlays/cert-manager/mutating-webhook-configuration.yaml b/apps/admission-webhook/upstream/overlays/cert-manager/mutating-webhook-configuration.yaml index de18f665bb..734cd90540 100644 --- a/apps/admission-webhook/upstream/overlays/cert-manager/mutating-webhook-configuration.yaml +++ b/apps/admission-webhook/upstream/overlays/cert-manager/mutating-webhook-configuration.yaml @@ -1,4 +1,4 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: mutating-webhook-configuration diff --git a/apps/centraldashboard/upstream/base/deployment.yaml b/apps/centraldashboard/upstream/base/deployment.yaml index 0a8cfc3ef7..d978d454e1 100644 --- a/apps/centraldashboard/upstream/base/deployment.yaml +++ b/apps/centraldashboard/upstream/base/deployment.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: centraldashboard - image: public.ecr.aws/j1r0q0g6/notebooks/central-dashboard + image: docker.io/kubeflownotebookswg/centraldashboard imagePullPolicy: IfNotPresent livenessProbe: httpGet: diff --git a/apps/centraldashboard/upstream/base/kustomization.yaml b/apps/centraldashboard/upstream/base/kustomization.yaml index 21983774b5..220ca23ec5 100644 --- a/apps/centraldashboard/upstream/base/kustomization.yaml +++ b/apps/centraldashboard/upstream/base/kustomization.yaml @@ -16,9 +16,8 @@ commonLabels: app.kubernetes.io/component: centraldashboard app.kubernetes.io/name: centraldashboard images: -- name: public.ecr.aws/j1r0q0g6/notebooks/central-dashboard - newName: public.ecr.aws/j1r0q0g6/notebooks/central-dashboard - newTag: v1.5.0 +- name: docker.io/kubeflownotebookswg/centraldashboard + newTag: v1.6.0-rc.1 configMapGenerator: - envs: - params.env diff --git a/apps/jupyter/jupyter-web-app/upstream/base/configs/spawner_ui_config.yaml b/apps/jupyter/jupyter-web-app/upstream/base/configs/spawner_ui_config.yaml index 68e241d926..21b3dac6ac 100644 --- a/apps/jupyter/jupyter-web-app/upstream/base/configs/spawner_ui_config.yaml +++ b/apps/jupyter/jupyter-web-app/upstream/base/configs/spawner_ui_config.yaml @@ -17,23 +17,23 @@ spawnerFormDefaults: image: # The container Image for the user's Jupyter Notebook - value: public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/jupyter-scipy:v1.5.0 + value: kubeflownotebookswg/jupyter-scipy:v1.6.0-rc.1 # The list of available standard container Images options: - - public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/jupyter-scipy:v1.5.0 - - public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/jupyter-pytorch-full:v1.5.0 - - public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/jupyter-pytorch-cuda-full:v1.5.0 - - public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/jupyter-tensorflow-full:v1.5.0 - - public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/jupyter-tensorflow-cuda-full:v1.5.0 + - kubeflownotebookswg/jupyter-scipy:v1.6.0-rc.1 + - kubeflownotebookswg/jupyter-pytorch-full:v1.6.0-rc.1 + - kubeflownotebookswg/jupyter-pytorch-cuda-full:v1.6.0-rc.1 + - kubeflownotebookswg/jupyter-tensorflow-full:v1.6.0-rc.1 + - kubeflownotebookswg/jupyter-tensorflow-cuda-full:v1.6.0-rc.1 imageGroupOne: # The container Image for the user's Group One Server # The annotation `notebooks.kubeflow.org/http-rewrite-uri: /` # is applied to notebook in this group, configuring # the Istio rewrite for containers that host their web UI at `/` - value: public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/codeserver-python:v1.5.0 + value: kubeflownotebookswg/codeserver-python:v1.6.0-rc.1 # The list of available standard container Images options: - - public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/codeserver-python:v1.5.0 + - kubeflownotebookswg/codeserver-python:v1.6.0-rc.1 imageGroupTwo: # The container Image for the user's Group Two Server # The annotation `notebooks.kubeflow.org/http-rewrite-uri: /` @@ -42,10 +42,10 @@ spawnerFormDefaults: # The annotation `notebooks.kubeflow.org/http-headers-request-set` # is applied to notebook in this group, configuring Istio # to add the `X-RStudio-Root-Path` header to requests - value: public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/rstudio-tidyverse:v1.5.0 + value: kubeflownotebookswg/rstudio-tidyverse:v1.6.0-rc.1 # The list of available standard container Images options: - - public.ecr.aws/j1r0q0g6/notebooks/notebook-servers/rstudio-tidyverse:v1.5.0 + - kubeflownotebookswg/rstudio-tidyverse:v1.6.0-rc.1 # If true, hide registry and/or tag name in the image selection dropdown hideRegistry: true hideTag: false diff --git a/apps/jupyter/jupyter-web-app/upstream/base/deployment.yaml b/apps/jupyter/jupyter-web-app/upstream/base/deployment.yaml index 22b48f6a9f..662171b375 100644 --- a/apps/jupyter/jupyter-web-app/upstream/base/deployment.yaml +++ b/apps/jupyter/jupyter-web-app/upstream/base/deployment.yaml @@ -11,7 +11,7 @@ spec: spec: containers: - name: jupyter-web-app - image: public.ecr.aws/j1r0q0g6/notebooks/jupyter-web-app + image: docker.io/kubeflownotebookswg/jupyter-web-app ports: - containerPort: 5000 volumeMounts: @@ -28,6 +28,8 @@ spec: value: $(JWA_USERID_HEADER) - name: USERID_PREFIX value: $(JWA_USERID_PREFIX) + - name: APP_SECURE_COOKIES + value: $(JWA_APP_SECURE_COOKIES) serviceAccountName: service-account volumes: - configMap: diff --git a/apps/jupyter/jupyter-web-app/upstream/base/kustomization.yaml b/apps/jupyter/jupyter-web-app/upstream/base/kustomization.yaml index a778da37e4..6d5f355861 100644 --- a/apps/jupyter/jupyter-web-app/upstream/base/kustomization.yaml +++ b/apps/jupyter/jupyter-web-app/upstream/base/kustomization.yaml @@ -21,9 +21,8 @@ commonLabels: app: jupyter-web-app kustomize.component: jupyter-web-app images: -- name: public.ecr.aws/j1r0q0g6/notebooks/jupyter-web-app - newName: public.ecr.aws/j1r0q0g6/notebooks/jupyter-web-app - newTag: v1.5.0 +- name: docker.io/kubeflownotebookswg/jupyter-web-app + newTag: v1.6.0-rc.1 # We need the name to be unique without the suffix because the original name is what # gets used with patches configMapGenerator: diff --git a/apps/jupyter/jupyter-web-app/upstream/base/params.env b/apps/jupyter/jupyter-web-app/upstream/base/params.env index 6ac8e19e77..218d5d35c2 100644 --- a/apps/jupyter/jupyter-web-app/upstream/base/params.env +++ b/apps/jupyter/jupyter-web-app/upstream/base/params.env @@ -3,3 +3,4 @@ JWA_PREFIX=/jupyter JWA_CLUSTER_DOMAIN=cluster.local JWA_USERID_HEADER=kubeflow-userid JWA_USERID_PREFIX= +JWA_APP_SECURE_COOKIES=true diff --git a/apps/jupyter/notebook-controller/upstream/base/kustomization.yaml b/apps/jupyter/notebook-controller/upstream/base/kustomization.yaml index ebad32c978..6f1213aec4 100644 --- a/apps/jupyter/notebook-controller/upstream/base/kustomization.yaml +++ b/apps/jupyter/notebook-controller/upstream/base/kustomization.yaml @@ -3,6 +3,5 @@ kind: Kustomization resources: - ../default images: -- name: public.ecr.aws/j1r0q0g6/notebooks/notebook-controller - newName: public.ecr.aws/j1r0q0g6/notebooks/notebook-controller - newTag: v1.5.0 +- name: docker.io/kubeflownotebookswg/notebook-controller + newTag: v1.6.0-rc.1 diff --git a/apps/jupyter/notebook-controller/upstream/crd/bases/kubeflow.org_notebooks.yaml b/apps/jupyter/notebook-controller/upstream/crd/bases/kubeflow.org_notebooks.yaml index 17ce87ad39..f1a8ff13a7 100644 --- a/apps/jupyter/notebook-controller/upstream/crd/bases/kubeflow.org_notebooks.yaml +++ b/apps/jupyter/notebook-controller/upstream/crd/bases/kubeflow.org_notebooks.yaml @@ -1,2664 +1,9389 @@ - --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null name: notebooks.kubeflow.org spec: group: kubeflow.org names: kind: Notebook + listKind: NotebookList plural: notebooks + singular: notebook scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Notebook is the Schema for the notebooks API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: NotebookSpec defines the desired state of Notebook - properties: - template: - description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster Important: Run "make" to regenerate code after modifying this file' - properties: - spec: - description: PodSpec is a description of a pod. - properties: - activeDeadlineSeconds: - description: Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. - format: int64 - type: integer - affinity: - description: If specified, the pod's scheduling constraints - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - properties: - preference: - description: A node selector term, associated with the corresponding weight. - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - items: + versions: + - name: v1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + template: + properties: + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements by node's fields. - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - items: + operator: type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are ORed. - items: - description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - items: + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - description: A list of node selector requirements by node's fields. - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - items: + operator: type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. + values: + items: type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: array + required: + - key + - operator type: object - type: object - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" + nodeSelectorTerms: items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies to. + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. + type: array + required: + - key + - operator type: object - type: object - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - format: int32 - type: integer + type: array + type: object + type: array required: - - podAffinityTerm - - weight + - nodeSelectorTerms type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + matchExpressions: items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object type: array - required: - - key - - operator + matchLabels: + additionalProperties: + type: string + type: object type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - items: - description: A single application container that you want to run within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. Cannot be updated. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + namespaces: + items: + type: string + type: array + topologyKey: type: string - optional: - description: Specify whether the ConfigMap or it's key must be defined - type: boolean required: - - key + - topologyKey type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.' + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object type: object - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + namespaceSelector: properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: type: string - optional: - description: Specify whether the Secret or it's key must be defined - type: boolean required: - - key + - topologyKey type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight type: object - required: - - name - type: object - type: array - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - description: The ConfigMap to select from - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - type: object - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: type: string - optional: - description: Specify whether the Secret must be defined - type: boolean + required: + - topologyKey type: object - type: object - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + name: + type: string + value: + type: string + valueFrom: properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - required: - - port + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object type: object + required: + - name type: object - preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + type: array + envFrom: + items: properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. + configMapRef: properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + name: type: string - required: - - port + optional: + type: boolean type: object - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + prefix: + type: string + secretRef: properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - required: - - port + name: + type: string + optional: + type: boolean type: object type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: properties: - name: - description: The header field name + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: type: string - value: - description: The header field value + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string required: - - name - - value + - port type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. - items: - description: ContainerPort represents a network port in a single container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes + tcpSocket: properties: - name: - description: The header field name - type: string - value: - description: The header field value + host: type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true required: - - name - - value + - port type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: - type: string - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - securityContext: - description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type - type: string - type: array - type: object - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - type: object - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. This is a beta feature. - items: - description: volumeDevice describes a mapping of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within a container. - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. This field is alpha in 1.14. - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - required: - - name - type: object - type: array - dnsConfig: - description: Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. - properties: - nameservers: - description: A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. - items: - type: string - type: array - options: - description: A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. - items: - description: PodDNSConfigOption defines DNS resolver options of a pod. - properties: - name: - description: Required. - type: string - value: - type: string - type: object - type: array - searches: - description: A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. - items: - type: string - type: array - type: object - dnsPolicy: - description: Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' - type: boolean - hostAliases: - description: HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods. - items: - description: HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. - properties: - hostnames: - description: Hostnames for the above IP address. - items: - type: string - type: array - ip: - description: IP address of the host file entry. - type: string - type: object - type: array - hostIPC: - description: 'Use the host''s ipc namespace. Optional: Default to false.' - type: boolean - hostNetwork: - description: Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. - type: boolean - hostPID: - description: 'Use the host''s pid namespace. Optional: Default to false.' - type: boolean - hostname: - description: Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. - type: string - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - type: array - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, or Liveness probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - items: - description: A single application container that you want to run within a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. Cannot be updated. - items: - description: EnvVar represents an environment variable present in a Container. - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + preStop: properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or it's key must be defined - type: boolean - required: - - key - type: object - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.' + exec: properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath + command: + items: + type: string + type: array type: object - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' + httpGet: properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' + host: type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: type: string - resource: - description: 'Required: resource to select' + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string required: - - resource + - port type: object - secretKeyRef: - description: Selects a key of a secret in the pod's namespace + tcpSocket: properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + host: type: string - optional: - description: Specify whether the Secret or it's key must be defined - type: boolean + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true required: - - key + - port type: object type: object - required: - - name type: object - type: array - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of ConfigMaps + livenessProbe: properties: - configMapRef: - description: The ConfigMap to select from + exec: properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean + required: + - port type: object - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from + httpGet: properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + host: type: string - optional: - description: Specify whether the Secret must be defined - type: boolean + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port type: object - type: object - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. - properties: - postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - required: - - port - type: object - type: object - preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - type: object - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - required: - - port - type: object - type: object - type: object - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. + containerPort: + format: int32 + type: integer + hostIP: type: string - port: - anyOf: - - type: string - - type: integer - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. + hostPort: + format: int32 + type: integer + name: type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' + protocol: + default: TCP type: string - port: - anyOf: - - type: string - - type: integer - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. required: - - port + - containerPort type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. - items: - description: ContainerPort represents a network port in a single container. + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: format: int32 type: integer - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - required: - - containerPort - type: object - type: array - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - items: + grpc: + properties: + port: + format: int32 + type: integer + service: type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGet specifies the http request to perform. - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: object - type: array - path: - description: Path to access on the HTTP server. - type: string - port: + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: anyOf: - - type: string - type: integer - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - required: - - port - type: object - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - anyOf: - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: - type: integer - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - required: - - port - type: object - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - type: object - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - properties: - limits: - additionalProperties: - type: string - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - additionalProperties: + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: type: string - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - type: object - securityContext: - description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - properties: - add: - description: Added capabilities - items: - description: Capability represent POSIX capabilities type + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: type: string - type: array - drop: - description: Removed capabilities - items: - description: Capability represent POSIX capabilities type + role: type: string - type: array + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name type: object - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: array + volumeMounts: + items: properties: - level: - description: Level is SELinux level label that applies to the container. + mountPath: type: string - role: - description: Role is a SELinux role label that applies to the container. + mountPropagation: type: string - type: - description: Type is a SELinux type label that applies to the container. + name: + type: string + readOnly: + type: boolean + subPath: type: string - user: - description: User is a SELinux user label that applies to the container. + subPathExpr: type: string + required: + - mountPath + - name type: object - type: object - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. This is a beta feature. + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: items: - description: volumeDevice describes a mapping of a raw block device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - required: - - devicePath - - name - type: object + type: string type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. + options: items: - description: VolumeMount describes a mounting of a Volume within a container. properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. This field is alpha in 1.14. + value: type: string - required: - - mountPath - - name type: object type: array - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - required: - - name + searches: + items: + type: string + type: array type: object - type: array - nodeName: - description: NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements. - type: string - nodeSelector: - additionalProperties: + dnsPolicy: type: string - description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - priority: - description: The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. - format: int32 - type: integer - priorityClassName: - description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. - type: string - readinessGates: - description: 'If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' - items: - description: PodReadinessGate contains the reference to a pod condition - properties: - conditionType: - description: ConditionType refers to a condition in the pod's condition list with matching type. - type: string - required: - - conditionType - type: object - type: array - restartPolicy: - description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' - type: string - runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is an alpha feature and may change in the future.' - type: string - schedulerName: - description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. - type: string - securityContext: - description: 'SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.' - properties: - fsGroup: - description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." - format: int64 - type: integer - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + enableServiceLinks: + type: boolean + ephemeralContainers: + items: properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - type: object - supplementalGroups: - description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: object - type: array - type: object - serviceAccount: - description: 'DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.' - type: string - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - shareProcessNamespace: - description: 'Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false. This field is beta-level and may be disabled with the PodShareProcessNamespace feature.' - type: boolean - subdomain: - description: If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will not have a domainname at all. - type: string - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. - format: int64 - type: integer - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - type: object - type: array - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' - format: int32 - type: integer - readOnly: - description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime - properties: - monitors: - description: 'Required: Monitors is a collection of Ceph monitors More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' + args: + items: type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' + type: array + command: + items: type: string - secretRef: - description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' + type: array + env: + items: properties: name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' type: string - type: object - user: - description: 'Optional: User is the rados user name, default is admin More info: https://releases.k8s.io/HEAD/examples/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + value: type: string - type: object - volumeID: - description: 'volume id used to identify the volume in cinder More info: https://releases.k8s.io/HEAD/examples/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: ConfigMap represents a configMap that should populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - format: int32 - type: integer + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or it's keys must be defined - type: boolean - type: object - csi: - description: CSI (Container Storage Interface) represents storage that is handled by an external CSI driver (Alpha feature). - properties: - driver: - description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object type: object - readOnly: - description: Specifies a read-only configuration for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: DownwardAPI represents downward API about the pod that should populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward API volume file - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' + exec: properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath + command: + items: + type: string + type: array type: object - mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' + httpGet: properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" + host: type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - type: string - type: object - fc: - description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - lun: - description: 'Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - items: - type: string - type: array - wwids: - description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' - items: - type: string - type: array - type: object - flexVolume: - description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. - properties: - driver: - description: Driver is the name of the driver to use for this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - type: string - options: - additionalProperties: - type: string - description: 'Optional: Extra command options if any.' - type: object - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - required: - - driver - type: object - flocker: - description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - properties: - datasetName: - description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' - properties: - directory: - description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://releases.k8s.io/HEAD/examples/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' - properties: - path: - description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://releases.k8s.io/HEAD/examples/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator authentication - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - targetPortal: - description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent disk - type: string - required: - - pdID - type: object - portworxVolume: - description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine - properties: - fsType: - description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx volume - type: string - required: - - volumeID - type: object - projected: - description: Items for all in one resources secrets, configmaps, and downward API - properties: - defaultMode: - description: Mode bits to use on created files by default. Must be a value between 0 and 0777. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - format: int32 - type: integer - sources: - description: list of volume projections - items: - description: Projection that may be projected along with other supported volume types - properties: - configMap: - description: information about the configMap data to project - properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + httpHeaders: items: - description: Maps a string key to a path within a volume. properties: - key: - description: The key to project. + name: type: string - mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + value: type: string required: - - key - - path + - name + - value type: object type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string - optional: - description: Specify whether the ConfigMap or it's keys must be defined - type: boolean + required: + - port type: object - downwardAPI: - description: information about the downwardAPI data to project + tcpSocket: properties: - items: - description: Items is a list of DownwardAPIVolume file + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - required: - - path - type: object + type: string type: array type: object - secret: - description: information about the secret data to project + httpGet: properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + host: + type: string + httpHeaders: items: - description: Maps a string key to a path within a volume. properties: - key: - description: The key to project. + name: type: string - mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + value: type: string required: - - key - - path + - name + - value type: object type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean + required: + - port type: object - serviceAccountToken: - description: information about the serviceAccountToken data to project + tcpSocket: properties: - audience: - description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - format: int64 - type: integer - path: - description: Path is the path relative to the mount point of the file to project the token into. + host: type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true required: - - path + - port type: object type: object - type: array - required: - - sources - type: object - quobyte: - description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime - properties: - group: - description: Group to map volume access to Default is no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. - type: boolean - registry: - description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to serivceaccount user - type: string - volume: - description: Volume is a string that references an already created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md' - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - image: - description: 'The rados image name. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'The rados pool name. Default is rbd. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - user: - description: 'The rados user name. Default is admin. More info: https://releases.k8s.io/HEAD/examples/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - sslEnabled: - description: Flag to enable/disable SSL communication with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with the protection domain. - type: string - system: - description: The name of the storage system as configured in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in the ScaleIO system that is associated with this volume source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'Optional: mode bits to use on created files by default. Must be a value between 0 and 0777. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - items: - description: Maps a string key to a path within a volume. + type: object + livenessProbe: + properties: + exec: properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this file, must be a value between 0 and 0777. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - format: int32 + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string - required: - - key - - path + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + maxSkew: + format: int32 + type: integer + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + type: object + status: + properties: + conditions: + items: + properties: + lastProbeTime: + format: date-time + type: string + message: + type: string + reason: + type: string + type: + type: string + required: + - type + type: object + type: array + containerState: + properties: + running: + properties: + startedAt: + format: date-time + type: string + type: object + terminated: + properties: + containerID: + type: string + exitCode: + format: int32 + type: integer + finishedAt: + format: date-time + type: string + message: + type: string + reason: + type: string + signal: + format: int32 + type: integer + startedAt: + format: date-time + type: string + required: + - exitCode + type: object + waiting: + properties: + message: + type: string + reason: + type: string + type: object + type: object + readyReplicas: + format: int32 + type: integer + required: + - conditions + - containerState + - readyReplicas + type: object + type: object + served: true + storage: true + subresources: + status: {} + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + template: + properties: + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + maxSkew: + format: int32 + type: integer + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object + type: object + type: object + status: + properties: + conditions: + items: + properties: + lastProbeTime: + format: date-time + type: string + message: + type: string + reason: + type: string + type: + type: string + required: + - type + type: object + type: array + containerState: + properties: + running: + properties: + startedAt: + format: date-time + type: string + type: object + terminated: + properties: + containerID: + type: string + exitCode: + format: int32 + type: integer + finishedAt: + format: date-time + type: string + message: + type: string + reason: + type: string + signal: + format: int32 + type: integer + startedAt: + format: date-time + type: string + required: + - exitCode + type: object + waiting: + properties: + message: + type: string + reason: + type: string + type: object + type: object + readyReplicas: + format: int32 + type: integer + required: + - conditions + - containerState + - readyReplicas + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + template: + properties: + spec: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + ephemeralContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + targetContainerName: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + x-kubernetes-map-type: atomic + os: + properties: + name: + type: string + required: + - name + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + maxSkew: + format: int32 + type: integer + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string type: object - type: array - optional: - description: Specify whether the Secret or it's keys must be defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: type: string - type: object - volumeName: - description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. - type: string - type: object - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) profile name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - required: - - containers - type: object - type: object - type: object - status: - description: NotebookStatus defines the observed state of Notebook - properties: - conditions: - description: Conditions is an array of current conditions - items: - properties: - lastProbeTime: - description: Last time we probed the condition. - format: date-time - type: string - message: - description: Message regarding why the container is in the current state. - type: string - reason: - description: (brief) reason the container is in the current state - type: string - type: - description: Type is the type of the condition. Possible values are Running|Waiting|Terminated - type: string - required: - - type + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + required: + - containers + type: object type: object - type: array - containerState: - description: ContainerState is the state of underlying container. - properties: - running: - description: Details about a running container - properties: - startedAt: - description: Time at which the container was last (re-)started - format: date-time - type: string - type: object - terminated: - description: Details about a terminated container + type: object + status: + properties: + conditions: + items: properties: - containerID: - description: Container's ID in the format 'docker://' - type: string - exitCode: - description: Exit status from the last termination of the container - format: int32 - type: integer - finishedAt: - description: Time at which the container last terminated + lastProbeTime: format: date-time type: string message: - description: Message regarding the last termination of the container type: string reason: - description: (brief) reason from the last termination of the container type: string - signal: - description: Signal from the last termination of the container - format: int32 - type: integer - startedAt: - description: Time at which previous execution of the container started - format: date-time + type: type: string required: - - exitCode + - type type: object - waiting: - description: Details about a waiting container - properties: - message: - description: Message regarding why the container is not yet running. - type: string - reason: - description: (brief) reason the container is not yet running. - type: string - type: object - type: object - readyReplicas: - description: ReadyReplicas is the number of Pods created by the StatefulSet controller that have a Ready Condition. - format: int32 - type: integer - required: - - conditions - - containerState - - readyReplicas - type: object - type: object - version: v1 - versions: - - name: v1 - served: true - storage: true - - name: v1alpha1 - served: true - storage: false - - name: v1beta1 + type: array + containerState: + properties: + running: + properties: + startedAt: + format: date-time + type: string + type: object + terminated: + properties: + containerID: + type: string + exitCode: + format: int32 + type: integer + finishedAt: + format: date-time + type: string + message: + type: string + reason: + type: string + signal: + format: int32 + type: integer + startedAt: + format: date-time + type: string + required: + - exitCode + type: object + waiting: + properties: + message: + type: string + reason: + type: string + type: object + type: object + readyReplicas: + format: int32 + type: integer + required: + - conditions + - containerState + - readyReplicas + type: object + type: object served: true storage: false + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/apps/jupyter/notebook-controller/upstream/crd/kustomization.yaml b/apps/jupyter/notebook-controller/upstream/crd/kustomization.yaml index 9c0022e620..4e55699a05 100644 --- a/apps/jupyter/notebook-controller/upstream/crd/kustomization.yaml +++ b/apps/jupyter/notebook-controller/upstream/crd/kustomization.yaml @@ -8,16 +8,6 @@ resources: patchesStrategicMerge: - patches/trivial_conversion_patch.yaml -patchesJson6902: -# Remove once the following issue is resolved: -# https://github.com/kubeflow/kubeflow/issues/5722 -- path: patches/old_crd.yaml - target: - group: apiextensions.k8s.io - version: v1beta1 - kind: CustomResourceDefinition - name: notebooks.kubeflow.org - # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # patches here are for enabling the conversion webhook for each CRD #- patches/webhook_in_notebooks.yaml diff --git a/apps/jupyter/notebook-controller/upstream/crd/patches/cainjection_in_notebooks.yaml b/apps/jupyter/notebook-controller/upstream/crd/patches/cainjection_in_notebooks.yaml index e15e6f6c77..f99acf384e 100644 --- a/apps/jupyter/notebook-controller/upstream/crd/patches/cainjection_in_notebooks.yaml +++ b/apps/jupyter/notebook-controller/upstream/crd/patches/cainjection_in_notebooks.yaml @@ -1,6 +1,6 @@ # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/apps/jupyter/notebook-controller/upstream/crd/patches/old_crd.yaml b/apps/jupyter/notebook-controller/upstream/crd/patches/old_crd.yaml deleted file mode 100644 index 6d82456688..0000000000 --- a/apps/jupyter/notebook-controller/upstream/crd/patches/old_crd.yaml +++ /dev/null @@ -1,64 +0,0 @@ -# Use the old CRD because of the quantity validation issue: -# https://github.com/kubeflow/kubeflow/issues/5722 -- op: replace - path: /spec - value: - group: kubeflow.org - names: - kind: Notebook - plural: notebooks - singular: notebook - scope: Namespaced - subresources: - status: {} - versions: - - name: v1alpha1 - served: true - storage: false - - name: v1beta1 - served: true - storage: false - - name: v1 - served: true - storage: true - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - template: - description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - Important: Run "make" to regenerate code after modifying this file' - properties: - spec: - type: object - type: object - type: object - status: - properties: - conditions: - description: Conditions is an array of current conditions - items: - properties: - type: - description: Type of the confition/ - type: string - required: - - type - type: object - type: array - required: - - conditions - type: object diff --git a/apps/jupyter/notebook-controller/upstream/crd/patches/trivial_conversion_patch.yaml b/apps/jupyter/notebook-controller/upstream/crd/patches/trivial_conversion_patch.yaml index 90022130ac..3ed80e6daf 100644 --- a/apps/jupyter/notebook-controller/upstream/crd/patches/trivial_conversion_patch.yaml +++ b/apps/jupyter/notebook-controller/upstream/crd/patches/trivial_conversion_patch.yaml @@ -1,8 +1,9 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: notebooks.kubeflow.org spec: + preserveUnknownFields: false # TODO: Remove in Kubeflow 1.7 release conversion: - strategy: None \ No newline at end of file + strategy: None diff --git a/apps/jupyter/notebook-controller/upstream/crd/patches/webhook_in_notebooks.yaml b/apps/jupyter/notebook-controller/upstream/crd/patches/webhook_in_notebooks.yaml index 34bbaff684..b980a96db1 100644 --- a/apps/jupyter/notebook-controller/upstream/crd/patches/webhook_in_notebooks.yaml +++ b/apps/jupyter/notebook-controller/upstream/crd/patches/webhook_in_notebooks.yaml @@ -1,6 +1,6 @@ # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: notebooks.kubeflow.org diff --git a/apps/jupyter/notebook-controller/upstream/default/kustomization.yaml b/apps/jupyter/notebook-controller/upstream/default/kustomization.yaml index 8505d8f4ff..393aaa5e5f 100644 --- a/apps/jupyter/notebook-controller/upstream/default/kustomization.yaml +++ b/apps/jupyter/notebook-controller/upstream/default/kustomization.yaml @@ -15,9 +15,9 @@ commonLabels: bases: -- ../crd - ../rbac - ../manager +- ../crd # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in crd/kustomization.yaml #- ../webhook # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. diff --git a/apps/jupyter/notebook-controller/upstream/manager/manager.yaml b/apps/jupyter/notebook-controller/upstream/manager/manager.yaml index 4dafe6298c..b478868c3c 100644 --- a/apps/jupyter/notebook-controller/upstream/manager/manager.yaml +++ b/apps/jupyter/notebook-controller/upstream/manager/manager.yaml @@ -18,7 +18,7 @@ spec: spec: containers: - name: manager - image: public.ecr.aws/j1r0q0g6/notebooks/notebook-controller + image: docker.io/kubeflownotebookswg/notebook-controller command: - /manager env: @@ -35,8 +35,14 @@ spec: imagePullPolicy: Always livenessProbe: httpGet: - path: /metrics - port: 8080 - initialDelaySeconds: 30 - periodSeconds: 30 + path: /healthz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 serviceAccountName: service-account diff --git a/apps/jupyter/notebook-controller/upstream/rbac/role.yaml b/apps/jupyter/notebook-controller/upstream/rbac/role.yaml index 833330166e..7273f3abb2 100644 --- a/apps/jupyter/notebook-controller/upstream/rbac/role.yaml +++ b/apps/jupyter/notebook-controller/upstream/rbac/role.yaml @@ -1,4 +1,3 @@ - --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -20,6 +19,7 @@ rules: - create - get - list + - patch - watch - apiGroups: - "" diff --git a/apps/jupyter/notebook-controller/upstream/samples/_v1_notebook.yaml b/apps/jupyter/notebook-controller/upstream/samples/_v1_notebook.yaml new file mode 100644 index 0000000000..9334cd95d7 --- /dev/null +++ b/apps/jupyter/notebook-controller/upstream/samples/_v1_notebook.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kubeflow.org/v1 +kind: Notebook +metadata: + name: notebook-sample-v1 +spec: + template: + spec: + containers: + - name: notebook-sample-v1 + image: kubeflownotebookswg/jupyter:v1.6.0-rc.0 diff --git a/apps/jupyter/notebook-controller/upstream/samples/_v1alpha1_notebook.yaml b/apps/jupyter/notebook-controller/upstream/samples/_v1alpha1_notebook.yaml new file mode 100644 index 0000000000..62c08927af --- /dev/null +++ b/apps/jupyter/notebook-controller/upstream/samples/_v1alpha1_notebook.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kubeflow.org/v1alpha1 +kind: Notebook +metadata: + name: notebook-sample-v1alpha1 +spec: + template: + spec: + containers: + - name: notebook-sample-v1 + image: kubeflownotebookswg/jupyter:v1.6.0-rc.0 diff --git a/apps/jupyter/notebook-controller/upstream/samples/_v1beta1_notebook.yaml b/apps/jupyter/notebook-controller/upstream/samples/_v1beta1_notebook.yaml new file mode 100644 index 0000000000..6fcdb2a367 --- /dev/null +++ b/apps/jupyter/notebook-controller/upstream/samples/_v1beta1_notebook.yaml @@ -0,0 +1,11 @@ +--- +apiVersion: kubeflow.org/v1beta1 +kind: Notebook +metadata: + name: notebook-sample-v1beta1 +spec: + template: + spec: + containers: + - name: notebook-sample-v1 + image: kubeflownotebookswg/jupyter:v1.6.0-rc.0 diff --git a/apps/katib/upstream/components/cert-generator/cert-generator.yaml b/apps/katib/upstream/components/cert-generator/cert-generator.yaml index db90641932..3f06b26d9d 100644 --- a/apps/katib/upstream/components/cert-generator/cert-generator.yaml +++ b/apps/katib/upstream/components/cert-generator/cert-generator.yaml @@ -1,3 +1,4 @@ +--- apiVersion: batch/v1 kind: Job metadata: @@ -15,7 +16,6 @@ spec: containers: - name: cert-generator image: docker.io/kubeflowkatib/cert-generator - imagePullPolicy: Always command: ["./katib-cert-generator"] args: ["generate", "--namespace=$(KATIB_CORE_NAMESPACE)"] env: diff --git a/apps/katib/upstream/components/cert-generator/kustomization.yaml b/apps/katib/upstream/components/cert-generator/kustomization.yaml index 0e29c11c31..f1536e8071 100644 --- a/apps/katib/upstream/components/cert-generator/kustomization.yaml +++ b/apps/katib/upstream/components/cert-generator/kustomization.yaml @@ -1,3 +1,4 @@ +--- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/apps/katib/upstream/components/cert-generator/rbac.yaml b/apps/katib/upstream/components/cert-generator/rbac.yaml index 89fa23ac4b..d53c8609a2 100644 --- a/apps/katib/upstream/components/cert-generator/rbac.yaml +++ b/apps/katib/upstream/components/cert-generator/rbac.yaml @@ -1,3 +1,4 @@ +--- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: @@ -7,6 +8,7 @@ rules: - "" resources: - secrets + - services verbs: - get - create diff --git a/apps/katib/upstream/components/controller/controller.yaml b/apps/katib/upstream/components/controller/controller.yaml index 8f5d275784..8d18c9c3b6 100644 --- a/apps/katib/upstream/components/controller/controller.yaml +++ b/apps/katib/upstream/components/controller/controller.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/apps/katib/upstream/components/controller/katib-config.yaml b/apps/katib/upstream/components/controller/katib-config.yaml index a82d260b00..786514f0ba 100644 --- a/apps/katib/upstream/components/controller/katib-config.yaml +++ b/apps/katib/upstream/components/controller/katib-config.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: ConfigMap metadata: @@ -7,13 +8,13 @@ data: metrics-collector-sidecar: |- { "StdOut": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v0.13.0" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v0.14.0-rc.0" }, "File": { - "image": "docker.io/kubeflowkatib/file-metrics-collector:v0.13.0" + "image": "docker.io/kubeflowkatib/file-metrics-collector:v0.14.0-rc.0" }, "TensorFlowEvent": { - "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v0.13.0", + "image": "docker.io/kubeflowkatib/tfevent-metrics-collector:v0.14.0-rc.0", "resources": { "limits": { "memory": "1Gi" @@ -24,31 +25,31 @@ data: suggestion: |- { "random": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v0.13.0" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v0.14.0-rc.0" }, "tpe": { - "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v0.13.0" + "image": "docker.io/kubeflowkatib/suggestion-hyperopt:v0.14.0-rc.0" }, "grid": { - "image": "docker.io/kubeflowkatib/suggestion-chocolate:v0.13.0" + "image": "docker.io/kubeflowkatib/suggestion-chocolate:v0.14.0-rc.0" }, "hyperband": { - "image": "docker.io/kubeflowkatib/suggestion-hyperband:v0.13.0" + "image": "docker.io/kubeflowkatib/suggestion-hyperband:v0.14.0-rc.0" }, "bayesianoptimization": { - "image": "docker.io/kubeflowkatib/suggestion-skopt:v0.13.0" + "image": "docker.io/kubeflowkatib/suggestion-skopt:v0.14.0-rc.0" }, "cmaes": { - "image": "docker.io/kubeflowkatib/suggestion-goptuna:v0.13.0" + "image": "docker.io/kubeflowkatib/suggestion-goptuna:v0.14.0-rc.0" }, "sobol": { - "image": "docker.io/kubeflowkatib/suggestion-goptuna:v0.13.0" + "image": "docker.io/kubeflowkatib/suggestion-goptuna:v0.14.0-rc.0" }, "multivariate-tpe": { - "image": "docker.io/kubeflowkatib/suggestion-optuna:v0.13.0" + "image": "docker.io/kubeflowkatib/suggestion-optuna:v0.14.0-rc.0" }, "enas": { - "image": "docker.io/kubeflowkatib/suggestion-enas:v0.13.0", + "image": "docker.io/kubeflowkatib/suggestion-enas:v0.14.0-rc.0", "resources": { "limits": { "memory": "200Mi" @@ -56,12 +57,25 @@ data: } }, "darts": { - "image": "docker.io/kubeflowkatib/suggestion-darts:v0.13.0" + "image": "docker.io/kubeflowkatib/suggestion-darts:v0.14.0-rc.0" + }, + "pbt": { + "image": "docker.io/kubeflowkatib/suggestion-pbt:v0.14.0-rc.0", + "persistentVolumeClaimSpec": { + "accessModes": [ + "ReadWriteMany" + ], + "resources": { + "requests": { + "storage": "5Gi" + } + } + } } } early-stopping: |- { "medianstop": { - "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v0.13.0" + "image": "docker.io/kubeflowkatib/earlystopping-medianstop:v0.14.0-rc.0" } } diff --git a/apps/katib/upstream/components/controller/kustomization.yaml b/apps/katib/upstream/components/controller/kustomization.yaml index b2ebae9bf7..9d410a6fcf 100644 --- a/apps/katib/upstream/components/controller/kustomization.yaml +++ b/apps/katib/upstream/components/controller/kustomization.yaml @@ -1,3 +1,4 @@ +--- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/apps/katib/upstream/components/controller/rbac.yaml b/apps/katib/upstream/components/controller/rbac.yaml index 9979af007f..f6adc65b17 100644 --- a/apps/katib/upstream/components/controller/rbac.yaml +++ b/apps/katib/upstream/components/controller/rbac.yaml @@ -1,3 +1,4 @@ +--- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: diff --git a/apps/katib/upstream/components/controller/service.yaml b/apps/katib/upstream/components/controller/service.yaml index d159217f13..c10a9df286 100644 --- a/apps/katib/upstream/components/controller/service.yaml +++ b/apps/katib/upstream/components/controller/service.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Service metadata: diff --git a/apps/katib/upstream/components/controller/trial-templates.yaml b/apps/katib/upstream/components/controller/trial-templates.yaml index f1095f53ba..d7a4820d2d 100644 --- a/apps/katib/upstream/components/controller/trial-templates.yaml +++ b/apps/katib/upstream/components/controller/trial-templates.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: ConfigMap metadata: @@ -14,7 +15,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/mxnet-mnist:v0.13.0 + image: docker.io/kubeflowkatib/mxnet-mnist:v0.14.0-rc.0 command: - "python3" - "/opt/mxnet-mnist/mnist.py" @@ -32,7 +33,7 @@ data: spec: containers: - name: training-container - image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v0.13.0 + image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v0.14.0-rc.0 command: - python3 - -u @@ -53,8 +54,7 @@ data: spec: containers: - name: pytorch - image: docker.io/kubeflowkatib/pytorch-mnist:v0.13.0 - imagePullPolicy: Always + image: docker.io/kubeflowkatib/pytorch-mnist:v0.14.0-rc.0 command: - "python3" - "/opt/pytorch-mnist/mnist.py" @@ -68,8 +68,7 @@ data: spec: containers: - name: pytorch - image: docker.io/kubeflowkatib/pytorch-mnist:v0.13.0 - imagePullPolicy: Always + image: docker.io/kubeflowkatib/pytorch-mnist:v0.14.0-rc.0 command: - "python3" - "/opt/pytorch-mnist/mnist.py" diff --git a/apps/katib/upstream/components/crd/experiment.yaml b/apps/katib/upstream/components/crd/experiment.yaml index d3e94fc0e0..8b07270c33 100644 --- a/apps/katib/upstream/components/crd/experiment.yaml +++ b/apps/katib/upstream/components/crd/experiment.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: diff --git a/apps/katib/upstream/components/crd/kustomization.yaml b/apps/katib/upstream/components/crd/kustomization.yaml index b0a2d9ebf0..9c2e6b1282 100644 --- a/apps/katib/upstream/components/crd/kustomization.yaml +++ b/apps/katib/upstream/components/crd/kustomization.yaml @@ -1,3 +1,4 @@ +--- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/apps/katib/upstream/components/crd/suggestion.yaml b/apps/katib/upstream/components/crd/suggestion.yaml index edd1489997..b6eaa3fd43 100644 --- a/apps/katib/upstream/components/crd/suggestion.yaml +++ b/apps/katib/upstream/components/crd/suggestion.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: diff --git a/apps/katib/upstream/components/crd/trial.yaml b/apps/katib/upstream/components/crd/trial.yaml index 9ff7487985..765314b3f8 100644 --- a/apps/katib/upstream/components/crd/trial.yaml +++ b/apps/katib/upstream/components/crd/trial.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: diff --git a/apps/katib/upstream/components/db-manager/db-manager.yaml b/apps/katib/upstream/components/db-manager/db-manager.yaml index cc7cb79dc5..41b8b3f930 100644 --- a/apps/katib/upstream/components/db-manager/db-manager.yaml +++ b/apps/katib/upstream/components/db-manager/db-manager.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/apps/katib/upstream/components/db-manager/kustomization.yaml b/apps/katib/upstream/components/db-manager/kustomization.yaml index 8f4488d521..2d9e91e707 100644 --- a/apps/katib/upstream/components/db-manager/kustomization.yaml +++ b/apps/katib/upstream/components/db-manager/kustomization.yaml @@ -1,3 +1,4 @@ +--- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/apps/katib/upstream/components/db-manager/service.yaml b/apps/katib/upstream/components/db-manager/service.yaml index 427ec4b9ed..4c1c733f7c 100644 --- a/apps/katib/upstream/components/db-manager/service.yaml +++ b/apps/katib/upstream/components/db-manager/service.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Service metadata: diff --git a/apps/katib/upstream/components/mysql/kustomization.yaml b/apps/katib/upstream/components/mysql/kustomization.yaml index b937e0ca79..3843f3bb75 100644 --- a/apps/katib/upstream/components/mysql/kustomization.yaml +++ b/apps/katib/upstream/components/mysql/kustomization.yaml @@ -1,3 +1,4 @@ +--- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/apps/katib/upstream/components/mysql/mysql.yaml b/apps/katib/upstream/components/mysql/mysql.yaml index fb6c7cf097..5a8179f66b 100644 --- a/apps/katib/upstream/components/mysql/mysql.yaml +++ b/apps/katib/upstream/components/mysql/mysql.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -21,7 +22,7 @@ spec: spec: containers: - name: katib-mysql - image: mysql:8.0.26 + image: mysql:8.0.29 args: - --datadir - /var/lib/mysql/datadir @@ -44,7 +45,8 @@ spec: - "/bin/bash" - "-c" - "mysql -D ${MYSQL_DATABASE} -u root -p${MYSQL_ROOT_PASSWORD} -e 'SELECT 1'" - periodSeconds: 2 + initialDelaySeconds: 10 + periodSeconds: 5 failureThreshold: 10 livenessProbe: exec: @@ -52,7 +54,8 @@ spec: - "/bin/bash" - "-c" - "mysqladmin ping -u root -p${MYSQL_ROOT_PASSWORD}" - periodSeconds: 2 + initialDelaySeconds: 10 + periodSeconds: 5 failureThreshold: 10 startupProbe: exec: diff --git a/apps/katib/upstream/components/mysql/pvc.yaml b/apps/katib/upstream/components/mysql/pvc.yaml index da447fb82f..9249d8c6ea 100644 --- a/apps/katib/upstream/components/mysql/pvc.yaml +++ b/apps/katib/upstream/components/mysql/pvc.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: PersistentVolumeClaim metadata: diff --git a/apps/katib/upstream/components/mysql/secret.yaml b/apps/katib/upstream/components/mysql/secret.yaml index 74ac8bf96e..c0e32fa80b 100644 --- a/apps/katib/upstream/components/mysql/secret.yaml +++ b/apps/katib/upstream/components/mysql/secret.yaml @@ -1,7 +1,8 @@ +--- apiVersion: v1 kind: Secret type: Opaque metadata: name: katib-mysql-secrets data: - MYSQL_ROOT_PASSWORD: dGVzdA== # "test" + MYSQL_ROOT_PASSWORD: dGVzdA== # "test" diff --git a/apps/katib/upstream/components/mysql/service.yaml b/apps/katib/upstream/components/mysql/service.yaml index 9ce709a436..234d87f565 100644 --- a/apps/katib/upstream/components/mysql/service.yaml +++ b/apps/katib/upstream/components/mysql/service.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Service metadata: diff --git a/apps/katib/upstream/components/namespace/kustomization.yaml b/apps/katib/upstream/components/namespace/kustomization.yaml index b713790836..ba51550105 100644 --- a/apps/katib/upstream/components/namespace/kustomization.yaml +++ b/apps/katib/upstream/components/namespace/kustomization.yaml @@ -1,3 +1,4 @@ +--- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow diff --git a/apps/katib/upstream/components/namespace/namespace.yaml b/apps/katib/upstream/components/namespace/namespace.yaml index 49c379cd58..443752f9ef 100644 --- a/apps/katib/upstream/components/namespace/namespace.yaml +++ b/apps/katib/upstream/components/namespace/namespace.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Namespace metadata: diff --git a/apps/katib/upstream/components/ui/kustomization.yaml b/apps/katib/upstream/components/ui/kustomization.yaml index 84040d19a9..268215894f 100644 --- a/apps/katib/upstream/components/ui/kustomization.yaml +++ b/apps/katib/upstream/components/ui/kustomization.yaml @@ -1,3 +1,4 @@ +--- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/apps/katib/upstream/components/ui/rbac.yaml b/apps/katib/upstream/components/ui/rbac.yaml index aae4adb279..c549bf351d 100644 --- a/apps/katib/upstream/components/ui/rbac.yaml +++ b/apps/katib/upstream/components/ui/rbac.yaml @@ -1,3 +1,4 @@ +--- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: diff --git a/apps/katib/upstream/components/ui/service.yaml b/apps/katib/upstream/components/ui/service.yaml index 34b70decf7..387eca37ec 100644 --- a/apps/katib/upstream/components/ui/service.yaml +++ b/apps/katib/upstream/components/ui/service.yaml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Service metadata: diff --git a/apps/katib/upstream/components/ui/ui.yaml b/apps/katib/upstream/components/ui/ui.yaml index 6582db1d0e..4d07def4ba 100644 --- a/apps/katib/upstream/components/ui/ui.yaml +++ b/apps/katib/upstream/components/ui/ui.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/apps/katib/upstream/components/webhook/kustomization.yaml b/apps/katib/upstream/components/webhook/kustomization.yaml index d170bd37f8..36d137d8db 100644 --- a/apps/katib/upstream/components/webhook/kustomization.yaml +++ b/apps/katib/upstream/components/webhook/kustomization.yaml @@ -1,3 +1,4 @@ +--- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/apps/katib/upstream/components/webhook/webhooks.yaml b/apps/katib/upstream/components/webhook/webhooks.yaml index fb78517270..d9297340c7 100644 --- a/apps/katib/upstream/components/webhook/webhooks.yaml +++ b/apps/katib/upstream/components/webhook/webhooks.yaml @@ -1,3 +1,4 @@ +--- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: diff --git a/apps/katib/upstream/installs/katib-cert-manager/certificate.yaml b/apps/katib/upstream/installs/katib-cert-manager/certificate.yaml index 332c4d8c77..cdd7b41b52 100644 --- a/apps/katib/upstream/installs/katib-cert-manager/certificate.yaml +++ b/apps/katib/upstream/installs/katib-cert-manager/certificate.yaml @@ -1,3 +1,4 @@ +--- apiVersion: cert-manager.io/v1 kind: Certificate metadata: diff --git a/apps/katib/upstream/installs/katib-cert-manager/kustomization.yaml b/apps/katib/upstream/installs/katib-cert-manager/kustomization.yaml index c1c45ac9d8..b5cf0d2470 100644 --- a/apps/katib/upstream/installs/katib-cert-manager/kustomization.yaml +++ b/apps/katib/upstream/installs/katib-cert-manager/kustomization.yaml @@ -1,3 +1,4 @@ +--- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow @@ -21,13 +22,13 @@ resources: images: - name: docker.io/kubeflowkatib/katib-controller newName: docker.io/kubeflowkatib/katib-controller - newTag: v0.13.0 + newTag: v0.14.0-rc.0 - name: docker.io/kubeflowkatib/katib-db-manager newName: docker.io/kubeflowkatib/katib-db-manager - newTag: v0.13.0 + newTag: v0.14.0-rc.0 - name: docker.io/kubeflowkatib/katib-ui newName: docker.io/kubeflowkatib/katib-ui - newTag: v0.13.0 + newTag: v0.14.0-rc.0 patchesStrategicMerge: - patches/katib-cert-injection.yaml diff --git a/apps/katib/upstream/installs/katib-cert-manager/params.yaml b/apps/katib/upstream/installs/katib-cert-manager/params.yaml index 46ddeee238..246d79ae24 100644 --- a/apps/katib/upstream/installs/katib-cert-manager/params.yaml +++ b/apps/katib/upstream/installs/katib-cert-manager/params.yaml @@ -1,3 +1,4 @@ +--- varReference: - path: spec/commonName kind: Certificate diff --git a/apps/katib/upstream/installs/katib-cert-manager/patches/katib-cert-injection.yaml b/apps/katib/upstream/installs/katib-cert-manager/patches/katib-cert-injection.yaml index 133c6bccef..ec259194e0 100644 --- a/apps/katib/upstream/installs/katib-cert-manager/patches/katib-cert-injection.yaml +++ b/apps/katib/upstream/installs/katib-cert-manager/patches/katib-cert-injection.yaml @@ -1,3 +1,4 @@ +--- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: diff --git a/apps/katib/upstream/installs/katib-external-db/kustomization.yaml b/apps/katib/upstream/installs/katib-external-db/kustomization.yaml index f43dccaf77..43644ff60a 100644 --- a/apps/katib/upstream/installs/katib-external-db/kustomization.yaml +++ b/apps/katib/upstream/installs/katib-external-db/kustomization.yaml @@ -1,3 +1,4 @@ +--- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow @@ -19,16 +20,16 @@ resources: images: - name: docker.io/kubeflowkatib/katib-controller newName: docker.io/kubeflowkatib/katib-controller - newTag: v0.13.0 + newTag: v0.14.0-rc.0 - name: docker.io/kubeflowkatib/katib-db-manager newName: docker.io/kubeflowkatib/katib-db-manager - newTag: v0.13.0 + newTag: v0.14.0-rc.0 - name: docker.io/kubeflowkatib/katib-ui newName: docker.io/kubeflowkatib/katib-ui - newTag: v0.13.0 + newTag: v0.14.0-rc.0 - name: docker.io/kubeflowkatib/cert-generator newName: docker.io/kubeflowkatib/cert-generator - newTag: v0.13.0 + newTag: v0.14.0-rc.0 patchesStrategicMerge: - patches/db-manager.yaml # Modify katib-mysql-secrets with parameters for the DB. diff --git a/apps/katib/upstream/installs/katib-external-db/patches/db-manager.yaml b/apps/katib/upstream/installs/katib-external-db/patches/db-manager.yaml index da37112ace..54da0d4127 100644 --- a/apps/katib/upstream/installs/katib-external-db/patches/db-manager.yaml +++ b/apps/katib/upstream/installs/katib-external-db/patches/db-manager.yaml @@ -1,3 +1,4 @@ +--- apiVersion: apps/v1 kind: Deployment metadata: diff --git a/apps/katib/upstream/installs/katib-leader-election/kustomization.yaml b/apps/katib/upstream/installs/katib-leader-election/kustomization.yaml index d0bfa3dc0b..ce21834cc5 100644 --- a/apps/katib/upstream/installs/katib-leader-election/kustomization.yaml +++ b/apps/katib/upstream/installs/katib-leader-election/kustomization.yaml @@ -1,3 +1,4 @@ +--- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow diff --git a/apps/katib/upstream/installs/katib-leader-election/leader-election-rbac.yaml b/apps/katib/upstream/installs/katib-leader-election/leader-election-rbac.yaml index a0323a0116..645187bb12 100644 --- a/apps/katib/upstream/installs/katib-leader-election/leader-election-rbac.yaml +++ b/apps/katib/upstream/installs/katib-leader-election/leader-election-rbac.yaml @@ -1,3 +1,4 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: diff --git a/apps/katib/upstream/installs/katib-leader-election/patches/controller.yaml b/apps/katib/upstream/installs/katib-leader-election/patches/controller.yaml index 9e2c9c1df6..4e5839e297 100644 --- a/apps/katib/upstream/installs/katib-leader-election/patches/controller.yaml +++ b/apps/katib/upstream/installs/katib-leader-election/patches/controller.yaml @@ -1,3 +1,4 @@ +--- - op: add path: /spec/template/spec/containers/0/args/- value: "--enable-leader-election" diff --git a/apps/katib/upstream/installs/katib-openshift/kustomization.yaml b/apps/katib/upstream/installs/katib-openshift/kustomization.yaml index 7ad2aa577d..fd913980d4 100644 --- a/apps/katib/upstream/installs/katib-openshift/kustomization.yaml +++ b/apps/katib/upstream/installs/katib-openshift/kustomization.yaml @@ -30,13 +30,13 @@ resources: images: - name: docker.io/kubeflowkatib/katib-controller newName: docker.io/kubeflowkatib/katib-controller - newTag: v0.13.0 + newTag: v0.14.0-rc.0 - name: docker.io/kubeflowkatib/katib-db-manager newName: docker.io/kubeflowkatib/katib-db-manager - newTag: v0.13.0 + newTag: v0.14.0-rc.0 - name: docker.io/kubeflowkatib/katib-ui newName: docker.io/kubeflowkatib/katib-ui - newTag: v0.13.0 + newTag: v0.14.0-rc.0 patchesJson6902: # Annotate Service to delegate TLS-secret generation to OpenShift service controller diff --git a/apps/katib/upstream/installs/katib-openshift/patches/service-serving-cert.yaml b/apps/katib/upstream/installs/katib-openshift/patches/service-serving-cert.yaml index 264e12de0f..2b6c88b2ed 100644 --- a/apps/katib/upstream/installs/katib-openshift/patches/service-serving-cert.yaml +++ b/apps/katib/upstream/installs/katib-openshift/patches/service-serving-cert.yaml @@ -1,3 +1,4 @@ +--- - op: "add" path: "/metadata/annotations/service.beta.openshift.io~1serving-cert-secret-name" value: katib-webhook-cert diff --git a/apps/katib/upstream/installs/katib-openshift/patches/webhook-inject-cabundle.yaml b/apps/katib/upstream/installs/katib-openshift/patches/webhook-inject-cabundle.yaml index e72fb6276f..8f3833a5bf 100644 --- a/apps/katib/upstream/installs/katib-openshift/patches/webhook-inject-cabundle.yaml +++ b/apps/katib/upstream/installs/katib-openshift/patches/webhook-inject-cabundle.yaml @@ -1,3 +1,4 @@ +--- - op: "add" path: "/metadata/annotations" value: diff --git a/apps/katib/upstream/installs/katib-standalone/kustomization.yaml b/apps/katib/upstream/installs/katib-standalone/kustomization.yaml index 2559144b67..6ec2269afe 100644 --- a/apps/katib/upstream/installs/katib-standalone/kustomization.yaml +++ b/apps/katib/upstream/installs/katib-standalone/kustomization.yaml @@ -1,3 +1,4 @@ +--- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow @@ -21,13 +22,13 @@ resources: images: - name: docker.io/kubeflowkatib/katib-controller newName: docker.io/kubeflowkatib/katib-controller - newTag: v0.13.0 + newTag: v0.14.0-rc.0 - name: docker.io/kubeflowkatib/katib-db-manager newName: docker.io/kubeflowkatib/katib-db-manager - newTag: v0.13.0 + newTag: v0.14.0-rc.0 - name: docker.io/kubeflowkatib/katib-ui newName: docker.io/kubeflowkatib/katib-ui - newTag: v0.13.0 + newTag: v0.14.0-rc.0 - name: docker.io/kubeflowkatib/cert-generator newName: docker.io/kubeflowkatib/cert-generator - newTag: v0.13.0 + newTag: v0.14.0-rc.0 diff --git a/apps/katib/upstream/installs/katib-with-kubeflow/kubeflow-katib-roles.yaml b/apps/katib/upstream/installs/katib-with-kubeflow/kubeflow-katib-roles.yaml index 9cdad588e0..6394146705 100644 --- a/apps/katib/upstream/installs/katib-with-kubeflow/kubeflow-katib-roles.yaml +++ b/apps/katib/upstream/installs/katib-with-kubeflow/kubeflow-katib-roles.yaml @@ -1,3 +1,4 @@ +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/apps/katib/upstream/installs/katib-with-kubeflow/kustomization.yaml b/apps/katib/upstream/installs/katib-with-kubeflow/kustomization.yaml index 7e5b19d15a..f10c361565 100644 --- a/apps/katib/upstream/installs/katib-with-kubeflow/kustomization.yaml +++ b/apps/katib/upstream/installs/katib-with-kubeflow/kustomization.yaml @@ -1,3 +1,4 @@ +--- apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow @@ -9,13 +10,13 @@ resources: images: - name: docker.io/kubeflowkatib/katib-controller newName: docker.io/kubeflowkatib/katib-controller - newTag: v0.13.0 + newTag: v0.14.0-rc.0 - name: docker.io/kubeflowkatib/katib-db-manager newName: docker.io/kubeflowkatib/katib-db-manager - newTag: v0.13.0 + newTag: v0.14.0-rc.0 - name: docker.io/kubeflowkatib/katib-ui newName: docker.io/kubeflowkatib/katib-ui - newTag: v0.13.0 + newTag: v0.14.0-rc.0 patchesStrategicMerge: - patches/remove-namespace.yaml diff --git a/apps/katib/upstream/installs/katib-with-kubeflow/params.yaml b/apps/katib/upstream/installs/katib-with-kubeflow/params.yaml index fbb4348760..360f60f24f 100644 --- a/apps/katib/upstream/installs/katib-with-kubeflow/params.yaml +++ b/apps/katib/upstream/installs/katib-with-kubeflow/params.yaml @@ -1,3 +1,4 @@ +--- varReference: - path: spec/http/route/destination/host kind: VirtualService diff --git a/apps/katib/upstream/installs/katib-with-kubeflow/patches/remove-namespace.yaml b/apps/katib/upstream/installs/katib-with-kubeflow/patches/remove-namespace.yaml index 215f875cf0..9ea29586c6 100644 --- a/apps/katib/upstream/installs/katib-with-kubeflow/patches/remove-namespace.yaml +++ b/apps/katib/upstream/installs/katib-with-kubeflow/patches/remove-namespace.yaml @@ -1,3 +1,4 @@ +--- $patch: delete apiVersion: v1 kind: Namespace diff --git a/apps/katib/upstream/installs/katib-with-kubeflow/ui-virtual-service.yaml b/apps/katib/upstream/installs/katib-with-kubeflow/ui-virtual-service.yaml index d42b2568bd..4ed0f3d1b5 100644 --- a/apps/katib/upstream/installs/katib-with-kubeflow/ui-virtual-service.yaml +++ b/apps/katib/upstream/installs/katib-with-kubeflow/ui-virtual-service.yaml @@ -1,3 +1,4 @@ +--- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: diff --git a/apps/kfp-tekton/upstream/Makefile b/apps/kfp-tekton/upstream/Makefile index e5dee10182..531757cade 100644 --- a/apps/kfp-tekton/upstream/Makefile +++ b/apps/kfp-tekton/upstream/Makefile @@ -18,12 +18,12 @@ platform-agnostic: FORCE kubectl kustomize env/platform-agnostic platform-agnostic-multi-user: FORCE - kustomize build --load_restrictor none env/platform-agnostic-multi-user + kustomize build --load-restrictor LoadRestrictionsNone env/platform-agnostic-multi-user plain: FORCE kubectl kustomize env/plain plain-multi-user: FORCE - kustomize build --load_restrictor none env/plain-multi-user + kustomize build --load-restrictor LoadRestrictionsNone env/plain-multi-user FORCE: ; diff --git a/apps/kfp-tekton/upstream/base/cache-deployer/kustomization.yaml b/apps/kfp-tekton/upstream/base/cache-deployer/kustomization.yaml index 5c9cbf5272..949fe6300d 100644 --- a/apps/kfp-tekton/upstream/base/cache-deployer/kustomization.yaml +++ b/apps/kfp-tekton/upstream/base/cache-deployer/kustomization.yaml @@ -10,4 +10,4 @@ commonLabels: app: cache-deployer images: - name: gcr.io/ml-pipeline/cache-deployer - newTag: 1.8.0-rc.3 + newTag: 1.8.1 diff --git a/apps/kfp-tekton/upstream/base/cache/kustomization.yaml b/apps/kfp-tekton/upstream/base/cache/kustomization.yaml index 56da98d8b3..8e3a0d7bfa 100644 --- a/apps/kfp-tekton/upstream/base/cache/kustomization.yaml +++ b/apps/kfp-tekton/upstream/base/cache/kustomization.yaml @@ -11,4 +11,4 @@ commonLabels: images: - name: gcr.io/ml-pipeline/cache-server newName: docker.io/aipipeline/cache-server - newTag: 1.1.1 + newTag: 1.2.1 diff --git a/apps/kfp-tekton/upstream/base/installs/generic/pipeline-install-config.yaml b/apps/kfp-tekton/upstream/base/installs/generic/pipeline-install-config.yaml index a5da598738..f9cf6d31d3 100644 --- a/apps/kfp-tekton/upstream/base/installs/generic/pipeline-install-config.yaml +++ b/apps/kfp-tekton/upstream/base/installs/generic/pipeline-install-config.yaml @@ -11,7 +11,7 @@ data: until the changes take effect. A quick way to restart all deployments in a namespace: `kubectl rollout restart deployment -n `. appName: pipeline - appVersion: 1.7.0 + appVersion: 1.8.1 dbHost: mysql dbPort: "3306" mlmdDb: metadb @@ -68,7 +68,10 @@ data: ## any node and avoid defaulting to specific nodes. Allowed values are: ## 'false' and 'true'. cacheNodeRestrictions: "false" - ## ConMaxLifeTimeSec will set the connection max lifetime for MySQL + ## ConMaxLifeTime will set the connection max lifetime for MySQL ## this is very important to setup when using external databases. ## See this issue for more details: https://github.com/kubeflow/pipelines/issues/5329 - ConMaxLifeTimeSec: "120" + ## Note: this value should be a string that can be parsed by `time.ParseDuration`. + ## If this value doesn't include a unit abbreviation, the units will be assumed + ## to be nanoseconds. + ConMaxLifeTime: "120s" diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/composite-controller.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/composite-controller.yaml index 251c84b0eb..d736c08bca 100644 --- a/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/composite-controller.yaml +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/composite-controller.yaml @@ -1,10 +1,12 @@ +# Change resyncPeriodSeconds to 1 hour from insane 20 seconds +# Only sync namespaces with pipelines.kubeflow.org/enabled = "true" apiVersion: metacontroller.k8s.io/v1alpha1 kind: CompositeController metadata: name: kubeflow-pipelines-profile-controller spec: generateSelector: true - resyncPeriodSeconds: 10 + resyncPeriodSeconds: 3600 parentResource: apiVersion: v1 resource: namespaces diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/sync.py b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/sync.py index a1339cb734..7caecb8ee3 100644 --- a/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/sync.py +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/pipelines-profile-controller/sync.py @@ -299,6 +299,26 @@ def sync(self, parent, children): "ports": [{ "containerPort": 3000 }], + "env": [ + { + "name": "MINIO_ACCESS_KEY", + "valueFrom": { + "secretKeyRef": { + "key": "accesskey", + "name": "mlpipeline-minio-artifact" + } + } + }, + { + "name": "MINIO_SECRET_KEY", + "valueFrom": { + "secretKeyRef": { + "key": "secretkey", + "name": "mlpipeline-minio-artifact" + } + } + } + ], "resources": { "requests": { "cpu": "10m", diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/view-edit-cluster-roles.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/view-edit-cluster-roles.yaml index 49bfe111b8..626e005a94 100644 --- a/apps/kfp-tekton/upstream/base/installs/multi-user/view-edit-cluster-roles.yaml +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/view-edit-cluster-roles.yaml @@ -78,6 +78,23 @@ rules: - delete - disable - enable +- apiGroups: + - kubeflow.org + verbs: + - '*' + resources: + - scheduledworkflows +- apiGroups: + - argoproj.io + verbs: + - '*' + resources: + - cronworkflows + - cronworkflows/finalizers + - workflows + - workflows/finalizers + - workfloweventbindings + - workflowtemplates --- diff --git a/apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/cluster-role.yaml b/apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/cluster-role.yaml index e2bca79710..9e9b68a2c4 100644 --- a/apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/cluster-role.yaml +++ b/apps/kfp-tekton/upstream/base/installs/multi-user/viewer-controller/cluster-role.yaml @@ -20,6 +20,7 @@ rules: - kubeflow.org resources: - viewers + - viewers/finalizers verbs: - create - get diff --git a/apps/kfp-tekton/upstream/base/metadata/base/kustomization.yaml b/apps/kfp-tekton/upstream/base/metadata/base/kustomization.yaml index 32b9b986bf..a621def5b3 100644 --- a/apps/kfp-tekton/upstream/base/metadata/base/kustomization.yaml +++ b/apps/kfp-tekton/upstream/base/metadata/base/kustomization.yaml @@ -9,4 +9,4 @@ resources: - metadata-grpc-sa.yaml images: - name: gcr.io/ml-pipeline/metadata-envoy - newTag: 1.7.0 + newTag: 1.8.1 diff --git a/apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-deployment.yaml b/apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-deployment.yaml index 5f9a036cd1..92dbd3d721 100644 --- a/apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-deployment.yaml +++ b/apps/kfp-tekton/upstream/base/metadata/base/metadata-grpc-deployment.yaml @@ -22,7 +22,7 @@ spec: # * .cloudbuild.yaml and .release.cloudbuild.yaml # * manifests/kustomize/base/metadata/base/metadata-grpc-deployment.yaml # * test/tag_for_hosted.sh - image: gcr.io/tfx-oss-public/ml_metadata_store_server:1.0.0 + image: gcr.io/tfx-oss-public/ml_metadata_store_server:1.5.0 env: - name: DBCONFIG_USER valueFrom: diff --git a/apps/kfp-tekton/upstream/base/pipeline/kustomization.yaml b/apps/kfp-tekton/upstream/base/pipeline/kustomization.yaml index 031df1fb40..52d43a533f 100644 --- a/apps/kfp-tekton/upstream/base/pipeline/kustomization.yaml +++ b/apps/kfp-tekton/upstream/base/pipeline/kustomization.yaml @@ -43,20 +43,20 @@ patchesStrategicMerge: images: - name: gcr.io/ml-pipeline/api-server newName: docker.io/aipipeline/api-server - newTag: 1.1.1 + newTag: 1.2.1 - name: gcr.io/ml-pipeline/persistenceagent newName: docker.io/aipipeline/persistenceagent - newTag: 1.1.1 + newTag: 1.2.1 - name: gcr.io/ml-pipeline/scheduledworkflow newName: docker.io/aipipeline/scheduledworkflow - newTag: 1.1.1 + newTag: 1.2.1 - name: gcr.io/ml-pipeline/frontend newName: docker.io/aipipeline/frontend - newTag: 1.1.1 + newTag: 1.2.1 - name: gcr.io/ml-pipeline/viewer-crd-controller - newTag: 1.7.0 + newTag: 1.8.1 - name: gcr.io/ml-pipeline/visualization-server - newTag: 1.7.0 + newTag: 1.8.1 - name: gcr.io/ml-pipeline/metadata-writer newName: docker.io/aipipeline/metadata-writer - newTag: 1.1.1 + newTag: 1.2.1 diff --git a/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/kustomization.yaml b/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/kustomization.yaml index 8fb4c30c64..5b49a9ffbf 100644 --- a/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/kustomization.yaml +++ b/apps/kfp-tekton/upstream/base/pipeline/metadata-writer/kustomization.yaml @@ -7,4 +7,4 @@ resources: - metadata-writer-sa.yaml images: - name: gcr.io/ml-pipeline/metadata-writer - newTag: 1.7.0 + newTag: 1.8.1 diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml index 30173faec6..2f87026e4d 100644 --- a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml @@ -58,11 +58,11 @@ spec: configMapKeyRef: name: pipeline-install-config key: dbPort - - name: DBCONFIG_CONMAXLIFETIMESEC + - name: DBCONFIG_CONMAXLIFETIME valueFrom: configMapKeyRef: name: pipeline-install-config - key: ConMaxLifeTimeSec + key: ConMaxLifeTime - name: OBJECTSTORECONFIG_ACCESSKEY valueFrom: secretKeyRef: diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml index 4ac2ba4ac9..51c4f857d6 100644 --- a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-apiserver-service.yaml @@ -2,6 +2,10 @@ apiVersion: v1 kind: Service metadata: name: ml-pipeline + annotations: + prometheus.io/port: "8888" + prometheus.io/scheme: http + prometheus.io/scrape: "true" spec: ports: - name: http diff --git a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-role.yaml b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-role.yaml index 73bf032fdd..fa3e321376 100644 --- a/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-role.yaml +++ b/apps/kfp-tekton/upstream/base/pipeline/ml-pipeline-viewer-crd-role.yaml @@ -20,6 +20,7 @@ rules: - kubeflow.org resources: - viewers + - viewers/finalizers verbs: - create - get diff --git a/apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml b/apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml index 10e1f6aafe..42d3bf1cbf 100644 --- a/apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml +++ b/apps/kfp-tekton/upstream/env/gcp/cloudsql-proxy/cloudsql-proxy-deployment.yaml @@ -16,7 +16,7 @@ spec: spec: serviceAccountName: kubeflow-pipelines-cloudsql-proxy containers: - - image: gcr.io/cloudsql-docker/gce-proxy:1.14 + - image: gcr.io/cloudsql-docker/gce-proxy:1.25.0 name: cloudsqlproxy env: - name: GCP_CLOUDSQL_INSTANCE_NAME @@ -27,6 +27,7 @@ spec: command: ["/cloud_sql_proxy", "-dir=/cloudsql", "-instances=$(GCP_CLOUDSQL_INSTANCE_NAME)=tcp:0.0.0.0:3306", + "-use_http_health_check", "term_timeout=10s"] # set term_timeout if require graceful handling of shutdown # NOTE: proxy will stop accepting new connections; only wait on existing connections @@ -36,6 +37,47 @@ spec: # (optional) add a preStop hook so that termination is delayed # this is required if your server still require new connections (e.g., connection pools) command: ['sleep', '10'] + # Liveness probe configuration is adviced by Cloud SQL Proxy examples: + # https://github.com/GoogleCloudPlatform/cloudsql-proxy/tree/main/examples/k8s-health-check + # For details, see https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ + livenessProbe: + httpGet: + path: /liveness + port: 8090 + # Number of seconds after the container has started before the first probe is scheduled. Defaults to 0. + # Not necessary when the startup probe is in use. + initialDelaySeconds: 0 + # Frequency of the probe. + periodSeconds: 60 + # Number of seconds after which the probe times out. + timeoutSeconds: 30 + # Number of times the probe is allowed to fail before the transition + # from healthy to failure state. + # + # If periodSeconds = 60, 5 tries will result in five minutes of + # checks. The proxy starts to refresh a certificate five minutes + # before its expiration. If those five minutes lapse without a + # successful refresh, the liveness probe will fail and the pod will be + # restarted. + failureThreshold: 5 + readinessProbe: + httpGet: + path: /readiness + port: 8090 + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 5 + # Number of times the probe must report success to transition from failure to healthy state. + # Defaults to 1 for readiness probe. + successThreshold: 1 + failureThreshold: 1 + startupProbe: + httpGet: + path: /startup + port: 8090 + periodSeconds: 1 + timeoutSeconds: 5 + failureThreshold: 20 ports: - name: mysql containerPort: 3306 diff --git a/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/kustomization.yaml b/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/kustomization.yaml index d25157b3bd..f9081522b4 100644 --- a/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/kustomization.yaml +++ b/apps/kfp-tekton/upstream/env/gcp/inverse-proxy/kustomization.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: gcr.io/ml-pipeline/inverse-proxy-agent - newTag: 1.7.0 + newTag: 1.8.1 resources: - proxy-configmap.yaml - proxy-deployment.yaml diff --git a/apps/kfp-tekton/upstream/env/plain-multi-user/kustomization.yaml b/apps/kfp-tekton/upstream/env/plain-multi-user/kustomization.yaml index 7246bf673c..05ca50c6de 100644 --- a/apps/kfp-tekton/upstream/env/plain-multi-user/kustomization.yaml +++ b/apps/kfp-tekton/upstream/env/plain-multi-user/kustomization.yaml @@ -10,6 +10,7 @@ bases: - ../../third-party/minio/base - ../../third-party/minio/options/istio - ../../third-party/metacontroller/base + - ../../third-party/kfp-csi-s3 # Identifier for application manager to apply ownerReference. # The ownerReference ensures the resources get garbage collected diff --git a/apps/kfp-tekton/upstream/env/platform-agnostic-multi-user-emissary/workflow-controller-configmap-patch.yaml b/apps/kfp-tekton/upstream/env/platform-agnostic-multi-user-emissary/workflow-controller-configmap-patch.yaml index 24303c0081..64d4b40220 100644 --- a/apps/kfp-tekton/upstream/env/platform-agnostic-multi-user-emissary/workflow-controller-configmap-patch.yaml +++ b/apps/kfp-tekton/upstream/env/platform-agnostic-multi-user-emissary/workflow-controller-configmap-patch.yaml @@ -4,9 +4,9 @@ metadata: name: workflow-controller-configmap data: # References: - # * https://github.com/argoproj/argo-workflows/blob/v3.1.6/config/config.go - # * https://github.com/argoproj/argo-workflows/blob/v3.1.6/docs/workflow-controller-configmap.md - # * https://github.com/argoproj/argo-workflows/blob/v3.1.6/docs/workflow-controller-configmap.yaml + # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/config/config.go + # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/docs/workflow-controller-configmap.md + # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/docs/workflow-controller-configmap.yaml # Emissary Executor: https://argoproj.github.io/argo-workflows/workflow-executors/#emissary-emissary containerRuntimeExecutor: emissary diff --git a/apps/kfp-tekton/upstream/third-party/application/cluster-scoped/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/application/cluster-scoped/kustomization.yaml index 0fc4e0bb3f..f54a41c981 100644 --- a/apps/kfp-tekton/upstream/third-party/application/cluster-scoped/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/application/cluster-scoped/kustomization.yaml @@ -2,3 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - application-crd.yaml + +# Update application CRD: +# Copy the upstream file to application-crd.yaml of the current folder. +# Upstream file: https://github.com/kubernetes-sigs/application/blob/master/config/crd/bases/app.k8s.io_applications.yaml +# Keep label controller-tools.k8s.io. \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/argo/.krmignore b/apps/kfp-tekton/upstream/third-party/argo/.krmignore new file mode 100644 index 0000000000..045951300c --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/.krmignore @@ -0,0 +1 @@ +upstream diff --git a/apps/kfp-tekton/upstream/third-party/argo/Kptfile b/apps/kfp-tekton/upstream/third-party/argo/Kptfile new file mode 100644 index 0000000000..bf0baf9863 --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/Kptfile @@ -0,0 +1,6 @@ +apiVersion: kpt.dev/v1 +kind: Kptfile +metadata: + name: argo +info: + description: argo Kptfile in order to ignore upstream/ folder. diff --git a/apps/kfp-tekton/upstream/third-party/argo/README.md b/apps/kfp-tekton/upstream/third-party/argo/README.md index 7796219572..c46225b89b 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/README.md +++ b/apps/kfp-tekton/upstream/third-party/argo/README.md @@ -20,6 +20,10 @@ Refer to [third_party/argo/README.md](../../../../third_party/argo/README.md). ### Upgrade argo manifests +Requirement: + +Use kpt version above 1.0.0-beta.6, refer to [kpt installation](https://kpt.dev/installation/) for downloading kpt. + As one step of above, we need to upgrade argo manifests in this folder. 1. Run: @@ -29,5 +33,3 @@ As one step of above, we need to upgrade argo manifests in this folder. ``` Note, argo version is pulled from [third_party/argo/VERSION](../../../../third_party/argo/VERSION). Edit the VERSION file first. - -2. Manually edit [YAML patches](upstream/manifests/namespace-install/overlays) to JSON patches, because YAML patches confuses kpt, refer to [#5368](https://github.com/kubeflow/pipelines/issues/5368). diff --git a/apps/kfp-tekton/upstream/third-party/argo/base/workflow-controller-configmap-patch.yaml b/apps/kfp-tekton/upstream/third-party/argo/base/workflow-controller-configmap-patch.yaml index 51962aa60e..654b98b713 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/base/workflow-controller-configmap-patch.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/base/workflow-controller-configmap-patch.yaml @@ -4,12 +4,12 @@ metadata: name: workflow-controller-configmap data: # References: - # * https://github.com/argoproj/argo-workflows/blob/v3.1.6/config/config.go - # * https://github.com/argoproj/argo-workflows/blob/v3.1.6/docs/workflow-controller-configmap.md - # * https://github.com/argoproj/argo-workflows/blob/v3.1.6/docs/workflow-controller-configmap.yaml + # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/config/config.go + # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/docs/workflow-controller-configmap.md + # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/docs/workflow-controller-configmap.yaml # emissary executor is a more portable default, see https://github.com/kubeflow/pipelines/issues/1654. - containerRuntimeExecutor: docker + containerRuntimeExecutor: emissary # In artifactRepository.s3.endpoint, $(kfp-namespace) is needed, because in multi-user mode, pipelines may run in other namespaces. artifactRepository: | diff --git a/apps/kfp-tekton/upstream/third-party/argo/base/workflow-controller-deployment-patch.yaml b/apps/kfp-tekton/upstream/third-party/argo/base/workflow-controller-deployment-patch.yaml index c5bfa82142..2efbeb1f8f 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/base/workflow-controller-deployment-patch.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/base/workflow-controller-deployment-patch.yaml @@ -7,12 +7,12 @@ spec: spec: containers: - name: workflow-controller - image: gcr.io/ml-pipeline/workflow-controller:v3.1.6-patch-license-compliance + image: gcr.io/ml-pipeline/workflow-controller:v3.2.3-license-compliance args: - --configmap - workflow-controller-configmap - --executor-image - - gcr.io/ml-pipeline/argoexec:v3.1.6-patch-license-compliance + - gcr.io/ml-pipeline/argoexec:v3.2.3-license-compliance resources: requests: cpu: 100m diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/Kptfile b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/Kptfile index 5dd50819bb..9f7d43c895 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/Kptfile +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/Kptfile @@ -1,11 +1,18 @@ -apiVersion: kpt.dev/v1alpha1 +apiVersion: kpt.dev/v1 kind: Kptfile metadata: name: manifests upstream: type: git git: - commit: a245fe67db56d2808fb78c6079d08404cbee91aa repo: https://github.com/argoproj/argo-workflows directory: /manifests - ref: v3.1.1 + ref: v3.2.3 + updateStrategy: resource-merge +upstreamLock: + type: git + git: + repo: https://github.com/argoproj/argo-workflows + directory: /manifests + ref: v3.2.3 + commit: e5dc961b7846efe0fe36ab3a0964180eaedd2672 diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-deployment.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-deployment.yaml index d01698af53..b1f16b8d5a 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-deployment.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-deployment.yaml @@ -1,6 +1,6 @@ apiVersion: apps/v1 kind: Deployment -metadata: +metadata: # kpt-merge: /argo-server name: argo-server spec: selector: @@ -14,12 +14,12 @@ spec: serviceAccountName: argo-server containers: - name: argo-server - image: docker.io/argoproj/argocli:latest + image: quay.io/argoproj/argocli:latest securityContext: capabilities: drop: - ALL - args: [ server ] + args: [server] ports: - name: web containerPort: 2746 @@ -35,7 +35,7 @@ spec: name: tmp volumes: - name: tmp - emptyDir: { } + emptyDir: {} securityContext: runAsNonRoot: true nodeSelector: diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-sa.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-sa.yaml index 1d07b8da9e..0f5cab2bc0 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-sa.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-sa.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: ServiceAccount -metadata: +metadata: # kpt-merge: /argo-server name: argo-server diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-service.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-service.yaml index 0c6e58d30e..6c2207ac38 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-service.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-service.yaml @@ -1,6 +1,6 @@ apiVersion: v1 kind: Service -metadata: +metadata: # kpt-merge: /argo-server name: argo-server spec: selector: diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/kustomization.yaml index 3817bd729b..e17bc754ce 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/argo-server/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - argo-server-deployment.yaml - argo-server-sa.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_clusterworkflowtemplates.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_clusterworkflowtemplates.yaml index 31d1586b5f..3e833bb1a2 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_clusterworkflowtemplates.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_clusterworkflowtemplates.yaml @@ -1,7 +1,7 @@ # This is an auto-generated file. DO NOT EDIT apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: +metadata: # kpt-merge: /clusterworkflowtemplates.argoproj.io name: clusterworkflowtemplates.argoproj.io spec: group: argoproj.io @@ -153,6 +153,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -196,6 +219,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -237,6 +283,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -280,6 +349,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -292,6 +384,8 @@ spec: type: array type: object type: object + archiveLogs: + type: boolean arguments: properties: artifacts: @@ -577,6 +671,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -624,6 +738,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -877,6 +1002,8 @@ spec: maxDuration: type: string type: object + expression: + type: string limit: anyOf: - type: integer @@ -1107,6 +1234,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -1150,6 +1300,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -1191,6 +1364,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -1234,6 +1430,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -1498,6 +1717,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -1784,6 +2023,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1875,6 +2117,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2018,6 +2263,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2335,6 +2583,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2426,6 +2677,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2569,6 +2823,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2940,6 +3197,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -2987,6 +3264,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -3310,6 +3598,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -3357,6 +3665,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -3385,6 +3704,7 @@ spec: - template type: object type: object + inline: {} name: type: string onExit: @@ -3721,6 +4041,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -3782,6 +4122,45 @@ spec: type: string type: object type: array + http: + properties: + body: + type: string + headers: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + method: + type: string + timeoutSeconds: + format: int64 + type: integer + url: + type: string + required: + - url + type: object initContainers: items: properties: @@ -4042,6 +4421,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -4135,6 +4517,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -4278,6 +4663,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -4615,6 +5003,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -4662,6 +5070,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -5073,6 +5492,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -5122,6 +5561,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -5196,6 +5646,8 @@ spec: maxDuration: type: string type: object + expression: + type: string limit: anyOf: - type: integer @@ -5465,6 +5917,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -5556,6 +6011,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -5701,6 +6159,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6077,6 +6538,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6170,6 +6634,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6313,6 +6780,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6599,8 +7069,6 @@ spec: type: object ephemeral: properties: - readOnly: - type: boolean volumeClaimTemplate: properties: metadata: @@ -6950,8 +7418,6 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: properties: @@ -7218,27 +7684,73 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string type: array - topologyKey: - type: string - required: - - topologyKey + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: + namespaceSelector: properties: matchExpressions: items: @@ -7302,6 +7814,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -7345,6 +7880,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -7609,6 +8167,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -7895,6 +8473,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -7986,6 +8567,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8129,6 +8713,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8446,6 +9033,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8537,6 +9127,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8680,6 +9273,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -9051,6 +9647,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -9098,6 +9714,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -9421,6 +10048,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -9468,6 +10115,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -9496,6 +10154,7 @@ spec: - template type: object type: object + inline: {} name: type: string onExit: @@ -9832,6 +10491,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -9893,6 +10572,45 @@ spec: type: string type: object type: array + http: + properties: + body: + type: string + headers: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + method: + type: string + timeoutSeconds: + format: int64 + type: integer + url: + type: string + required: + - url + type: object initContainers: items: properties: @@ -10153,6 +10871,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -10246,6 +10967,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -10389,6 +11113,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -10726,6 +11453,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -10773,6 +11520,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -11184,6 +11942,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -11233,6 +12011,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -11307,6 +12096,8 @@ spec: maxDuration: type: string type: object + expression: + type: string limit: anyOf: - type: integer @@ -11576,6 +12367,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -11667,6 +12461,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -11812,6 +12609,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -12188,6 +12988,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -12281,6 +13084,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -12424,6 +13230,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -12710,8 +13519,6 @@ spec: type: object ephemeral: properties: - readOnly: - type: boolean volumeClaimTemplate: properties: metadata: @@ -13061,8 +13868,6 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: properties: @@ -13534,8 +14339,6 @@ spec: type: object ephemeral: properties: - readOnly: - type: boolean volumeClaimTemplate: properties: metadata: @@ -13885,8 +14688,6 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: properties: diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_cronworkflows.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_cronworkflows.yaml index 7956d040f3..cf9c144d7e 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_cronworkflows.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_cronworkflows.yaml @@ -1,7 +1,7 @@ # This is an auto-generated file. DO NOT EDIT apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: +metadata: # kpt-merge: /cronworkflows.argoproj.io name: cronworkflows.argoproj.io spec: group: argoproj.io @@ -174,6 +174,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -217,6 +240,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -258,6 +304,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -301,6 +370,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -313,6 +405,8 @@ spec: type: array type: object type: object + archiveLogs: + type: boolean arguments: properties: artifacts: @@ -598,6 +692,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -645,6 +759,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -898,6 +1023,8 @@ spec: maxDuration: type: string type: object + expression: + type: string limit: anyOf: - type: integer @@ -1128,6 +1255,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -1171,6 +1321,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -1212,6 +1385,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -1255,6 +1451,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -1519,6 +1738,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -1805,6 +2044,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1896,6 +2138,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2039,6 +2284,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2356,6 +2604,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2447,6 +2698,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2590,6 +2844,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2961,6 +3218,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -3008,6 +3285,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -3331,6 +3619,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -3378,6 +3686,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -3406,6 +3725,7 @@ spec: - template type: object type: object + inline: {} name: type: string onExit: @@ -3742,6 +4062,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -3803,6 +4143,45 @@ spec: type: string type: object type: array + http: + properties: + body: + type: string + headers: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + method: + type: string + timeoutSeconds: + format: int64 + type: integer + url: + type: string + required: + - url + type: object initContainers: items: properties: @@ -4063,6 +4442,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -4156,6 +4538,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -4299,6 +4684,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -4636,6 +5024,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -4683,6 +5091,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -5094,6 +5513,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -5143,6 +5582,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -5217,6 +5667,8 @@ spec: maxDuration: type: string type: object + expression: + type: string limit: anyOf: - type: integer @@ -5486,6 +5938,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -5577,6 +6032,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -5722,6 +6180,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6098,6 +6559,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6191,6 +6655,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6334,6 +6801,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6620,8 +7090,6 @@ spec: type: object ephemeral: properties: - readOnly: - type: boolean volumeClaimTemplate: properties: metadata: @@ -6971,8 +7439,6 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: properties: @@ -7239,27 +7705,73 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string type: array - topologyKey: - type: string - required: - - topologyKey + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: + namespaceSelector: properties: matchExpressions: items: @@ -7323,6 +7835,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -7366,6 +7901,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -7630,6 +8188,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -7916,6 +8494,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8007,6 +8588,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8150,6 +8734,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8467,6 +9054,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8558,6 +9148,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8701,6 +9294,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -9072,6 +9668,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -9119,6 +9735,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -9442,6 +10069,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -9489,6 +10136,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -9517,6 +10175,7 @@ spec: - template type: object type: object + inline: {} name: type: string onExit: @@ -9853,6 +10512,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -9914,6 +10593,45 @@ spec: type: string type: object type: array + http: + properties: + body: + type: string + headers: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + method: + type: string + timeoutSeconds: + format: int64 + type: integer + url: + type: string + required: + - url + type: object initContainers: items: properties: @@ -10174,6 +10892,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -10267,6 +10988,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -10410,6 +11134,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -10747,6 +11474,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -10794,6 +11541,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -11205,6 +11963,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -11254,6 +12032,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -11328,6 +12117,8 @@ spec: maxDuration: type: string type: object + expression: + type: string limit: anyOf: - type: integer @@ -11597,6 +12388,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -11688,6 +12482,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -11833,6 +12630,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -12209,6 +13009,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -12302,6 +13105,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -12445,6 +13251,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -12731,8 +13540,6 @@ spec: type: object ephemeral: properties: - readOnly: - type: boolean volumeClaimTemplate: properties: metadata: @@ -13082,8 +13889,6 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: properties: @@ -13555,8 +14360,6 @@ spec: type: object ephemeral: properties: - readOnly: - type: boolean volumeClaimTemplate: properties: metadata: @@ -13906,8 +14709,6 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: properties: diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workfloweventbindings.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workfloweventbindings.yaml index 11bef39e4d..18ef078678 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workfloweventbindings.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workfloweventbindings.yaml @@ -1,7 +1,7 @@ # This is an auto-generated file. DO NOT EDIT apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: +metadata: # kpt-merge: /workfloweventbindings.argoproj.io name: workfloweventbindings.argoproj.io spec: group: argoproj.io @@ -320,6 +320,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -367,6 +387,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflows.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflows.yaml index dbfe8979af..ff123591ef 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflows.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflows.yaml @@ -1,7 +1,7 @@ # This is an auto-generated file. DO NOT EDIT apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: +metadata: # kpt-merge: /workflows.argoproj.io name: workflows.argoproj.io spec: group: argoproj.io @@ -162,6 +162,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -205,6 +228,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -246,6 +292,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -289,6 +358,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -301,6 +393,8 @@ spec: type: array type: object type: object + archiveLogs: + type: boolean arguments: properties: artifacts: @@ -586,6 +680,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -633,6 +747,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -886,6 +1011,8 @@ spec: maxDuration: type: string type: object + expression: + type: string limit: anyOf: - type: integer @@ -1116,6 +1243,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -1159,6 +1309,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -1200,6 +1373,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -1243,6 +1439,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -1507,6 +1726,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -1793,6 +2032,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1884,6 +2126,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2027,6 +2272,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2344,6 +2592,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2435,6 +2686,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2578,6 +2832,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2949,6 +3206,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -2996,6 +3273,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -3319,6 +3607,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -3366,6 +3674,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -3394,6 +3713,7 @@ spec: - template type: object type: object + inline: {} name: type: string onExit: @@ -3730,6 +4050,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -3791,6 +4131,45 @@ spec: type: string type: object type: array + http: + properties: + body: + type: string + headers: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + method: + type: string + timeoutSeconds: + format: int64 + type: integer + url: + type: string + required: + - url + type: object initContainers: items: properties: @@ -4051,6 +4430,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -4144,6 +4526,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -4287,6 +4672,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -4624,6 +5012,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -4671,6 +5079,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -5082,6 +5501,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -5131,6 +5570,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -5205,6 +5655,8 @@ spec: maxDuration: type: string type: object + expression: + type: string limit: anyOf: - type: integer @@ -5474,6 +5926,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -5565,6 +6020,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -5710,6 +6168,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6086,6 +6547,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6179,6 +6643,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6322,6 +6789,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6608,8 +7078,6 @@ spec: type: object ephemeral: properties: - readOnly: - type: boolean volumeClaimTemplate: properties: metadata: @@ -6959,8 +7427,6 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: properties: @@ -7227,6 +7693,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -7270,6 +7759,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -7311,6 +7823,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -7354,6 +7889,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -7618,6 +8176,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -7904,6 +8482,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -7995,6 +8576,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8138,6 +8722,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8455,6 +9042,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8546,6 +9136,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8689,6 +9282,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -9060,6 +9656,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -9107,6 +9723,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -9430,6 +10057,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -9477,6 +10124,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -9505,6 +10163,7 @@ spec: - template type: object type: object + inline: {} name: type: string onExit: @@ -9841,6 +10500,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -9902,6 +10581,45 @@ spec: type: string type: object type: array + http: + properties: + body: + type: string + headers: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + method: + type: string + timeoutSeconds: + format: int64 + type: integer + url: + type: string + required: + - url + type: object initContainers: items: properties: @@ -10162,6 +10880,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -10255,6 +10976,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -10398,6 +11122,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -10735,6 +11462,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -10782,6 +11529,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -11193,6 +11951,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -11242,6 +12020,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -11316,6 +12105,8 @@ spec: maxDuration: type: string type: object + expression: + type: string limit: anyOf: - type: integer @@ -11585,6 +12376,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -11676,6 +12470,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -11821,6 +12618,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -12197,6 +12997,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -12290,6 +13093,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -12433,6 +13239,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -12719,8 +13528,6 @@ spec: type: object ephemeral: properties: - readOnly: - type: boolean volumeClaimTemplate: properties: metadata: @@ -13070,8 +13877,6 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: properties: @@ -13543,8 +14348,6 @@ spec: type: object ephemeral: properties: - readOnly: - type: boolean volumeClaimTemplate: properties: metadata: @@ -13894,8 +14697,6 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: properties: @@ -14042,6 +14843,218 @@ spec: properties: artifactRepositoryRef: properties: + artifactRepository: + properties: + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repoURL: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + gcs: + properties: + bucket: + type: string + keyFormat: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + pathFormat: + type: string + type: object + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + keyFormat: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + type: object + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + keyFormat: + type: string + keyPrefix: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + type: object configMap: type: string default: @@ -14378,6 +15391,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -14425,6 +15458,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -14753,6 +15797,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -14802,6 +15866,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -15153,6 +16228,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -15202,6 +16297,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -15411,8 +16517,6 @@ spec: type: object ephemeral: properties: - readOnly: - type: boolean volumeClaimTemplate: properties: metadata: @@ -15762,8 +16866,6 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: properties: @@ -16041,6 +17143,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -16084,6 +17209,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -16125,6 +17273,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -16168,6 +17339,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -16432,6 +17626,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -16718,6 +17932,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -16809,6 +18026,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -16952,6 +18172,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -17269,6 +18492,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -17360,6 +18586,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -17503,6 +18732,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -17874,6 +19106,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -17921,6 +19173,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -18244,6 +19507,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -18291,6 +19574,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -18319,6 +19613,7 @@ spec: - template type: object type: object + inline: {} name: type: string onExit: @@ -18655,6 +19950,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -18716,6 +20031,45 @@ spec: type: string type: object type: array + http: + properties: + body: + type: string + headers: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + method: + type: string + timeoutSeconds: + format: int64 + type: integer + url: + type: string + required: + - url + type: object initContainers: items: properties: @@ -18976,6 +20330,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -19069,6 +20426,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -19212,6 +20572,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -19549,6 +20912,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -19596,6 +20979,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -20007,6 +21401,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -20056,6 +21470,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -20130,6 +21555,8 @@ spec: maxDuration: type: string type: object + expression: + type: string limit: anyOf: - type: integer @@ -20399,6 +21826,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -20490,6 +21920,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -20635,6 +22068,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -21011,6 +22447,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -21104,6 +22543,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -21247,6 +22689,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -21533,8 +22978,6 @@ spec: type: object ephemeral: properties: - readOnly: - type: boolean volumeClaimTemplate: properties: metadata: @@ -21884,8 +23327,6 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: properties: @@ -22150,6 +23591,159 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -22193,68 +23787,7 @@ spec: type: string type: object type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: + namespaceSelector: properties: matchExpressions: items: @@ -22289,6 +23822,8 @@ spec: type: array type: object type: object + archiveLogs: + type: boolean arguments: properties: artifacts: @@ -22574,6 +24109,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -22621,6 +24176,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -22874,6 +24440,8 @@ spec: maxDuration: type: string type: object + expression: + type: string limit: anyOf: - type: integer @@ -23104,6 +24672,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -23147,6 +24738,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -23188,6 +24802,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -23231,6 +24868,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -23495,6 +25155,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -23781,6 +25461,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -23872,6 +25555,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -24015,6 +25701,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -24332,6 +26021,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -24423,6 +26115,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -24566,6 +26261,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -24937,6 +26635,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -24984,6 +26702,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -25307,6 +27036,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -25354,6 +27103,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -25382,6 +27142,7 @@ spec: - template type: object type: object + inline: {} name: type: string onExit: @@ -25718,6 +27479,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -25779,6 +27560,45 @@ spec: type: string type: object type: array + http: + properties: + body: + type: string + headers: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + method: + type: string + timeoutSeconds: + format: int64 + type: integer + url: + type: string + required: + - url + type: object initContainers: items: properties: @@ -26039,6 +27859,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -26132,6 +27955,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -26275,6 +28101,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -26612,6 +28441,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -26659,6 +28508,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -27070,6 +28930,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -27119,6 +28999,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -27193,6 +29084,8 @@ spec: maxDuration: type: string type: object + expression: + type: string limit: anyOf: - type: integer @@ -27462,6 +29355,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -27553,6 +29449,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -27698,6 +29597,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -28074,6 +29976,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -28167,6 +30072,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -28310,6 +30218,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -28596,8 +30507,6 @@ spec: type: object ephemeral: properties: - readOnly: - type: boolean volumeClaimTemplate: properties: metadata: @@ -28947,8 +30856,6 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: properties: @@ -29215,6 +31122,159 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -29258,68 +31318,7 @@ spec: type: string type: object type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: + namespaceSelector: properties: matchExpressions: items: @@ -29606,6 +31605,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -29892,6 +31911,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -29983,6 +32005,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -30126,6 +32151,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -30443,6 +32471,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -30534,6 +32565,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -30677,6 +32711,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -31048,6 +33085,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -31095,6 +33152,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -31418,6 +33486,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -31465,6 +33553,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -31493,6 +33592,7 @@ spec: - template type: object type: object + inline: {} name: type: string onExit: @@ -31829,6 +33929,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -31890,6 +34010,45 @@ spec: type: string type: object type: array + http: + properties: + body: + type: string + headers: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + method: + type: string + timeoutSeconds: + format: int64 + type: integer + url: + type: string + required: + - url + type: object initContainers: items: properties: @@ -32150,6 +34309,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -32243,6 +34405,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -32386,6 +34551,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -32723,6 +34891,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -32770,6 +34958,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -33181,6 +35380,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -33230,6 +35449,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -33304,6 +35534,8 @@ spec: maxDuration: type: string type: object + expression: + type: string limit: anyOf: - type: integer @@ -33573,6 +35805,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -33664,6 +35899,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -33809,6 +36047,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -34185,6 +36426,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -34278,6 +36522,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -34421,6 +36668,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -34707,8 +36957,6 @@ spec: type: object ephemeral: properties: - readOnly: - type: boolean volumeClaimTemplate: properties: metadata: @@ -35058,8 +37306,6 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: properties: @@ -35531,8 +37777,6 @@ spec: type: object ephemeral: properties: - readOnly: - type: boolean volumeClaimTemplate: properties: metadata: @@ -35882,8 +38126,6 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: properties: diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtasksets.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtasksets.yaml new file mode 100644 index 0000000000..627eb7681d --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtasksets.yaml @@ -0,0 +1,6887 @@ +# This is an auto-generated file. DO NOT EDIT +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: # kpt-merge: /workflowtasksets.argoproj.io + name: workflowtasksets.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTaskSet + listKind: WorkflowTaskSetList + plural: workflowtasksets + shortNames: + - wfts + singular: workflowtaskset + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + tasks: + additionalProperties: + properties: + activeDeadlineSeconds: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + archiveLocation: + properties: + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + raw: + properties: + data: + type: string + required: + - data + type: object + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + type: object + automountServiceAccountToken: + type: boolean + container: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + containerSet: + properties: + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + dependencies: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + required: + - containers + type: object + daemon: + type: boolean + dag: + properties: + failFast: + type: boolean + target: + type: string + tasks: + items: + properties: + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + continueOn: + properties: + error: + type: boolean + failed: + type: boolean + type: object + dependencies: + items: + type: string + type: array + depends: + type: string + hooks: + additionalProperties: + properties: + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + template: + type: string + required: + - template + type: object + type: object + inline: {} + name: + type: string + onExit: + type: string + template: + type: string + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + template: + type: string + type: object + when: + type: string + withItems: + items: + type: object + type: array + withParam: + type: string + withSequence: + properties: + count: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + end: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + format: + type: string + start: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + required: + - name + type: object + type: array + required: + - tasks + type: object + data: + properties: + source: + properties: + artifactPaths: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: object + transformation: + items: + properties: + expression: + type: string + required: + - expression + type: object + type: array + required: + - source + - transformation + type: object + executor: + properties: + serviceAccountName: + type: string + type: object + failFast: + type: boolean + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + http: + properties: + body: + type: string + headers: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + method: + type: string + timeoutSeconds: + format: int64 + type: integer + url: + type: string + required: + - url + type: object + initContainers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + mirrorVolumeMounts: + type: boolean + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + inputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + memoize: + properties: + cache: + properties: + configMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - configMap + type: object + key: + type: string + maxAge: + type: string + required: + - cache + - key + - maxAge + type: object + metadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + metrics: + properties: + prometheus: + items: + properties: + counter: + properties: + value: + type: string + required: + - value + type: object + gauge: + properties: + realtime: + type: boolean + value: + type: string + required: + - realtime + - value + type: object + help: + type: string + histogram: + properties: + buckets: + items: + type: number + type: array + value: + type: string + required: + - buckets + - value + type: object + labels: + items: + properties: + key: + type: string + value: + type: string + required: + - key + - value + type: object + type: array + name: + type: string + when: + type: string + required: + - help + - name + type: object + type: array + required: + - prometheus + type: object + name: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + outputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + exitCode: + type: string + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + result: + type: string + type: object + parallelism: + format: int64 + type: integer + podSpecPatch: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + resource: + properties: + action: + type: string + failureCondition: + type: string + flags: + items: + type: string + type: array + manifest: + type: string + mergeStrategy: + type: string + setOwnerReference: + type: boolean + successCondition: + type: string + required: + - action + type: object + retryStrategy: + properties: + affinity: + properties: + nodeAntiAffinity: + type: object + type: object + backoff: + properties: + duration: + type: string + factor: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + maxDuration: + type: string + type: object + expression: + type: string + limit: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + retryPolicy: + type: string + type: object + schedulerName: + type: string + script: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + source: + type: string + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + - source + type: object + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + serviceAccountName: + type: string + sidecars: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + mirrorVolumeMounts: + type: boolean + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + required: + - name + type: object + type: array + steps: + items: + type: array + type: array + suspend: + properties: + duration: + type: string + type: object + synchronization: + properties: + mutex: + properties: + name: + type: string + type: object + semaphore: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + type: object + timeout: + type: string + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object + required: + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object + type: object + fc: + properties: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: + items: + type: string + type: array + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver + type: object + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + pdName: + type: string + readOnly: + type: boolean + required: + - pdName + type: object + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: + type: string + nfs: + properties: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: + items: + properties: + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object + type: object + type: array + type: object + quobyte: + properties: + group: + type: string + readOnly: + type: boolean + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume + type: object + rbd: + properties: + fsType: + type: string + image: + type: string + keyring: + type: string + monitors: + items: + type: string + type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors + type: object + scaleIO: + properties: + fsType: + type: string + gateway: + type: string + protectionDomain: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: + type: string + required: + - gateway + - secretRef + - system + type: object + secret: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: + type: string + type: object + storageos: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string + type: object + vsphereVolume: + properties: + fsType: + type: string + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + type: object + type: object + status: + properties: + nodes: + additionalProperties: + properties: + message: + type: string + outputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + exitCode: + type: string + parameters: + items: + properties: + default: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + result: + type: string + type: object + phase: + type: string + type: object + type: object + type: object + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtemplates.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtemplates.yaml index b5662e7c54..409389e0d3 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtemplates.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtemplates.yaml @@ -1,7 +1,7 @@ # This is an auto-generated file. DO NOT EDIT apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: +metadata: # kpt-merge: /workflowtemplates.argoproj.io name: workflowtemplates.argoproj.io spec: group: argoproj.io @@ -152,6 +152,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -195,6 +218,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -236,6 +282,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -279,6 +348,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -291,6 +383,8 @@ spec: type: array type: object type: object + archiveLogs: + type: boolean arguments: properties: artifacts: @@ -576,6 +670,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -623,6 +737,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -876,6 +1001,8 @@ spec: maxDuration: type: string type: object + expression: + type: string limit: anyOf: - type: integer @@ -1106,6 +1233,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -1149,6 +1299,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -1190,6 +1363,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -1233,6 +1429,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -1497,6 +1716,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -1783,6 +2022,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1874,6 +2116,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2017,6 +2262,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2334,6 +2582,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2425,6 +2676,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2568,6 +2822,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -2939,6 +3196,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -2986,6 +3263,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -3309,6 +3597,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -3356,6 +3664,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -3384,6 +3703,7 @@ spec: - template type: object type: object + inline: {} name: type: string onExit: @@ -3720,6 +4040,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -3781,6 +4121,45 @@ spec: type: string type: object type: array + http: + properties: + body: + type: string + headers: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + method: + type: string + timeoutSeconds: + format: int64 + type: integer + url: + type: string + required: + - url + type: object initContainers: items: properties: @@ -4041,6 +4420,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -4134,6 +4516,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -4277,6 +4662,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -4614,6 +5002,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -4661,6 +5069,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -5072,6 +5491,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -5121,6 +5560,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -5195,6 +5645,8 @@ spec: maxDuration: type: string type: object + expression: + type: string limit: anyOf: - type: integer @@ -5464,6 +5916,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -5555,6 +6010,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -5700,6 +6158,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6076,6 +6537,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6169,6 +6633,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6312,6 +6779,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6598,8 +7068,6 @@ spec: type: object ephemeral: properties: - readOnly: - type: boolean volumeClaimTemplate: properties: metadata: @@ -6949,8 +7417,6 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: properties: @@ -7217,27 +7683,73 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string type: array - topologyKey: - type: string - required: - - topologyKey + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: + namespaceSelector: properties: matchExpressions: items: @@ -7301,6 +7813,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -7344,6 +7879,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -7608,6 +8166,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -7894,6 +8472,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -7985,6 +8566,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8128,6 +8712,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8445,6 +9032,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8536,6 +9126,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8679,6 +9272,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -9050,6 +9646,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -9097,6 +9713,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -9420,6 +10047,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -9467,6 +10114,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -9495,6 +10153,7 @@ spec: - template type: object type: object + inline: {} name: type: string onExit: @@ -9831,6 +10490,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -9892,6 +10571,45 @@ spec: type: string type: object type: array + http: + properties: + body: + type: string + headers: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + method: + type: string + timeoutSeconds: + format: int64 + type: integer + url: + type: string + required: + - url + type: object initContainers: items: properties: @@ -10152,6 +10870,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -10245,6 +10966,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -10388,6 +11112,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -10725,6 +11452,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -10772,6 +11519,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -11183,6 +11941,26 @@ spec: objectLocking: type: boolean type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object endpoint: type: string insecure: @@ -11232,6 +12010,17 @@ spec: type: string valueFrom: properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object default: type: string event: @@ -11306,6 +12095,8 @@ spec: maxDuration: type: string type: object + expression: + type: string limit: anyOf: - type: integer @@ -11575,6 +12366,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -11666,6 +12460,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -11811,6 +12608,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -12187,6 +12987,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -12280,6 +13083,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -12423,6 +13229,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -12709,8 +13518,6 @@ spec: type: object ephemeral: properties: - readOnly: - type: boolean volumeClaimTemplate: properties: metadata: @@ -13060,8 +13867,6 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: properties: @@ -13533,8 +14338,6 @@ spec: type: object ephemeral: properties: - readOnly: - type: boolean volumeClaimTemplate: properties: metadata: @@ -13884,8 +14687,6 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: properties: diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/kustomization.yaml index a593d88d02..9204c2a296 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/full/kustomization.yaml @@ -1,9 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - argoproj.io_clusterworkflowtemplates.yaml - argoproj.io_cronworkflows.yaml - argoproj.io_workflows.yaml - argoproj.io_workflowtemplates.yaml - argoproj.io_workfloweventbindings.yaml +- argoproj.io_workflowtasksets.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/kustomization.yaml index 3ccdade18f..25ffbeccf0 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/kustomization.yaml @@ -1,5 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - minimal diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_clusterworkflowtemplates.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_clusterworkflowtemplates.yaml index 889dfe2f50..90c8fb8adc 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_clusterworkflowtemplates.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_clusterworkflowtemplates.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: +metadata: # kpt-merge: /clusterworkflowtemplates.argoproj.io name: clusterworkflowtemplates.argoproj.io spec: group: argoproj.io diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_cronworkflows.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_cronworkflows.yaml index 812cf11434..1809239a5a 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_cronworkflows.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_cronworkflows.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: +metadata: # kpt-merge: /cronworkflows.argoproj.io name: cronworkflows.argoproj.io spec: group: argoproj.io diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workfloweventbindings.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workfloweventbindings.yaml index 22e2ecf0f6..ab81216d69 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workfloweventbindings.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workfloweventbindings.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: +metadata: # kpt-merge: /workfloweventbindings.argoproj.io name: workfloweventbindings.argoproj.io spec: group: argoproj.io diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflows.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflows.yaml index 6e646adc7d..f13fb38dbb 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflows.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflows.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: +metadata: # kpt-merge: /workflows.argoproj.io name: workflows.argoproj.io spec: group: argoproj.io diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtasksets.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtasksets.yaml new file mode 100644 index 0000000000..0cb8b6adcd --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtasksets.yaml @@ -0,0 +1,39 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: # kpt-merge: /workflowtasksets.argoproj.io + name: workflowtasksets.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTaskSet + listKind: WorkflowTaskSetList + plural: workflowtasksets + shortNames: + - wfts + singular: workflowtaskset + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + status: + type: object + x-kubernetes-map-type: atomic + x-kubernetes-preserve-unknown-fields: true + required: + - metadata + - spec + type: object + served: true + storage: true diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtemplates.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtemplates.yaml index 8165ec25b8..d2c87bf571 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtemplates.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtemplates.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition -metadata: +metadata: # kpt-merge: /workflowtemplates.argoproj.io name: workflowtemplates.argoproj.io spec: group: argoproj.io diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/kustomization.yaml index a593d88d02..9204c2a296 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/crds/minimal/kustomization.yaml @@ -1,9 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - argoproj.io_clusterworkflowtemplates.yaml - argoproj.io_cronworkflows.yaml - argoproj.io_workflows.yaml - argoproj.io_workflowtemplates.yaml - argoproj.io_workfloweventbindings.yaml +- argoproj.io_workflowtasksets.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/kustomization.yaml index 0b9a73341d..02094eb9c9 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - crds - workflow-controller diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/kustomization.yaml index 5ed907d651..e3b2bf3b74 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - workflow-controller-configmap.yaml - workflow-controller-deployment.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-configmap.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-configmap.yaml index d28f4edb3f..3d1f2534d6 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-configmap.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-configmap.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: ConfigMap -metadata: +metadata: # kpt-merge: /workflow-controller-configmap name: workflow-controller-configmap diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-deployment.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-deployment.yaml index 3deacb6e02..6d8315b5db 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-deployment.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-deployment.yaml @@ -1,6 +1,6 @@ apiVersion: apps/v1 kind: Deployment -metadata: +metadata: # kpt-merge: /workflow-controller name: workflow-controller spec: selector: @@ -14,7 +14,7 @@ spec: serviceAccountName: argo containers: - name: workflow-controller - image: docker.io/argoproj/workflow-controller:latest + image: quay.io/argoproj/workflow-controller:latest securityContext: readOnlyRootFilesystem: true runAsNonRoot: true @@ -28,7 +28,7 @@ spec: - --configmap - workflow-controller-configmap - --executor-image - - argoproj/argoexec:latest + - quay.io/argoproj/argoexec:latest env: - name: LEADER_ELECTION_IDENTITY valueFrom: diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-metrics-service.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-metrics-service.yaml index d040adaa08..c646a2482f 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-metrics-service.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-metrics-service.yaml @@ -1,6 +1,6 @@ apiVersion: v1 kind: Service -metadata: +metadata: # kpt-merge: /workflow-controller-metrics name: workflow-controller-metrics labels: app: workflow-controller diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-sa.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-sa.yaml index f3d5885df9..bc31906f37 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-sa.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-sa.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: ServiceAccount -metadata: +metadata: # kpt-merge: /argo name: argo diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterole.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterole.yaml index f954115b00..506221526a 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterole.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterole.yaml @@ -1,6 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole -metadata: +metadata: # kpt-merge: /argo-server-cluster-role name: argo-server-cluster-role rules: - apiGroups: diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterolebinding.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterolebinding.yaml index 6d7ac27ff5..1e54be5bcf 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterolebinding.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterolebinding.yaml @@ -1,6 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding -metadata: +metadata: # kpt-merge: /argo-server-binding name: argo-server-binding roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/kustomization.yaml index 6ae17fe059..91d213a394 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - argo-server-clusterole.yaml - argo-server-clusterolebinding.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/kustomization.yaml index a1698bd2ac..7f5d34ea7f 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - ../base - ./workflow-controller-rbac diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/kustomization.yaml index 0ce4eff69b..ab7574c6ea 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - workflow-aggregate-roles.yaml - workflow-controller-clusterrole.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-aggregate-roles.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-aggregate-roles.yaml index b632e22bc3..e44cf3415c 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-aggregate-roles.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-aggregate-roles.yaml @@ -1,6 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole -metadata: +metadata: # kpt-merge: /argo-aggregate-to-view name: argo-aggregate-to-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" @@ -22,11 +22,10 @@ rules: - get - list - watch - --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole -metadata: +metadata: # kpt-merge: /argo-aggregate-to-edit name: argo-aggregate-to-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" @@ -53,11 +52,10 @@ rules: - patch - update - watch - --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole -metadata: +metadata: # kpt-merge: /argo-aggregate-to-admin name: argo-aggregate-to-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" @@ -75,6 +73,8 @@ rules: - cronworkflows/finalizers - clusterworkflowtemplates - clusterworkflowtemplates/finalizers + - workflowtasksets + - workflowtasksets/finalizers verbs: - create - delete diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrole.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrole.yaml index 0bc7edd4f1..043dda81d0 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrole.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrole.yaml @@ -1,6 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole -metadata: +metadata: # kpt-merge: /argo-cluster-role name: argo-cluster-role rules: - apiGroups: @@ -37,6 +37,8 @@ rules: resources: - workflows - workflows/finalizers + - workflowtasksets + - workflowtasksets/finalizers verbs: - get - list @@ -83,10 +85,10 @@ rules: - create - patch - apiGroups: - - "policy" + - "policy" resources: - - poddisruptionbudgets + - poddisruptionbudgets verbs: - - create - - get - - delete + - create + - get + - delete diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrolebinding.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrolebinding.yaml index b4e54ea67c..0988ebd474 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrolebinding.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrolebinding.yaml @@ -1,6 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding -metadata: +metadata: # kpt-merge: /argo-binding name: argo-binding roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-role.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-role.yaml index 861767172e..4a9ae4fc18 100755 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-role.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-role.yaml @@ -1,6 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role -metadata: +metadata: # kpt-merge: /argo-role name: argo-role rules: - apiGroups: diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml index 191f34d44c..cb4f33d043 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml @@ -1,6 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding -metadata: +metadata: # kpt-merge: /argo-binding name: argo-binding roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-role.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-role.yaml index 546be63414..ca14f4c34f 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-role.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-role.yaml @@ -1,6 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role -metadata: +metadata: # kpt-merge: /argo-server-role name: argo-server-role rules: - apiGroups: diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-rolebinding.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-rolebinding.yaml index d92f0a5096..6d0e838150 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-rolebinding.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-rolebinding.yaml @@ -1,6 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding -metadata: +metadata: # kpt-merge: /argo-server-binding name: argo-server-binding roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/kustomization.yaml index 57a0718f65..c1ca948941 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - argo-server-role.yaml - argo-server-rolebinding.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/kustomization.yaml index 808268c9b0..a3c7fe6fbc 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/kustomization.yaml @@ -1,21 +1,19 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - ../base - ./argo-server-rbac - ./workflow-controller-rbac - patchesJson6902: - target: version: v1 group: apps kind: Deployment name: workflow-controller - path: ./overlays/workflow-controller-deployment.json + path: ./overlays/workflow-controller-deployment.yaml - target: version: v1 group: apps kind: Deployment name: argo-server - path: ./overlays/argo-server-deployment.json + path: ./overlays/argo-server-deployment.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/overlays/argo-server-deployment.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/overlays/argo-server-deployment.yaml new file mode 100644 index 0000000000..90fd8a53dc --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/overlays/argo-server-deployment.yaml @@ -0,0 +1,3 @@ +- op: add + path: /spec/template/spec/containers/0/args/- + value: --namespaced diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/overlays/workflow-controller-deployment.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/overlays/workflow-controller-deployment.yaml new file mode 100644 index 0000000000..90fd8a53dc --- /dev/null +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/overlays/workflow-controller-deployment.yaml @@ -0,0 +1,3 @@ +- op: add + path: /spec/template/spec/containers/0/args/- + value: --namespaced diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/kustomization.yaml index f7b23b2b0b..1f9553fe59 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - workflow-controller-role.yaml - workflow-controller-rolebinding.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml index 908a73626a..5aeb8791fc 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml @@ -1,6 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role -metadata: +metadata: # kpt-merge: /argo-role name: argo-role rules: - apiGroups: @@ -45,6 +45,8 @@ rules: resources: - workflows - workflows/finalizers + - workflowtasksets + - workflowtasksets/finalizers verbs: - get - list diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml index 0484f455b8..300cb6cd04 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-rolebinding.yaml @@ -1,6 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding -metadata: +metadata: # kpt-merge: /argo-binding name: argo-binding roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/argo-server-sso-secret.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/argo-server-sso-secret.yaml index 173d6b314a..cc6fab198d 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/argo-server-sso-secret.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/argo-server-sso-secret.yaml @@ -1,6 +1,6 @@ kind: Secret apiVersion: v1 -metadata: +metadata: # kpt-merge: /argo-server-sso name: argo-server-sso stringData: clientID: argo-server diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/artifact-repositories-configmap.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/artifact-repositories-configmap.yaml index cd2033a3d6..b548f41a41 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/artifact-repositories-configmap.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/artifact-repositories-configmap.yaml @@ -1,6 +1,6 @@ apiVersion: v1 kind: ConfigMap -metadata: +metadata: # kpt-merge: /artifact-repositories name: artifact-repositories annotations: # you'll want to change the default over time, e.g. when you move to new storage solution, @@ -31,4 +31,4 @@ data: secretKeySecret: name: my-minio-cred key: secretkey - empty: "" \ No newline at end of file + empty: "" diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/cluster-workflow-template-rbac.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/cluster-workflow-template-rbac.yaml index c2dd06d694..8b3c37c9cb 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/cluster-workflow-template-rbac.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/cluster-workflow-template-rbac.yaml @@ -1,6 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole -metadata: +metadata: # kpt-merge: /argo-server-clusterworkflowtemplate-role name: argo-server-clusterworkflowtemplate-role rules: - apiGroups: @@ -18,7 +18,7 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole -metadata: +metadata: # kpt-merge: /argo-clusterworkflowtemplate-role name: argo-clusterworkflowtemplate-role rules: - apiGroups: @@ -33,7 +33,7 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding -metadata: +metadata: # kpt-merge: /argo-clusterworkflowtemplate-role-binding name: argo-clusterworkflowtemplate-role-binding roleRef: apiGroup: rbac.authorization.k8s.io @@ -46,7 +46,7 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding -metadata: +metadata: # kpt-merge: /argo-server-clusterworkflowtemplate-role-binding name: argo-server-clusterworkflowtemplate-role-binding roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/kubelet-executor-clusterrole.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/kubelet-executor-clusterrole.yaml index d667859649..9d5e609cd7 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/kubelet-executor-clusterrole.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/kubelet-executor-clusterrole.yaml @@ -1,6 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole -metadata: +metadata: # kpt-merge: /kubelet-executor name: kubelet-executor rules: # This allows the kubelet executor. @@ -9,4 +9,4 @@ rules: resources: - nodes/proxy verbs: - - get \ No newline at end of file + - get diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/kubelet-executor-default-clusterrolebinding.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/kubelet-executor-default-clusterrolebinding.yaml index f0aff8e6c4..3697ef637a 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/kubelet-executor-default-clusterrolebinding.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/kubelet-executor-default-clusterrolebinding.yaml @@ -1,6 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding -metadata: +metadata: # kpt-merge: /kubelet-executor-default name: kubelet-executor-default roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/kustomization.yaml index b809453642..8d9f7a8d40 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - ../../namespace-install - minio @@ -12,7 +11,6 @@ resources: - workflow-default-rolebinding.yaml - cluster-workflow-template-rbac.yaml - artifact-repositories-configmap.yaml - patchesStrategicMerge: - overlays/workflow-controller-configmap.yaml - overlays/argo-server-deployment.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/kustomization.yaml index 2d81059de4..1199d38982 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/kustomization.yaml @@ -1,7 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - minio-deploy.yaml - minio-service.yaml - - my-minio-cred-secret.yaml \ No newline at end of file + - my-minio-cred-secret.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-deploy.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-deploy.yaml index 967b917413..4a75c8316e 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-deploy.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-deploy.yaml @@ -1,6 +1,6 @@ apiVersion: apps/v1 kind: Deployment -metadata: +metadata: # kpt-merge: /minio name: minio labels: app: minio @@ -39,4 +39,4 @@ spec: path: /minio/health/live port: 9000 initialDelaySeconds: 5 - periodSeconds: 10 \ No newline at end of file + periodSeconds: 10 diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-pod.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-pod.yaml index 707fea3835..8c617a68fa 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-pod.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-pod.yaml @@ -1,6 +1,6 @@ apiVersion: v1 kind: Pod -metadata: +metadata: # kpt-merge: /minio name: minio labels: app: minio @@ -31,4 +31,4 @@ spec: path: /minio/health/live port: 9000 initialDelaySeconds: 5 - periodSeconds: 10 \ No newline at end of file + periodSeconds: 10 diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-service.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-service.yaml index dbdbdf3a04..e7b017d8ee 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-service.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-service.yaml @@ -1,6 +1,6 @@ apiVersion: v1 kind: Service -metadata: +metadata: # kpt-merge: /minio name: minio labels: app: minio diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/my-minio-cred-secret.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/my-minio-cred-secret.yaml index 7a29e26b98..52d9564592 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/my-minio-cred-secret.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/my-minio-cred-secret.yaml @@ -3,7 +3,7 @@ stringData: accesskey: admin secretkey: password kind: Secret -metadata: +metadata: # kpt-merge: /my-minio-cred name: my-minio-cred labels: app: minio diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/argo-server-deployment.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/argo-server-deployment.yaml index eab93f168c..9fab5a80f1 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/argo-server-deployment.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/argo-server-deployment.yaml @@ -1,6 +1,6 @@ apiVersion: apps/v1 kind: Deployment -metadata: +metadata: # kpt-merge: /argo-server name: argo-server spec: template: @@ -13,4 +13,4 @@ spec: - --auth-mode - server - --auth-mode - - client \ No newline at end of file + - client diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/workflow-controller-configmap.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/workflow-controller-configmap.yaml index c358ece92e..4cc36b4c6f 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/workflow-controller-configmap.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/workflow-controller-configmap.yaml @@ -57,5 +57,5 @@ data: scope: sensor-logs url: http://logging-facility?namespace=${metadata.namespace}&podName=${metadata.name}&startedAt=${status.startedAt}&finishedAt=${status.finishedAt} kind: ConfigMap -metadata: +metadata: # kpt-merge: /workflow-controller-configmap name: workflow-controller-configmap diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/kustomization.yaml index 4fa48f13b7..32db8231d0 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - prometheus-deployment.yaml - prometheus-config-cluster.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/prometheus-config-cluster.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/prometheus-config-cluster.yaml index e5b849d382..c99a33569d 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/prometheus-config-cluster.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/prometheus-config-cluster.yaml @@ -1,6 +1,6 @@ apiVersion: v1 kind: ConfigMap -metadata: +metadata: # kpt-merge: /prometheus-config name: prometheus-config data: prometheus.yaml: | diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/prometheus-deployment.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/prometheus-deployment.yaml index 7e54cb9619..ec13d7f223 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/prometheus-deployment.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/prometheus-deployment.yaml @@ -8,7 +8,7 @@ # be modified if the default is overriden. apiVersion: apps/v1 kind: Deployment -metadata: +metadata: # kpt-merge: /prometheus name: prometheus spec: replicas: 1 @@ -27,8 +27,8 @@ spec: args: - --config.file=/config/prometheus.yaml volumeMounts: - - name: config - mountPath: /config + - name: config + mountPath: /config volumes: - name: config configMap: diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/prometheus-service.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/prometheus-service.yaml index 4f07a56d0f..26ce49d6e1 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/prometheus-service.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/prometheus/prometheus-service.yaml @@ -1,6 +1,6 @@ apiVersion: v1 kind: Service -metadata: +metadata: # kpt-merge: /prometheus name: prometheus spec: selector: diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/argo-workflows-webhook-clients-secret.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/argo-workflows-webhook-clients-secret.yaml index 566b49951f..079013e8d7 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/argo-workflows-webhook-clients-secret.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/argo-workflows-webhook-clients-secret.yaml @@ -1,6 +1,6 @@ kind: Secret apiVersion: v1 -metadata: +metadata: # kpt-merge: /argo-workflows-webhook-clients name: argo-workflows-webhook-clients # The data keys must be the name of a service account. stringData: @@ -17,6 +17,6 @@ stringData: type: github secret: "shh!" # https://docs.gitlab.com/ee/user/project/integrations/webhooks.html - gitlab.com: | + gitlab.com: |- type: gitlab - secret: "shh!" \ No newline at end of file + secret: "shh!" diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/github.com-rolebinding.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/github.com-rolebinding.yaml index 6477163c4e..959f8bd55c 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/github.com-rolebinding.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/github.com-rolebinding.yaml @@ -1,6 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding -metadata: +metadata: # kpt-merge: /github.com name: github.com roleRef: apiGroup: rbac.authorization.k8s.io @@ -9,4 +9,4 @@ roleRef: subjects: - kind: ServiceAccount name: github.com - namespace: argo \ No newline at end of file + namespace: argo diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/github.com-sa.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/github.com-sa.yaml index 7e42d02edb..a2591092f6 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/github.com-sa.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/github.com-sa.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: ServiceAccount -metadata: +metadata: # kpt-merge: /github.com name: github.com diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/kustomization.yaml index ffef982a70..162751ce9c 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/kustomization.yaml @@ -1,6 +1,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - submit-workflow-template-role.yaml - github.com-sa.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/submit-workflow-template-role.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/submit-workflow-template-role.yaml index 82dd187abd..b1dee3fedb 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/submit-workflow-template-role.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/webhooks/submit-workflow-template-role.yaml @@ -2,7 +2,7 @@ # You could tighten this further (but perhaps impractically) by using `resourceNames` apiVersion: rbac.authorization.k8s.io/v1 kind: Role -metadata: +metadata: # kpt-merge: /submit-workflow-template name: submit-workflow-template rules: - apiGroups: @@ -22,4 +22,4 @@ rules: resources: - workflows verbs: - - create \ No newline at end of file + - create diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-default-rolebinding.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-default-rolebinding.yaml index 9cca040077..52ec46ba53 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-default-rolebinding.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-default-rolebinding.yaml @@ -1,6 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding -metadata: +metadata: # kpt-merge: /workflow-default-binding name: workflow-default-binding roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-role.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-role.yaml index d7f4ee34f5..d46bb06677 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-role.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-role.yaml @@ -1,7 +1,7 @@ # https://argoproj.github.io/argo-workflows/workflow-rbac/ apiVersion: rbac.authorization.k8s.io/v1 kind: Role -metadata: +metadata: # kpt-merge: /workflow-role name: workflow-role rules: # pod get/watch is used to identify the container IDs of the current pod @@ -47,4 +47,17 @@ rules: - workflows verbs: - create - - get \ No newline at end of file + - get + # This allows agent pod to update the taskset. + # This is only needed for http templates. + - apiGroups: + - argoproj.io + resources: + - workflowtasksets + - workflowtasksets/finalizers + verbs: + - list + - watch + - get + - update + - patch diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/minimal/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/minimal/kustomization.yaml index aa0b761e85..27bb5cb0b4 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/minimal/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/minimal/kustomization.yaml @@ -1,5 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - ../base diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/argo-mysql-config-secret.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/argo-mysql-config-secret.yaml index ad496bc613..cfe014fef2 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/argo-mysql-config-secret.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/argo-mysql-config-secret.yaml @@ -3,7 +3,7 @@ stringData: username: mysql password: password kind: Secret -metadata: +metadata: # kpt-merge: /argo-mysql-config name: argo-mysql-config labels: app: mysql diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/kustomization.yaml index 97b3ca0a1e..edacf51ff4 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/kustomization.yaml @@ -1,11 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - ../base - argo-mysql-config-secret.yaml - mysql-deployment.yaml - mysql-service.yaml - patchesStrategicMerge: - - overlays/workflow-controller-configmap.yaml \ No newline at end of file + - overlays/workflow-controller-configmap.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/mysql-deployment.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/mysql-deployment.yaml index d41ad079fb..4334cd9d5b 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/mysql-deployment.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/mysql-deployment.yaml @@ -1,6 +1,6 @@ apiVersion: apps/v1 kind: Deployment -metadata: +metadata: # kpt-merge: /mysql name: mysql labels: app: mysql @@ -34,4 +34,4 @@ spec: initialDelaySeconds: 15 timeoutSeconds: 2 nodeSelector: - kubernetes.io/os: linux \ No newline at end of file + kubernetes.io/os: linux diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/mysql-service.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/mysql-service.yaml index 98be938e3f..45a03a018d 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/mysql-service.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/mysql-service.yaml @@ -1,6 +1,6 @@ apiVersion: v1 kind: Service -metadata: +metadata: # kpt-merge: /mysql name: mysql labels: app: mysql @@ -10,4 +10,4 @@ spec: ports: - protocol: TCP port: 3306 - targetPort: 3306 \ No newline at end of file + targetPort: 3306 diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/overlays/workflow-controller-configmap.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/overlays/workflow-controller-configmap.yaml index c20578d148..31b15d50bd 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/overlays/workflow-controller-configmap.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/mysql/overlays/workflow-controller-configmap.yaml @@ -20,5 +20,5 @@ data: name: argo-mysql-config key: password kind: ConfigMap -metadata: - name: workflow-controller-configmap \ No newline at end of file +metadata: # kpt-merge: /workflow-controller-configmap + name: workflow-controller-configmap diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/argo-postgres-config-secret.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/argo-postgres-config-secret.yaml index 2a154b8c57..e14013fa58 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/argo-postgres-config-secret.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/argo-postgres-config-secret.yaml @@ -3,7 +3,7 @@ stringData: username: postgres password: password kind: Secret -metadata: +metadata: # kpt-merge: /argo-postgres-config name: argo-postgres-config labels: app: postgres diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/kustomization.yaml index b039183f45..a70a0cc26b 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/kustomization.yaml @@ -1,11 +1,9 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - ../base - argo-postgres-config-secret.yaml - postgres-deployment.yaml - postgres-service.yaml - patchesStrategicMerge: - - overlays/workflow-controller-configmap.yaml \ No newline at end of file + - overlays/workflow-controller-configmap.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/overlays/workflow-controller-configmap.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/overlays/workflow-controller-configmap.yaml index 6675ce86e2..28daa5b87e 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/overlays/workflow-controller-configmap.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/overlays/workflow-controller-configmap.yaml @@ -20,5 +20,5 @@ data: name: argo-postgres-config key: password kind: ConfigMap -metadata: - name: workflow-controller-configmap \ No newline at end of file +metadata: # kpt-merge: /workflow-controller-configmap + name: workflow-controller-configmap diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/postgres-deployment.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/postgres-deployment.yaml index c22a500919..4f88e4040b 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/postgres-deployment.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/postgres-deployment.yaml @@ -1,6 +1,6 @@ apiVersion: apps/v1 kind: Deployment -metadata: +metadata: # kpt-merge: /postgres name: postgres labels: app: postgres @@ -28,4 +28,4 @@ spec: initialDelaySeconds: 15 timeoutSeconds: 2 nodeSelector: - kubernetes.io/os: linux \ No newline at end of file + kubernetes.io/os: linux diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/postgres-service.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/postgres-service.yaml index e59ffa4372..b613893694 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/postgres-service.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/postgres/postgres-service.yaml @@ -1,6 +1,6 @@ apiVersion: v1 kind: Service -metadata: +metadata: # kpt-merge: /postgres name: postgres labels: app: postgres @@ -10,4 +10,4 @@ spec: ports: - protocol: TCP port: 5432 - targetPort: 5432 \ No newline at end of file + targetPort: 5432 diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dev-svc.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dev-svc.yaml index 29e2f7c7d6..cd3697563b 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dev-svc.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dev-svc.yaml @@ -1,6 +1,6 @@ apiVersion: v1 kind: Service -metadata: +metadata: # kpt-merge: /dex name: dex spec: ports: diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-cm.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-cm.yaml index c41c67cc59..fb409ffc93 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-cm.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-cm.yaml @@ -16,6 +16,7 @@ data: - id: argo-server redirectURIs: - http://localhost:2746/oauth2/callback + - http://localhost:8080/oauth2/callback name: Argo Server secret: ZXhhbXBsZS1hcHAtc2VjcmV0 connectors: @@ -29,5 +30,5 @@ data: username: admin userID: 08a8684b-db88-4b73-90a9-3cd1661f5466 kind: ConfigMap -metadata: - name: dex \ No newline at end of file +metadata: # kpt-merge: /dex + name: dex diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-deploy.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-deploy.yaml index 5a622bb20b..0f15abc600 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-deploy.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-deploy.yaml @@ -1,6 +1,6 @@ apiVersion: apps/v1 kind: Deployment -metadata: +metadata: # kpt-merge: /dex labels: app: dex name: dex @@ -29,4 +29,4 @@ spec: volumes: - name: config configMap: - name: dex \ No newline at end of file + name: dex diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-rb.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-rb.yaml index 9a3f2788ce..ce07b692e5 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-rb.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-rb.yaml @@ -1,6 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding -metadata: +metadata: # kpt-merge: /dex name: dex roleRef: apiGroup: rbac.authorization.k8s.io diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-role.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-role.yaml index ff1ab9aacd..bb9a4fb94b 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-role.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-role.yaml @@ -1,6 +1,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role -metadata: +metadata: # kpt-merge: /dex name: dex rules: - apiGroups: diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-sa.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-sa.yaml index 97a137459c..561106c4ec 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-sa.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/dex-sa.yaml @@ -1,4 +1,4 @@ apiVersion: v1 kind: ServiceAccount -metadata: +metadata: # kpt-merge: /dex name: dex diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/kustomization.yaml index 09b3bdbaca..8ea85c17de 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/dex/kustomization.yaml @@ -1,9 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - commonLabels: "app.kubernetes.io/part-of": "dex" - resources: - dex-cm.yaml - dex-role.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/kustomization.yaml index 3981219ff0..70aafea654 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/kustomization.yaml @@ -1,10 +1,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization - resources: - ../base - dex - patchesStrategicMerge: - overlays/workflow-controller-configmap.yaml - - overlays/argo-server-sa.yaml \ No newline at end of file + - overlays/argo-server-sa.yaml diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/argo-server-sa.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/argo-server-sa.yaml index 0cd3393f2a..c09b7ac93d 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/argo-server-sa.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/argo-server-sa.yaml @@ -1,6 +1,6 @@ apiVersion: v1 kind: ServiceAccount -metadata: +metadata: # kpt-merge: /argo-server name: argo-server annotations: workflows.argoproj.io/rbac-rule: "'authors' in groups && email == 'kilgore@kilgore.trout'" diff --git a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/workflow-controller-configmap.yaml b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/workflow-controller-configmap.yaml index b502c7f7c5..a5dcef1dba 100644 --- a/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/workflow-controller-configmap.yaml +++ b/apps/kfp-tekton/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/workflow-controller-configmap.yaml @@ -2,18 +2,19 @@ apiVersion: v1 data: sso: | issuer: http://dex:5556/dex + issuerAlias: http://mydex:5556/dex clientId: name: argo-server-sso key: clientID clientSecret: name: argo-server-sso key: clientSecret - redirectUrl: http://localhost:2746/oauth2/callback + redirectUrl: http://localhost:8080/oauth2/callback scopes: - groups - email rbac: enabled: true kind: ConfigMap -metadata: +metadata: # kpt-merge: /workflow-controller-configmap name: workflow-controller-configmap diff --git a/apps/kfp-tekton/upstream/third-party/kfp-csi-s3/csi-s3-deployment.yaml b/apps/kfp-tekton/upstream/third-party/kfp-csi-s3/csi-s3-deployment.yaml index 7e47a2bc23..04dd38bd2e 100644 --- a/apps/kfp-tekton/upstream/third-party/kfp-csi-s3/csi-s3-deployment.yaml +++ b/apps/kfp-tekton/upstream/third-party/kfp-csi-s3/csi-s3-deployment.yaml @@ -375,7 +375,7 @@ spec: args: - --v=5 - --csi-address=/csi/csi.sock - - --kubelet-registration-path=/var/data/kubelet/plugins/kfp-csi-s3/csi.sock + - --kubelet-registration-path=$(kubelet-path)/kubelet/plugins/kfp-csi-s3/csi.sock securityContext: # This is necessary only for systems with SELinux, where # non-privileged sidecar containers cannot access unix domain socket @@ -414,22 +414,22 @@ spec: volumeMounts: - mountPath: /csi name: socket-dir - - mountPath: /var/data/kubelet/pods + - mountPath: $(kubelet-path)/kubelet/pods mountPropagation: Bidirectional name: mountpoint-dir - mountPath: /dev name: dev-dir volumes: - hostPath: - path: /var/data/kubelet/plugins/kfp-csi-s3 + path: $(kubelet-path)/kubelet/plugins/kfp-csi-s3 type: DirectoryOrCreate name: socket-dir - hostPath: - path: /var/data/kubelet/pods + path: $(kubelet-path)/kubelet/pods type: DirectoryOrCreate name: mountpoint-dir - hostPath: - path: /var/data/kubelet/plugins_registry + path: $(kubelet-path)/kubelet/plugins_registry type: Directory name: registration-dir - hostPath: @@ -475,7 +475,7 @@ spec: name: socket-dir volumes: - hostPath: - path: /var/data/kubelet/plugins/kfp-csi-s3 + path: $(kubelet-path)/kubelet/plugins/kfp-csi-s3 type: DirectoryOrCreate name: socket-dir --- @@ -517,7 +517,7 @@ spec: name: socket-dir volumes: - hostPath: - path: /var/data/kubelet/plugins/kfp-csi-s3 + path: $(kubelet-path)/kubelet/plugins/kfp-csi-s3 type: DirectoryOrCreate name: socket-dir --- diff --git a/apps/kfp-tekton/upstream/third-party/kfp-csi-s3/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/kfp-csi-s3/kustomization.yaml index e15adcdb7d..7e44d75d17 100644 --- a/apps/kfp-tekton/upstream/third-party/kfp-csi-s3/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/kfp-csi-s3/kustomization.yaml @@ -15,6 +15,7 @@ configMapGenerator: - bucket-base64=bWxwaXBlbGluZQ== - accessKeyID-base64=bWluaW8= - secretAccessKey-bas64=bWluaW8xMjM= + - kubelet-path=/var/data generatorOptions: disableNameSuffixHash: true vars: @@ -46,6 +47,13 @@ vars: apiVersion: v1 fieldref: fieldpath: data.secretAccessKey-bas64 +- name: kubelet-path + objref: + kind: ConfigMap + name: csi-s3-parameters + apiVersion: v1 + fieldref: + fieldpath: data.kubelet-path configurations: - params.yaml diff --git a/apps/kfp-tekton/upstream/third-party/kfp-csi-s3/params.yaml b/apps/kfp-tekton/upstream/third-party/kfp-csi-s3/params.yaml index 596792b007..68eca8e197 100644 --- a/apps/kfp-tekton/upstream/third-party/kfp-csi-s3/params.yaml +++ b/apps/kfp-tekton/upstream/third-party/kfp-csi-s3/params.yaml @@ -1,3 +1,11 @@ varReference: - path: data kind: Secret +- path: spec/template/spec/volumes/hostPath/path + kind: StatefulSet +- path: spec/template/spec/containers/*/args/2 + kind: DaemonSet +- path: spec/template/spec/containers/*/volumeMounts/*/mountPath + kind: DaemonSet +- path: spec/template/spec/volumes/hostPath/path + kind: DaemonSet \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/metacontroller/base/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/metacontroller/base/kustomization.yaml index fb7f0e8cbe..9b16b60c15 100644 --- a/apps/kfp-tekton/upstream/third-party/metacontroller/base/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/metacontroller/base/kustomization.yaml @@ -8,7 +8,7 @@ resources: - stateful-set.yaml commonLabels: kustomize.component: metacontroller -images: -- name: metacontroller/metacontroller - newName: metacontroller/metacontroller - newTag: v0.3.0 + +# Update metacontroller CRD: +# Copy the upstream file to crd.yaml in this folder. +# Upstream file: https://github.com/metacontroller/metacontroller/blob/master/manifests/production/metacontroller-crds-v1.yaml \ No newline at end of file diff --git a/apps/kfp-tekton/upstream/third-party/metacontroller/base/stateful-set.yaml b/apps/kfp-tekton/upstream/third-party/metacontroller/base/stateful-set.yaml index 7bbc3870a8..b0ca0076e7 100644 --- a/apps/kfp-tekton/upstream/third-party/metacontroller/base/stateful-set.yaml +++ b/apps/kfp-tekton/upstream/third-party/metacontroller/base/stateful-set.yaml @@ -18,26 +18,28 @@ spec: sidecar.istio.io/inject: "false" spec: containers: - - command: - - /usr/bin/metacontroller - - --logtostderr - - -v=4 - - --discovery-interval=20s - image: metacontroller/metacontroller:v0.3.0 - imagePullPolicy: Always - name: metacontroller - ports: - - containerPort: 2345 - resources: - limits: - cpu: "4" - memory: 4Gi - requests: - cpu: 500m - memory: 1Gi - securityContext: - allowPrivilegeEscalation: true - privileged: true + - resources: + limits: + cpu: '1' + memory: 1Gi + requests: + cpu: 100m + memory: 256Mi + command: + - /usr/bin/metacontroller + - --zap-log-level=4 + - '--discovery-interval=3600s' # less insane than 10 seconds + securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1000 + privileged: false + allowPrivilegeEscalation: false + name: metacontroller + image: 'docker.io/metacontrollerio/metacontroller:v2.0.4' serviceAccountName: meta-controller-service # Workaround for https://github.com/kubernetes-sigs/kustomize/issues/677 volumeClaimTemplates: [] diff --git a/apps/kfp-tekton/upstream/third-party/openshift/standalone/anyuid-scc.yaml b/apps/kfp-tekton/upstream/third-party/openshift/standalone/anyuid-scc.yaml index 3d0b755373..0bdf5a98f8 100644 --- a/apps/kfp-tekton/upstream/third-party/openshift/standalone/anyuid-scc.yaml +++ b/apps/kfp-tekton/upstream/third-party/openshift/standalone/anyuid-scc.yaml @@ -34,8 +34,8 @@ users: #Minio accesses files owned by root - system:serviceaccount:kubeflow:minio #Katib injects container into pods which does not run as non-root user, trying to find Dockerfile for that image and fix it -#- system:serviceaccount:kubeflow:default - system:serviceaccount:kubeflow:default +- system:serviceaccount:kubeflow:pipeline-runner - system:serviceaccount:kubeflow:kubeflow-pipelines-cache - system:serviceaccount:kubeflow:kubeflow-pipelines-cache-deployer-sa - system:serviceaccount:kubeflow:metadata-grpc-server diff --git a/apps/kfp-tekton/upstream/third-party/openshift/standalone/privileged-scc.yaml b/apps/kfp-tekton/upstream/third-party/openshift/standalone/privileged-scc.yaml index 99fadc4750..abda371808 100644 --- a/apps/kfp-tekton/upstream/third-party/openshift/standalone/privileged-scc.yaml +++ b/apps/kfp-tekton/upstream/third-party/openshift/standalone/privileged-scc.yaml @@ -34,8 +34,8 @@ users: #Minio accesses files owned by root - system:serviceaccount:kubeflow:minio #Katib injects container into pods which does not run as non-root user, trying to find Dockerfile for that image and fix it -#- system:serviceaccount:kubeflow:default - system:serviceaccount:kubeflow:default +- system:serviceaccount:kubeflow:pipeline-runner - system:serviceaccount:kubeflow:kubeflow-pipelines-cache - system:serviceaccount:kubeflow:kubeflow-pipelines-cache-deployer-sa - system:serviceaccount:kubeflow:metadata-grpc-server diff --git a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/kustomization.yaml b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/kustomization.yaml index c0ff1f3962..a3bd083211 100644 --- a/apps/kfp-tekton/upstream/third-party/tekton-custom-task/kustomization.yaml +++ b/apps/kfp-tekton/upstream/third-party/tekton-custom-task/kustomization.yaml @@ -8,6 +8,6 @@ namespace: tekton-pipelines images: - name: docker.io/aipipeline/pipelineloop-controller - newTag: 1.1.1 + newTag: 1.2.1 - name: docker.io/aipipeline/pipelineloop-webhook - newTag: 1.1.1 + newTag: 1.2.1 diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/tekton-dashboard-release.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/tekton-dashboard-release.yaml index 533d873ee9..c5d4b3dac0 100644 --- a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/tekton-dashboard-release.yaml +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-dashboard/tekton-dashboard-release.yaml @@ -276,7 +276,7 @@ subjects: --- apiVersion: v1 data: - version: v0.22.0 + version: v0.24.1 kind: ConfigMap metadata: labels: @@ -294,9 +294,9 @@ metadata: app.kubernetes.io/instance: default app.kubernetes.io/name: dashboard app.kubernetes.io/part-of: tekton-dashboard - app.kubernetes.io/version: v0.22.0 - dashboard.tekton.dev/release: v0.22.0 - version: v0.22.0 + app.kubernetes.io/version: v0.24.1 + dashboard.tekton.dev/release: v0.24.1 + version: v0.24.1 name: tekton-dashboard namespace: tekton-pipelines spec: @@ -320,9 +320,9 @@ metadata: app.kubernetes.io/instance: default app.kubernetes.io/name: dashboard app.kubernetes.io/part-of: tekton-dashboard - app.kubernetes.io/version: v0.22.0 - dashboard.tekton.dev/release: v0.22.0 - version: v0.22.0 + app.kubernetes.io/version: v0.24.1 + dashboard.tekton.dev/release: v0.24.1 + version: v0.24.1 name: tekton-dashboard namespace: tekton-pipelines spec: @@ -341,7 +341,7 @@ spec: app.kubernetes.io/instance: default app.kubernetes.io/name: dashboard app.kubernetes.io/part-of: tekton-dashboard - app.kubernetes.io/version: v0.22.0 + app.kubernetes.io/version: v0.24.1 name: tekton-dashboard spec: containers: @@ -361,7 +361,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard:v0.22.0@sha256:8285c9e07ccbb008425c34f5c3b5a684fb4ab36325a3e1d270e4521389248e51 + image: gcr.io/tekton-releases/github.com/tektoncd/dashboard/cmd/dashboard:v0.24.1@sha256:fe4febbb74ca3e7027c29719e32e38074b3af6be588ee08cca5826f21fa003a1 livenessProbe: httpGet: path: /health diff --git a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/tekton-release.yaml b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/tekton-release.yaml index 1af4a7ee2c..55a99f2487 100644 --- a/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/tekton-release.yaml +++ b/apps/kfp-tekton/upstream/third-party/tekton/upstream/manifests/base/tektoncd-install/tekton-release.yaml @@ -518,8 +518,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.30.0" - version: "v0.30.0" + pipeline.tekton.dev/release: "v0.31.4" + version: "v0.31.4" spec: group: tekton.dev preserveUnknownFields: false @@ -598,8 +598,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.30.0" - version: "v0.30.0" + pipeline.tekton.dev/release: "v0.31.4" + version: "v0.31.4" spec: group: tekton.dev versions: @@ -651,8 +651,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.30.0" - version: "v0.30.0" + pipeline.tekton.dev/release: "v0.31.4" + version: "v0.31.4" spec: group: tekton.dev preserveUnknownFields: false @@ -731,8 +731,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.30.0" - version: "v0.30.0" + pipeline.tekton.dev/release: "v0.31.4" + version: "v0.31.4" spec: group: tekton.dev preserveUnknownFields: false @@ -840,8 +840,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.30.0" - version: "v0.30.0" + pipeline.tekton.dev/release: "v0.31.4" + version: "v0.31.4" spec: group: tekton.dev versions: @@ -893,8 +893,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.30.0" - version: "v0.30.0" + pipeline.tekton.dev/release: "v0.31.4" + version: "v0.31.4" spec: group: tekton.dev preserveUnknownFields: false @@ -960,8 +960,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.30.0" - version: "v0.30.0" + pipeline.tekton.dev/release: "v0.31.4" + version: "v0.31.4" spec: group: tekton.dev preserveUnknownFields: false @@ -1040,8 +1040,8 @@ metadata: labels: app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.30.0" - version: "v0.30.0" + pipeline.tekton.dev/release: "v0.31.4" + version: "v0.31.4" spec: group: tekton.dev preserveUnknownFields: false @@ -1151,7 +1151,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.30.0" + pipeline.tekton.dev/release: "v0.31.4" # The data is populated at install time. --- apiVersion: admissionregistration.k8s.io/v1 @@ -1162,7 +1162,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.30.0" + pipeline.tekton.dev/release: "v0.31.4" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1181,7 +1181,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.30.0" + pipeline.tekton.dev/release: "v0.31.4" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1200,7 +1200,7 @@ metadata: app.kubernetes.io/component: webhook app.kubernetes.io/instance: default app.kubernetes.io/part-of: tekton-pipelines - pipeline.tekton.dev/release: "v0.30.0" + pipeline.tekton.dev/release: "v0.31.4" webhooks: - admissionReviewVersions: ["v1"] clientConfig: @@ -1551,7 +1551,7 @@ data: # this ConfigMap such that even if we don't have access to # other resources in the namespace we still can have access to # this ConfigMap. - version: "v0.30.0" + version: "v0.31.4" --- # Copyright 2020 Tekton Authors LLC @@ -1749,12 +1749,12 @@ metadata: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.30.0" + app.kubernetes.io/version: "v0.31.4" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.30.0" + pipeline.tekton.dev/release: "v0.31.4" # labels below are related to istio and should not be used for resource lookup - version: "v0.30.0" + version: "v0.31.4" spec: replicas: 1 selector: @@ -1769,13 +1769,13 @@ spec: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.30.0" + app.kubernetes.io/version: "v0.31.4" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.30.0" + pipeline.tekton.dev/release: "v0.31.4" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-controller - version: "v0.30.0" + version: "v0.31.4" spec: affinity: nodeAffinity: @@ -1789,11 +1789,11 @@ spec: serviceAccountName: tekton-pipelines-controller containers: - name: tekton-pipelines-controller - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.30.0@sha256:ecb7567431d9c2b899be7b04cd5a72722655e36fd58f69ed695e469daab9009b + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller:v0.31.4@sha256:bd9dc22532c8e1bd9b253775734c0b2464d62065b39d6b552d3c52bb6d33e20f args: [ # These images are built on-demand by `ko resolve` and are replaced # by image references by digest. - "-kubeconfig-writer-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.30.0@sha256:5292621d97834592c983a341e6e8759a8437dd208448a0226459c91e7b273f8c", "-git-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.30.0@sha256:3637bac1e233696a3671155c77de9ed8e02cacbec454d314125a5f1f458effa3", "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.30.0@sha256:34ee7658bb8a657584e1ada8e84121758cc5d067c1f0740873d614d07423886f", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.30.0@sha256:89cb4d5572372c7ade6b20b59bf35dc9dcd5e4cde2fa77f14888d4f7059cd767", "-imagedigest-exporter-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.30.0@sha256:2a6dec9e6d66b2198d9bc3bcf1f03a662e4eb274b66563c5d499e9f29dadcc10", "-pr-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/pullrequest-init:v0.30.0@sha256:d321d1888a203be9fab57aa528bcf378da6984778c38f015c0a9287fc489602f", + "-kubeconfig-writer-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/kubeconfigwriter:v0.31.4@sha256:5182c126e793399a24a08caecc646c823d22fafb0df718409fb7595d623e1003", "-git-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/git-init:v0.31.4@sha256:7912a676c596fd72c1510da443c59900e0738b33824cb467c40cc5dd554f1682", "-entrypoint-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint:v0.31.4@sha256:8ffaa8e1cd3b6dc917f4ad578c29d33d5a1b7e6f4220ad1e7bfd5cfdf67aac95", "-nop-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop:v0.31.4@sha256:9fe4a289b5d1e728462c244926d76b337c916df71b683c0ff04263abb62c6e32", "-imagedigest-exporter-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/imagedigestexporter:v0.31.4@sha256:6f61182ba273e66d8bd2a817c5cfe5c9702bee0e1660a6c7d98830dcf3a25936", "-pr-image", "gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/pullrequest-init:v0.31.4@sha256:9e7cc9d725cc33849def805b4b6cb1a9fc7ddbd3e485ef1a9eea84193214e4bc", # This is gcr.io/google.com/cloudsdktool/cloud-sdk:302.0.0-slim "-gsutil-image", "gcr.io/google.com/cloudsdktool/cloud-sdk@sha256:27b2c22bf259d9bc1a291e99c63791ba0c27a04d2db0a43241ba0f1f20f4067f", # The shell image must be root in order to create directories and copy files to PVCs. @@ -1892,13 +1892,13 @@ metadata: app.kubernetes.io/name: controller app.kubernetes.io/component: controller app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.30.0" + app.kubernetes.io/version: "v0.31.4" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.30.0" + pipeline.tekton.dev/release: "v0.31.4" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-controller - version: "v0.30.0" + version: "v0.31.4" name: tekton-pipelines-controller namespace: tekton-pipelines spec: @@ -1942,12 +1942,12 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.30.0" + app.kubernetes.io/version: "v0.31.4" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.30.0" + pipeline.tekton.dev/release: "v0.31.4" # labels below are related to istio and should not be used for resource lookup - version: "v0.30.0" + version: "v0.31.4" spec: minReplicas: 1 maxReplicas: 5 @@ -1988,12 +1988,12 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.30.0" + app.kubernetes.io/version: "v0.31.4" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.30.0" + pipeline.tekton.dev/release: "v0.31.4" # labels below are related to istio and should not be used for resource lookup - version: "v0.30.0" + version: "v0.31.4" spec: replicas: 1 selector: @@ -2008,13 +2008,13 @@ spec: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.30.0" + app.kubernetes.io/version: "v0.31.4" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.30.0" + pipeline.tekton.dev/release: "v0.31.4" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-webhook - version: "v0.30.0" + version: "v0.31.4" spec: affinity: nodeAffinity: @@ -2041,7 +2041,7 @@ spec: - name: webhook # This is the Go import path for the binary that is containerized # and substituted here. - image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.30.0@sha256:b93422365865e7b6fbe96e92cac7494626257165021fa36f71fae22bdfbd3e6e + image: gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook:v0.31.4@sha256:915029563a15cc8ca6491cd253f2ed8f8ad5f9824650899503b8a8a1f25d3c12 # Resource request required for autoscaler to take any action for a metric resources: requests: @@ -2113,13 +2113,13 @@ metadata: app.kubernetes.io/name: webhook app.kubernetes.io/component: webhook app.kubernetes.io/instance: default - app.kubernetes.io/version: "v0.30.0" + app.kubernetes.io/version: "v0.31.4" app.kubernetes.io/part-of: tekton-pipelines # tekton.dev/release value replaced with inputs.params.versionTag in pipeline/tekton/publish.yaml - pipeline.tekton.dev/release: "v0.30.0" + pipeline.tekton.dev/release: "v0.31.4" # labels below are related to istio and should not be used for resource lookup app: tekton-pipelines-webhook - version: "v0.30.0" + version: "v0.31.4" name: tekton-pipelines-webhook namespace: tekton-pipelines spec: diff --git a/apps/kfserving/upstream/certmanager/certificate.yaml b/apps/kfserving/upstream/certmanager/certificate.yaml deleted file mode 100644 index a5cf5d33a9..0000000000 --- a/apps/kfserving/upstream/certmanager/certificate.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# The following manifests contain a self-signed issuer CR and a certificate CR. -# More document can be found at https://docs.cert-manager.io -apiVersion: cert-manager.io/v1alpha2 -kind: Issuer -metadata: - name: selfsigned-issuer - namespace: kfserving-system -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1alpha2 -kind: Certificate -metadata: - name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml - namespace: kfserving-system -spec: - # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize - commonName: $(webhookServiceName).$(kfservingNamespace).svc - dnsNames: - - $(webhookServiceName).$(kfservingNamespace).svc - issuerRef: - kind: Issuer - name: selfsigned-issuer - secretName: kfserving-webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize diff --git a/apps/kfserving/upstream/certmanager/kustomization.yaml b/apps/kfserving/upstream/certmanager/kustomization.yaml deleted file mode 100644 index bebea5a595..0000000000 --- a/apps/kfserving/upstream/certmanager/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: -- certificate.yaml - -configurations: -- kustomizeconfig.yaml diff --git a/apps/kfserving/upstream/certmanager/kustomizeconfig.yaml b/apps/kfserving/upstream/certmanager/kustomizeconfig.yaml deleted file mode 100644 index 90d7c313ca..0000000000 --- a/apps/kfserving/upstream/certmanager/kustomizeconfig.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# This configuration is for teaching kustomize how to update name ref and var substitution -nameReference: -- kind: Issuer - group: cert-manager.io - fieldSpecs: - - kind: Certificate - group: cert-manager.io - path: spec/issuerRef/name - -varReference: -- kind: Certificate - group: cert-manager.io - path: spec/commonName -- kind: Certificate - group: cert-manager.io - path: spec/dnsNames diff --git a/apps/kfserving/upstream/configmap/inferenceservice.yaml b/apps/kfserving/upstream/configmap/inferenceservice.yaml deleted file mode 100644 index 1d1a14caf9..0000000000 --- a/apps/kfserving/upstream/configmap/inferenceservice.yaml +++ /dev/null @@ -1,187 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: inferenceservice-config - namespace: kfserving-system -data: - predictors: |- - { - "tensorflow": { - "image": "tensorflow/serving", - "defaultImageVersion": "1.14.0", - "defaultGpuImageVersion": "1.14.0-gpu", - "defaultTimeout": "60", - "supportedFrameworks": [ - "tensorflow" - ], - "multiModelServer": false - }, - "onnx": { - "image": "mcr.microsoft.com/onnxruntime/server", - "defaultImageVersion": "v1.0.0", - "supportedFrameworks": [ - "onnx" - ], - "multiModelServer": false - }, - "sklearn": { - "v1": { - "image": "kfserving/sklearnserver", - "defaultImageVersion": "v0.6.1", - "supportedFrameworks": [ - "sklearn" - ], - "multiModelServer": true - }, - "v2": { - "image": "docker.io/seldonio/mlserver", - "defaultImageVersion": "0.2.1", - "supportedFrameworks": [ - "sklearn" - ], - "multiModelServer": false - } - }, - "xgboost": { - "v1": { - "image": "kfserving/xgbserver", - "defaultImageVersion": "v0.6.1", - "supportedFrameworks": [ - "xgboost" - ], - "multiModelServer": true - }, - "v2": { - "image": "docker.io/seldonio/mlserver", - "defaultImageVersion": "0.2.1", - "supportedFrameworks": [ - "xgboost" - ], - "multiModelServer": false - } - }, - "pytorch": { - "v1" : { - "image": "kfserving/pytorchserver", - "defaultImageVersion": "v0.6.1", - "defaultGpuImageVersion": "v0.6.1-gpu", - "supportedFrameworks": [ - "pytorch" - ], - "multiModelServer": false - }, - "v2" : { - "image": "pytorch/torchserve-kfs", - "defaultImageVersion": "0.4.0", - "defaultGpuImageVersion": "0.4.0-gpu", - "supportedFrameworks": [ - "pytorch" - ], - "multiModelServer": false - } - }, - "triton": { - "image": "nvcr.io/nvidia/tritonserver", - "defaultImageVersion": "20.08-py3", - "supportedFrameworks": [ - "tensorrt", - "tensorflow", - "onnx", - "pytorch", - "caffe2" - ], - "multiModelServer": true - }, - "pmml": { - "image": "kfserving/pmmlserver", - "defaultImageVersion": "v0.6.1", - "supportedFrameworks": [ - "pmml" - ], - "multiModelServer": false - }, - "lightgbm": { - "image": "kfserving/lgbserver", - "defaultImageVersion": "v0.6.1", - "supportedFrameworks": [ - "lightgbm" - ], - "multiModelServer": false - }, - "paddle": { - "image": "kfserving/paddleserver", - "defaultImageVersion": "v0.6.1", - "supportedFrameworks": [ - "paddle" - ], - "multiModelServer": false - } - } - transformers: |- - { - } - explainers: |- - { - "alibi": { - "image" : "kfserving/alibi-explainer", - "defaultImageVersion": "v0.6.1" - }, - "aix": { - "image" : "kfserving/aix-explainer", - "defaultImageVersion": "v0.6.1" - }, - "art": { - "image" : "kfserving/art-explainer", - "defaultImageVersion": "v0.6.1" - } - } - storageInitializer: |- - { - "image" : "kfserving/storage-initializer:v0.6.1", - "memoryRequest": "100Mi", - "memoryLimit": "1Gi", - "cpuRequest": "100m", - "cpuLimit": "1" - } - credentials: |- - { - "gcs": { - "gcsCredentialFileName": "gcloud-application-credentials.json" - }, - "s3": { - "s3AccessKeyIDName": "AWS_ACCESS_KEY_ID", - "s3SecretAccessKeyName": "AWS_SECRET_ACCESS_KEY" - } - } - ingress: |- - { - "ingressGateway" : "$(ingressGateway)", - "ingressService" : "istio-ingressgateway.istio-system.svc.cluster.local", - "localGateway" : "knative-serving/knative-local-gateway", - "localGatewayService" : "knative-local-gateway.istio-system.svc.cluster.local" - } - logger: |- - { - "image" : "kfserving/agent:v0.6.1", - "memoryRequest": "100Mi", - "memoryLimit": "1Gi", - "cpuRequest": "100m", - "cpuLimit": "1", - "defaultUrl": "http://default-broker" - } - batcher: |- - { - "image" : "kfserving/agent:v0.6.1", - "memoryRequest": "1Gi", - "memoryLimit": "1Gi", - "cpuRequest": "1", - "cpuLimit": "1" - } - agent: |- - { - "image" : "kfserving/agent:v0.6.1", - "memoryRequest": "100Mi", - "memoryLimit": "1Gi", - "cpuRequest": "100m", - "cpuLimit": "1" - } diff --git a/apps/kfserving/upstream/configmap/kustomization.yaml b/apps/kfserving/upstream/configmap/kustomization.yaml deleted file mode 100644 index 948e533b01..0000000000 --- a/apps/kfserving/upstream/configmap/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- inferenceservice.yaml diff --git a/apps/kfserving/upstream/crd/kustomization.yaml b/apps/kfserving/upstream/crd/kustomization.yaml deleted file mode 100644 index 2247b61d6a..0000000000 --- a/apps/kfserving/upstream/crd/kustomization.yaml +++ /dev/null @@ -1,21 +0,0 @@ -# Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue - -# Each entry in this list must resolve to an existing -# resource definition in YAML. These are the resource -# files that kustomize reads, modifies and emits as a -# YAML string, with resources separated by document -# markers ("---"). -resources: -- serving.kubeflow.org_inferenceservices.yaml -- serving.kubeflow.org_trainedmodels.yaml - -patchesJson6902: - # Fix for https://github.com/kubernetes/kubernetes/issues/91395 - - target: - group: apiextensions.k8s.io - version: v1beta1 - kind: CustomResourceDefinition - name: inferenceservices.serving.kubeflow.org - path: patches/protocol.yaml diff --git a/apps/kfserving/upstream/crd/patches/protocol.yaml b/apps/kfserving/upstream/crd/patches/protocol.yaml deleted file mode 100644 index 368dc1cbaa..0000000000 --- a/apps/kfserving/upstream/crd/patches/protocol.yaml +++ /dev/null @@ -1,83 +0,0 @@ -- op: add - path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/canary/properties/explainer/properties/custom/properties/container/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/canary/properties/predictor/properties/custom/properties/container/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/canary/properties/transformer/properties/custom/properties/container/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/default/properties/explainer/properties/custom/properties/container/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/default/properties/predictor/properties/custom/properties/container/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/0/schema/openAPIV3Schema/properties/spec/properties/default/properties/transformer/properties/custom/properties/container/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/predictor/properties/triton/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/predictor/properties/pytorch/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/predictor/properties/onnx/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/predictor/properties/sklearn/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/predictor/properties/xgboost/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/predictor/properties/tensorflow/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/predictor/properties/pmml/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/predictor/properties/lightgbm/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/predictor/properties/paddle/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/predictor/properties/containers/items/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/transformer/properties/containers/items/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/explainer/properties/containers/items/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/explainer/properties/aix/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/explainer/properties/art/properties/ports/items/required/1 - value: protocol - -- op: add - path: /spec/versions/1/schema/openAPIV3Schema/properties/spec/properties/explainer/properties/alibi/properties/ports/items/required/1 - value: protocol diff --git a/apps/kfserving/upstream/crd/serving.kubeflow.org_inferenceservices.yaml b/apps/kfserving/upstream/crd/serving.kubeflow.org_inferenceservices.yaml deleted file mode 100644 index 2ce8b0dec7..0000000000 --- a/apps/kfserving/upstream/crd/serving.kubeflow.org_inferenceservices.yaml +++ /dev/null @@ -1,15983 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.1-0.20200528125929-5c0c6ae3b64b - creationTimestamp: null - name: inferenceservices.serving.kubeflow.org -spec: - group: serving.kubeflow.org - names: - kind: InferenceService - listKind: InferenceServiceList - plural: inferenceservices - shortNames: - - isvc - singular: inferenceservice - scope: Namespaced - subresources: - status: {} - version: v1alpha2 - versions: - - additionalPrinterColumns: - - JSONPath: .status.url - name: URL - type: string - - JSONPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - JSONPath: .status.traffic - name: Default Traffic - type: integer - - JSONPath: .status.canaryTraffic - name: Canary Traffic - type: integer - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha2 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - canary: - properties: - explainer: - properties: - aix: - properties: - config: - additionalProperties: - type: string - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - type: - type: string - required: - - type - type: object - alibi: - properties: - config: - additionalProperties: - type: string - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - type: - type: string - required: - - type - type: object - batcher: - properties: - maxBatchSize: - type: integer - maxLatency: - type: integer - timeout: - type: integer - type: object - custom: - properties: - container: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - required: - - container - type: object - logger: - properties: - mode: - type: string - url: - type: string - type: object - maxReplicas: - type: integer - minReplicas: - type: integer - parallelism: - type: integer - serviceAccountName: - type: string - type: object - predictor: - properties: - batcher: - properties: - maxBatchSize: - type: integer - maxLatency: - type: integer - timeout: - type: integer - type: object - custom: - properties: - container: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - required: - - container - type: object - lightgbm: - properties: - nthread: - type: integer - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - required: - - storageUri - type: object - logger: - properties: - mode: - type: string - url: - type: string - type: object - maxReplicas: - type: integer - minReplicas: - type: integer - onnx: - properties: - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - required: - - storageUri - type: object - parallelism: - type: integer - pmml: - properties: - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - required: - - storageUri - type: object - pytorch: - properties: - modelClassName: - type: string - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - required: - - storageUri - type: object - serviceAccountName: - type: string - sklearn: - properties: - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - required: - - storageUri - type: object - tensorflow: - properties: - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - required: - - storageUri - type: object - triton: - properties: - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - required: - - storageUri - type: object - xgboost: - properties: - nthread: - type: integer - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - required: - - storageUri - type: object - type: object - transformer: - properties: - batcher: - properties: - maxBatchSize: - type: integer - maxLatency: - type: integer - timeout: - type: integer - type: object - custom: - properties: - container: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - required: - - container - type: object - logger: - properties: - mode: - type: string - url: - type: string - type: object - maxReplicas: - type: integer - minReplicas: - type: integer - parallelism: - type: integer - serviceAccountName: - type: string - type: object - required: - - predictor - type: object - canaryTrafficPercent: - type: integer - default: - properties: - explainer: - properties: - aix: - properties: - config: - additionalProperties: - type: string - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - type: - type: string - required: - - type - type: object - alibi: - properties: - config: - additionalProperties: - type: string - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - type: - type: string - required: - - type - type: object - batcher: - properties: - maxBatchSize: - type: integer - maxLatency: - type: integer - timeout: - type: integer - type: object - custom: - properties: - container: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - required: - - container - type: object - logger: - properties: - mode: - type: string - url: - type: string - type: object - maxReplicas: - type: integer - minReplicas: - type: integer - parallelism: - type: integer - serviceAccountName: - type: string - type: object - predictor: - properties: - batcher: - properties: - maxBatchSize: - type: integer - maxLatency: - type: integer - timeout: - type: integer - type: object - custom: - properties: - container: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - required: - - container - type: object - lightgbm: - properties: - nthread: - type: integer - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - required: - - storageUri - type: object - logger: - properties: - mode: - type: string - url: - type: string - type: object - maxReplicas: - type: integer - minReplicas: - type: integer - onnx: - properties: - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - required: - - storageUri - type: object - parallelism: - type: integer - pmml: - properties: - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - required: - - storageUri - type: object - pytorch: - properties: - modelClassName: - type: string - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - required: - - storageUri - type: object - serviceAccountName: - type: string - sklearn: - properties: - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - required: - - storageUri - type: object - tensorflow: - properties: - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - required: - - storageUri - type: object - triton: - properties: - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - required: - - storageUri - type: object - xgboost: - properties: - nthread: - type: integer - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - storageUri: - type: string - required: - - storageUri - type: object - type: object - transformer: - properties: - batcher: - properties: - maxBatchSize: - type: integer - maxLatency: - type: integer - timeout: - type: integer - type: object - custom: - properties: - container: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - required: - - container - type: object - logger: - properties: - mode: - type: string - url: - type: string - type: object - maxReplicas: - type: integer - minReplicas: - type: integer - parallelism: - type: integer - serviceAccountName: - type: string - type: object - required: - - predictor - type: object - required: - - default - type: object - status: - properties: - address: - properties: - url: - type: string - type: object - annotations: - additionalProperties: - type: string - type: object - canary: - additionalProperties: - properties: - host: - type: string - name: - type: string - type: object - type: object - canaryTraffic: - type: integer - conditions: - items: - properties: - lastTransitionTime: - type: string - message: - type: string - reason: - type: string - severity: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - default: - additionalProperties: - properties: - host: - type: string - name: - type: string - type: object - type: object - observedGeneration: - format: int64 - type: integer - traffic: - type: integer - url: - type: string - type: object - type: object - served: true - storage: false - - additionalPrinterColumns: - - JSONPath: .status.url - name: URL - type: string - - JSONPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - JSONPath: .status.components.predictor.traffic[?(@.tag=='prev')].percent - name: Prev - type: integer - - JSONPath: .status.components.predictor.traffic[?(@.latestRevision==true)].percent - name: Latest - type: integer - - JSONPath: .status.components.predictor.traffic[?(@.tag=='prev')].revisionName - name: PrevRolledoutRevision - type: string - - JSONPath: .status.components.predictor.traffic[?(@.latestRevision==true)].revisionName - name: LatestReadyRevision - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - explainer: - properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - aix: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - config: - additionalProperties: - type: string - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - storageUri: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - type: - type: string - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - type: object - alibi: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - config: - additionalProperties: - type: string - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - storageUri: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - type: - type: string - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - type: object - art: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - config: - additionalProperties: - type: string - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - storageUri: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - type: - type: string - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - type: object - automountServiceAccountToken: - type: boolean - batcher: - properties: - maxBatchSize: - type: integer - maxLatency: - type: integer - timeout: - type: integer - type: object - canaryTrafficPercent: - format: int64 - type: integer - containerConcurrency: - format: int64 - type: integer - containers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - logger: - properties: - mode: - enum: - - all - - request - - response - type: string - url: - type: string - type: object - maxReplicas: - type: integer - minReplicas: - type: integer - nodeName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - preemptionPolicy: - type: string - priority: - format: int32 - type: integer - priorityClassName: - type: string - readinessGates: - items: - properties: - conditionType: - type: string - required: - - conditionType - type: object - type: array - restartPolicy: - type: string - runtimeClassName: - type: string - schedulerName: - type: string - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - serviceAccount: - type: string - serviceAccountName: - type: string - setHostnameAsFQDN: - type: boolean - shareProcessNamespace: - type: boolean - subdomain: - type: string - terminationGracePeriodSeconds: - format: int64 - type: integer - timeout: - format: int64 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - topologySpreadConstraints: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - maxSkew: - format: int32 - type: integer - topologyKey: - type: string - whenUnsatisfiable: - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - readOnly: - type: boolean - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - predictor: - properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - type: boolean - batcher: - properties: - maxBatchSize: - type: integer - maxLatency: - type: integer - timeout: - type: integer - type: object - canaryTrafficPercent: - format: int64 - type: integer - containerConcurrency: - format: int64 - type: integer - containers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - lightgbm: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - protocolVersion: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - storageUri: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - type: object - logger: - properties: - mode: - enum: - - all - - request - - response - type: string - url: - type: string - type: object - maxReplicas: - type: integer - minReplicas: - type: integer - nodeName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - onnx: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - protocolVersion: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - storageUri: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - paddle: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - protocolVersion: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - storageUri: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - type: object - pmml: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - protocolVersion: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - storageUri: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - type: object - preemptionPolicy: - type: string - priority: - format: int32 - type: integer - priorityClassName: - type: string - pytorch: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - modelClassName: - type: string - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - protocolVersion: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - storageUri: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - type: object - readinessGates: - items: - properties: - conditionType: - type: string - required: - - conditionType - type: object - type: array - restartPolicy: - type: string - runtimeClassName: - type: string - schedulerName: - type: string - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - serviceAccount: - type: string - serviceAccountName: - type: string - setHostnameAsFQDN: - type: boolean - shareProcessNamespace: - type: boolean - sklearn: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - protocolVersion: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - storageUri: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - type: object - subdomain: - type: string - tensorflow: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - protocolVersion: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - storageUri: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeout: - format: int64 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - topologySpreadConstraints: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - maxSkew: - format: int32 - type: integer - topologyKey: - type: string - whenUnsatisfiable: - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - triton: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - protocolVersion: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - storageUri: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - type: object - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - readOnly: - type: boolean - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - xgboost: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - protocolVersion: - type: string - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - storageUri: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - type: object - type: object - transformer: - properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - automountServiceAccountToken: - type: boolean - batcher: - properties: - maxBatchSize: - type: integer - maxLatency: - type: integer - timeout: - type: integer - type: object - canaryTrafficPercent: - format: int64 - type: integer - containerConcurrency: - format: int64 - type: integer - containers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: - properties: - name: - type: string - value: - type: string - type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - logger: - properties: - mode: - enum: - - all - - request - - response - type: string - url: - type: string - type: object - maxReplicas: - type: integer - minReplicas: - type: integer - nodeName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - preemptionPolicy: - type: string - priority: - format: int32 - type: integer - priorityClassName: - type: string - readinessGates: - items: - properties: - conditionType: - type: string - required: - - conditionType - type: object - type: array - restartPolicy: - type: string - runtimeClassName: - type: string - schedulerName: - type: string - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - serviceAccount: - type: string - serviceAccountName: - type: string - setHostnameAsFQDN: - type: boolean - shareProcessNamespace: - type: boolean - subdomain: - type: string - terminationGracePeriodSeconds: - format: int64 - type: integer - timeout: - format: int64 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - topologySpreadConstraints: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - maxSkew: - format: int32 - type: integer - topologyKey: - type: string - whenUnsatisfiable: - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: - type: string - diskURI: - type: string - fsType: - type: string - kind: - type: string - readOnly: - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - properties: - readOnly: - type: boolean - secretName: - type: string - shareName: - type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: - monitors: - items: - type: string - type: array - path: - type: string - readOnly: - type: boolean - secretFile: - type: string - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - monitors - type: object - cinder: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: - type: string - required: - - volumeID - type: object - configMap: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - csi: - properties: - driver: - type: string - fsType: - type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - readOnly: - type: boolean - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - downwardAPI: - properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: - type: string - optional: - type: boolean - type: object - serviceAccountToken: - properties: - audience: - type: string - expirationSeconds: - format: int64 - type: integer - path: - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - required: - - predictor - type: object - status: - properties: - address: - properties: - url: - type: string - type: object - annotations: - additionalProperties: - type: string - type: object - components: - additionalProperties: - properties: - address: - properties: - url: - type: string - type: object - latestCreatedRevision: - type: string - latestReadyRevision: - type: string - latestRolledoutRevision: - type: string - previousRolledoutRevision: - type: string - traffic: - items: - properties: - configurationName: - type: string - latestRevision: - type: boolean - percent: - format: int64 - type: integer - revisionName: - type: string - tag: - type: string - url: - type: string - type: object - type: array - url: - type: string - type: object - type: object - conditions: - items: - properties: - lastTransitionTime: - type: string - message: - type: string - reason: - type: string - severity: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - url: - type: string - type: object - type: object - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/apps/kfserving/upstream/crd/serving.kubeflow.org_trainedmodels.yaml b/apps/kfserving/upstream/crd/serving.kubeflow.org_trainedmodels.yaml deleted file mode 100644 index 3d4560a9c5..0000000000 --- a/apps/kfserving/upstream/crd/serving.kubeflow.org_trainedmodels.yaml +++ /dev/null @@ -1,114 +0,0 @@ - ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.1-0.20200528125929-5c0c6ae3b64b - creationTimestamp: null - name: trainedmodels.serving.kubeflow.org -spec: - additionalPrinterColumns: - - JSONPath: .status.url - name: URL - type: string - - JSONPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date - group: serving.kubeflow.org - names: - kind: TrainedModel - listKind: TrainedModelList - plural: trainedmodels - shortNames: - - tm - singular: trainedmodel - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - inferenceService: - type: string - model: - properties: - framework: - type: string - memory: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - storageUri: - type: string - required: - - framework - - memory - - storageUri - type: object - required: - - inferenceService - - model - type: object - status: - properties: - address: - properties: - url: - type: string - type: object - annotations: - additionalProperties: - type: string - type: object - conditions: - items: - properties: - lastTransitionTime: - type: string - message: - type: string - reason: - type: string - severity: - type: string - status: - type: string - type: - type: string - required: - - status - - type - type: object - type: array - observedGeneration: - format: int64 - type: integer - url: - type: string - type: object - type: object - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] diff --git a/apps/kfserving/upstream/default/cainjection_conversion_webhook.yaml b/apps/kfserving/upstream/default/cainjection_conversion_webhook.yaml deleted file mode 100644 index f26c9ab4c8..0000000000 --- a/apps/kfserving/upstream/default/cainjection_conversion_webhook.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# The following patch adds a directive for certmanager to inject CA into the CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - cert-manager.io/inject-ca-from: $(kfservingNamespace)/serving-cert - name: inferenceservices.serving.kubeflow.org diff --git a/apps/kfserving/upstream/default/inferenceservice_conversion_webhook.yaml b/apps/kfserving/upstream/default/inferenceservice_conversion_webhook.yaml deleted file mode 100644 index 79ea458f8d..0000000000 --- a/apps/kfserving/upstream/default/inferenceservice_conversion_webhook.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# The following patch enables conversion webhook for CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: inferenceservices.serving.kubeflow.org -spec: - preserveUnknownFields: false - conversion: - strategy: Webhook - conversionReviewVersions: ["v1alpha2","v1beta1"] - webhookClientConfig: - # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, - # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) - caBundle: Cg== - service: - namespace: $(kfservingNamespace) - name: $(webhookServiceName) - path: /convert diff --git a/apps/kfserving/upstream/default/kustomization.yaml b/apps/kfserving/upstream/default/kustomization.yaml deleted file mode 100644 index 17cd6fe881..0000000000 --- a/apps/kfserving/upstream/default/kustomization.yaml +++ /dev/null @@ -1,71 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -# Adds namespace to all resources. -namespace: kfserving-system - -# Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue - -bases: -- ../crd -- ../configmap -- ../rbac -- ../manager -- ../webhook -- ../certmanager -- ../web-app - - # Protect the /metrics endpoint by putting it behind auth. - # Only one of manager_auth_proxy_patch.yaml and - # manager_prometheus_metrics_patch.yaml should be enabled. - # If you want your controller-manager to expose the /metrics - # endpoint w/o any authn/z, uncomment the following line and - # comment manager_auth_proxy_patch.yaml. - # Only one of manager_auth_proxy_patch.yaml and - # manager_prometheus_metrics_patch.yaml should be enabled. -#- manager_prometheus_metrics_patch.yaml -patchesStrategicMerge: -- manager_image_patch.yaml -- manager_auth_proxy_patch.yaml -- webhookcainjection_patch.yaml -- manager_resources_patch.yaml -- inferenceservice_conversion_webhook.yaml -- cainjection_conversion_webhook.yaml - -generatorOptions: - disableNameSuffixHash: true - -# To make namespace for standalone installation kustomizable, -# variabalize ingress gateway, webhook service name and -# kfserving namespace in webhook configurations -configMapGenerator: - - name: kfserving-config - envs: - - params.env -vars: -- name: ingressGateway - objref: - kind: ConfigMap - name: kfserving-config - apiVersion: v1 - fieldref: - fieldpath: data.ingressGateway -- fieldref: - fieldPath: metadata.name - name: webhookServiceName - objref: - apiVersion: v1 - kind: Service - name: kfserving-webhook-server-service -- name: kfservingNamespace - objref: - kind: Certificate - group: cert-manager.io - version: v1alpha2 - name: serving-cert - fieldref: - fieldpath: metadata.namespace -configurations: -- params.yaml diff --git a/apps/kfserving/upstream/default/manager_auth_proxy_patch.yaml b/apps/kfserving/upstream/default/manager_auth_proxy_patch.yaml deleted file mode 100644 index 42e72bcaa5..0000000000 --- a/apps/kfserving/upstream/default/manager_auth_proxy_patch.yaml +++ /dev/null @@ -1,24 +0,0 @@ -# This patch inject a sidecar container which is a HTTP proxy for the controller manager, -# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: kfserving-controller-manager - namespace: kfserving-system -spec: - template: - spec: - containers: - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=10" - ports: - - containerPort: 8443 - name: https - - name: manager - args: - - "--metrics-addr=127.0.0.1:8080" diff --git a/apps/kfserving/upstream/default/manager_image_patch.yaml b/apps/kfserving/upstream/default/manager_image_patch.yaml deleted file mode 100644 index 7cc7c37a82..0000000000 --- a/apps/kfserving/upstream/default/manager_image_patch.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: kfserving-controller-manager - namespace: kfserving-system -spec: - template: - spec: - containers: - # Change the value of image field below to your controller image URL - - image: kfserving/kfserving-controller:v0.6.1 - name: manager diff --git a/apps/kfserving/upstream/default/manager_prometheus_metrics_patch.yaml b/apps/kfserving/upstream/default/manager_prometheus_metrics_patch.yaml deleted file mode 100644 index 93217b6abc..0000000000 --- a/apps/kfserving/upstream/default/manager_prometheus_metrics_patch.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# This patch enables Prometheus scraping for the manager pod. -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: kfserving-controller-manager - namespace: kfserving-system -spec: - template: - metadata: - annotations: - prometheus.io/scrape: 'true' - spec: - containers: - # Expose the prometheus metrics on default port - - name: manager - ports: - - containerPort: 8080 - name: metrics - protocol: TCP diff --git a/apps/kfserving/upstream/default/manager_resources_patch.yaml b/apps/kfserving/upstream/default/manager_resources_patch.yaml deleted file mode 100644 index 5a918afc43..0000000000 --- a/apps/kfserving/upstream/default/manager_resources_patch.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: kfserving-controller-manager - namespace: kfserving-system -spec: - template: - spec: - containers: - - name: manager - resources: - limits: - cpu: 100m - memory: 300Mi - \ No newline at end of file diff --git a/apps/kfserving/upstream/default/params.env b/apps/kfserving/upstream/default/params.env deleted file mode 100644 index a2793e530e..0000000000 --- a/apps/kfserving/upstream/default/params.env +++ /dev/null @@ -1 +0,0 @@ -ingressGateway=knative-serving/knative-ingress-gateway diff --git a/apps/kfserving/upstream/default/params.yaml b/apps/kfserving/upstream/default/params.yaml deleted file mode 100644 index 0c48d2721b..0000000000 --- a/apps/kfserving/upstream/default/params.yaml +++ /dev/null @@ -1,17 +0,0 @@ -varReference: -- path: webhooks/clientConfig/service/name - kind: MutatingWebhookConfiguration -- path: webhooks/clientConfig/service/namespace - kind: MutatingWebhookConfiguration -- path: webhooks/clientConfig/service/name - kind: ValidatingWebhookConfiguration -- path: webhooks/clientConfig/service/namespace - kind: ValidatingWebhookConfiguration -- path: spec/conversion/webhookClientConfig/service/name - kind: CustomResourceDefinition -- path: spec/conversion/webhookClientConfig/service/namespace - kind: CustomResourceDefinition -- path: data/ingress - kind: ConfigMap -- path: spec/gateways - kind: VirtualService diff --git a/apps/kfserving/upstream/default/webhookcainjection_patch.yaml b/apps/kfserving/upstream/default/webhookcainjection_patch.yaml deleted file mode 100644 index 4ac01215dd..0000000000 --- a/apps/kfserving/upstream/default/webhookcainjection_patch.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# This patch add annotation to admission webhook config and -# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: inferenceservice.serving.kubeflow.org - annotations: - cert-manager.io/inject-ca-from: $(kfservingNamespace)/serving-cert -webhooks: - - name: inferenceservice.kfserving-webhook-server.defaulter ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: inferenceservice.serving.kubeflow.org - annotations: - cert-manager.io/inject-ca-from: $(kfservingNamespace)/serving-cert -webhooks: - - name: inferenceservice.kfserving-webhook-server.validator ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: trainedmodel.serving.kubeflow.org - annotations: - cert-manager.io/inject-ca-from: $(kfservingNamespace)/serving-cert -webhooks: - - name: trainedmodel.kfserving-webhook-server.validator diff --git a/apps/kfserving/upstream/manager/kustomization.yaml b/apps/kfserving/upstream/manager/kustomization.yaml deleted file mode 100644 index d51ee13b63..0000000000 --- a/apps/kfserving/upstream/manager/kustomization.yaml +++ /dev/null @@ -1,3 +0,0 @@ -resources: -- manager.yaml -- service.yaml diff --git a/apps/kfserving/upstream/manager/manager.yaml b/apps/kfserving/upstream/manager/manager.yaml deleted file mode 100644 index 734c274303..0000000000 --- a/apps/kfserving/upstream/manager/manager.yaml +++ /dev/null @@ -1,60 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: kfserving-controller-manager - namespace: kfserving-system - labels: - control-plane: kfserving-controller-manager - controller-tools.k8s.io: "1.0" -spec: - selector: - matchLabels: - control-plane: kfserving-controller-manager - controller-tools.k8s.io: "1.0" - serviceName: controller-manager-service - template: - metadata: - labels: - control-plane: kfserving-controller-manager - controller-tools.k8s.io: "1.0" - spec: - containers: - - command: - - /manager - image: ko://github.com/kubeflow/kfserving/cmd/manager - imagePullPolicy: Always - name: manager - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SECRET_NAME - value: kfserving-webhook-server-cert - resources: - limits: - cpu: 100m - memory: 300Mi - requests: - cpu: 100m - memory: 200Mi - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - terminationGracePeriodSeconds: 10 - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: kfserving-webhook-server-cert ---- -apiVersion: v1 -kind: Secret -metadata: - name: kfserving-webhook-server-secret - namespace: kfserving-system diff --git a/apps/kfserving/upstream/manager/service.yaml b/apps/kfserving/upstream/manager/service.yaml deleted file mode 100644 index 17f9499301..0000000000 --- a/apps/kfserving/upstream/manager/service.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: kfserving-controller-manager - controller-tools.k8s.io: "1.0" - istio-injection: disabled - name: kfserving-system ---- -apiVersion: v1 -kind: Service -metadata: - name: kfserving-controller-manager-service - namespace: kfserving-system - labels: - control-plane: kfserving-controller-manager - controller-tools.k8s.io: "1.0" -spec: - selector: - control-plane: kfserving-controller-manager - controller-tools.k8s.io: "1.0" - ports: - - port: 443 diff --git a/apps/kfserving/upstream/overlays/dev-image-config/kustomization.yaml b/apps/kfserving/upstream/overlays/dev-image-config/kustomization.yaml deleted file mode 100644 index 94482f7793..0000000000 --- a/apps/kfserving/upstream/overlays/dev-image-config/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -bases: - - ../../default - -patches: - - inferenceservice_patch.yaml diff --git a/apps/kfserving/upstream/overlays/development/configmap/ko_resolve_agent b/apps/kfserving/upstream/overlays/development/configmap/ko_resolve_agent deleted file mode 100644 index 46b6ca62b5..0000000000 --- a/apps/kfserving/upstream/overlays/development/configmap/ko_resolve_agent +++ /dev/null @@ -1 +0,0 @@ -image: ko://github.com/kubeflow/kfserving/cmd/agent diff --git a/apps/kfserving/upstream/overlays/development/configmap/ko_resolve_batcher b/apps/kfserving/upstream/overlays/development/configmap/ko_resolve_batcher deleted file mode 100644 index 64f3052b9a..0000000000 --- a/apps/kfserving/upstream/overlays/development/configmap/ko_resolve_batcher +++ /dev/null @@ -1 +0,0 @@ -image: ko://github.com/kubeflow/kfserving/cmd/batcher diff --git a/apps/kfserving/upstream/overlays/development/configmap/ko_resolve_logger b/apps/kfserving/upstream/overlays/development/configmap/ko_resolve_logger deleted file mode 100644 index 60ab778df2..0000000000 --- a/apps/kfserving/upstream/overlays/development/configmap/ko_resolve_logger +++ /dev/null @@ -1 +0,0 @@ -image: ko://github.com/kubeflow/kfserving/cmd/logger diff --git a/apps/kfserving/upstream/overlays/development/kustomization.yaml b/apps/kfserving/upstream/overlays/development/kustomization.yaml deleted file mode 100644 index 73efdbb4d0..0000000000 --- a/apps/kfserving/upstream/overlays/development/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -bases: - - ../../default - -patches: - - configmap/inferenceservice_patch.yaml - - manager_image_patch.yaml diff --git a/apps/kfserving/upstream/overlays/kubeflow/cluster-role.yaml b/apps/kfserving/upstream/overlays/kubeflow/cluster-role.yaml deleted file mode 100644 index c5d98503dd..0000000000 --- a/apps/kfserving/upstream/overlays/kubeflow/cluster-role.yaml +++ /dev/null @@ -1,83 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubeflow-kfserving-admin - labels: - rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.authorization.kubeflow.org/aggregate-to-kubeflow-kfserving-admin: "true" -rules: [] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubeflow-kfserving-edit - labels: - rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" - rbac.authorization.kubeflow.org/aggregate-to-kubeflow-kfserving-admin: "true" -rules: -- apiGroups: - - serving.kubeflow.org - resources: - - inferenceservices - verbs: - - get - - list - - watch - - create - - delete - - deletecollection - - patch - - update -- apiGroups: - - serving.knative.dev - resources: - - services - - services/status - - routes - - routes/status - - configurations - - configurations/status - - revisions - - revisions/status - verbs: - - get - - list - - watch - - create - - delete - - deletecollection - - patch - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubeflow-kfserving-view - labels: - rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" -rules: -- apiGroups: - - serving.kubeflow.org - resources: - - inferenceservices - verbs: - - get - - list - - watch -- apiGroups: - - serving.knative.dev - resources: - - services - - services/status - - routes - - routes/status - - configurations - - configurations/status - - revisions - - revisions/status - verbs: - - get - - list diff --git a/apps/kfserving/upstream/overlays/kubeflow/kustomization.yaml b/apps/kfserving/upstream/overlays/kubeflow/kustomization.yaml deleted file mode 100644 index 1f0ef6fbba..0000000000 --- a/apps/kfserving/upstream/overlays/kubeflow/kustomization.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -# Adds namespace to all resources. -namespace: kubeflow - -# Labels to add to all resources and selectors. -commonLabels: - app: kfserving - app.kubernetes.io/name: kfserving - -bases: -- ../../default -- cluster-role.yaml -- web-app-authorization-policy.yaml - -patchesStrategicMerge: -- patches/statefulset.yaml -- patches/namespace.yaml -- patches/web-app-sidecar.yaml - -patchesJson6902: -- target: - group: networking.istio.io - version: v1beta1 - kind: VirtualService - name: kfserving-models-web-app - namespace: kfserving-system - path: patches/web-app-vsvc.yaml - -generatorOptions: - disableNameSuffixHash: true - -# To make namespace for standalone installation kustomizable, -# variabalize ingress gateway, webhook service name and -# kfserving namespace in webhook configurations -configMapGenerator: - - name: kfserving-config - behavior: replace - envs: - - params.env - - name: kfserving-models-web-app-config - behavior: replace - literals: - - USERID_HEADER=kubeflow-userid - -configurations: -- params.yaml diff --git a/apps/kfserving/upstream/overlays/kubeflow/params.env b/apps/kfserving/upstream/overlays/kubeflow/params.env deleted file mode 100644 index cc8ffdf244..0000000000 --- a/apps/kfserving/upstream/overlays/kubeflow/params.env +++ /dev/null @@ -1 +0,0 @@ -ingressGateway=kubeflow/kubeflow-gateway diff --git a/apps/kfserving/upstream/overlays/kubeflow/params.yaml b/apps/kfserving/upstream/overlays/kubeflow/params.yaml deleted file mode 100644 index 56365c66ce..0000000000 --- a/apps/kfserving/upstream/overlays/kubeflow/params.yaml +++ /dev/null @@ -1,4 +0,0 @@ -commonLabels: -- kind: AuthorizationPolicy - path: spec/selector/matchLabels - create: true diff --git a/apps/kfserving/upstream/overlays/kubeflow/patches/namespace.yaml b/apps/kfserving/upstream/overlays/kubeflow/patches/namespace.yaml deleted file mode 100644 index c7c0748d76..0000000000 --- a/apps/kfserving/upstream/overlays/kubeflow/patches/namespace.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# Remove namespace resource as namespace will already exist. -$patch: delete -apiVersion: v1 -kind: Namespace -metadata: - name: kfserving-system diff --git a/apps/kfserving/upstream/overlays/kubeflow/patches/statefulset.yaml b/apps/kfserving/upstream/overlays/kubeflow/patches/statefulset.yaml deleted file mode 100644 index 493508d180..0000000000 --- a/apps/kfserving/upstream/overlays/kubeflow/patches/statefulset.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: kfserving-controller-manager - namespace: kfserving-system -spec: - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" diff --git a/apps/kfserving/upstream/overlays/kubeflow/patches/web-app-sidecar.yaml b/apps/kfserving/upstream/overlays/kubeflow/patches/web-app-sidecar.yaml deleted file mode 100644 index 1bdcf8f382..0000000000 --- a/apps/kfserving/upstream/overlays/kubeflow/patches/web-app-sidecar.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kfserving-models-web-app - namespace: kfserving-system -spec: - template: - metadata: - annotations: - sidecar.istio.io/inject: "true" diff --git a/apps/kfserving/upstream/overlays/kubeflow/patches/web-app-vsvc.yaml b/apps/kfserving/upstream/overlays/kubeflow/patches/web-app-vsvc.yaml deleted file mode 100644 index 123731be78..0000000000 --- a/apps/kfserving/upstream/overlays/kubeflow/patches/web-app-vsvc.yaml +++ /dev/null @@ -1,6 +0,0 @@ -- op: replace - path: /spec/http/0/route/0/destination - value: - host: kfserving-models-web-app.kubeflow.svc.cluster.local - port: - number: 80 diff --git a/apps/kfserving/upstream/overlays/kubeflow/web-app-authorization-policy.yaml b/apps/kfserving/upstream/overlays/kubeflow/web-app-authorization-policy.yaml deleted file mode 100644 index 59e058f7a4..0000000000 --- a/apps/kfserving/upstream/overlays/kubeflow/web-app-authorization-policy.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - labels: - kustomize.component: kfserving-models-web-app - app.kubernetes.io/component: kfserving-models-web-app - name: kfserving-models-web-app -spec: - action: ALLOW - selector: - matchLabels: - kustomize.component: kfserving-models-web-app - app.kubernetes.io/component: kfserving-models-web-app - rules: - - from: - - source: - principals: - - cluster.local/ns/istio-system/sa/istio-ingressgateway-service-account diff --git a/apps/kfserving/upstream/overlays/test/configmap/inferenceservice.yaml b/apps/kfserving/upstream/overlays/test/configmap/inferenceservice.yaml deleted file mode 100644 index 3985f377b5..0000000000 --- a/apps/kfserving/upstream/overlays/test/configmap/inferenceservice.yaml +++ /dev/null @@ -1,187 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: inferenceservice-config - namespace: kfserving-system -data: - predictors: |- - { - "tensorflow": { - "image": "tensorflow/serving", - "defaultImageVersion": "1.14.0", - "defaultGpuImageVersion": "1.14.0-gpu", - "defaultTimeout": "60", - "supportedFrameworks": [ - "tensorflow" - ], - "multiModelServer": false - }, - "onnx": { - "image": "mcr.microsoft.com/onnxruntime/server", - "defaultImageVersion": "v1.0.0", - "supportedFrameworks": [ - "onnx" - ], - "multiModelServer": false - }, - "sklearn": { - "v1": { - "image": "809251082950.dkr.ecr.us-west-2.amazonaws.com/kfserving/sklearnserver", - "defaultImageVersion": "latest", - "supportedFrameworks": [ - "sklearn" - ], - "multiModelServer": true - }, - "v2": { - "image": "docker.io/seldonio/mlserver", - "defaultImageVersion": "0.2.1", - "supportedFrameworks": [ - "sklearn" - ], - "multiModelServer": true - } - }, - "xgboost": { - "v1": { - "image": "809251082950.dkr.ecr.us-west-2.amazonaws.com/kfserving/xgbserver", - "defaultImageVersion": "latest", - "supportedFrameworks": [ - "xgboost" - ], - "multiModelServer": true - }, - "v2": { - "image": "docker.io/seldonio/mlserver", - "defaultImageVersion": "0.2.1", - "supportedFrameworks": [ - "xgboost" - ], - "multiModelServer": true - } - }, - "pytorch": { - "v1" : { - "image": "gcr.io/kfserving/pytorchserver", - "defaultImageVersion": "v0.5.0-rc0", - "defaultGpuImageVersion": "v0.5.0-rc0-gpu", - "supportedFrameworks": [ - "pytorch" - ], - "multiModelServer": false - }, - "v2" : { - "image": "pytorch/torchserve-kfs", - "defaultImageVersion": "0.4.0", - "defaultGpuImageVersion": "0.3.0-gpu", - "supportedFrameworks": [ - "pytorch" - ], - "multiModelServer": false - } - }, - "paddle": { - "image": "ruminateer/paddleserver", - "defaultImageVersion": "v0.1.0", - "supportedFrameworks": [ - "paddle" - ], - "multiModelServer": false - }, - "triton": { - "image": "nvcr.io/nvidia/tritonserver", - "defaultImageVersion": "20.08-py3", - "supportedFrameworks": [ - "tensorrt", - "tensorflow", - "onnx", - "pytorch", - "caffe2" - ], - "multiModelServer": true - }, - "pmml": { - "image": "809251082950.dkr.ecr.us-west-2.amazonaws.com/kfserving/pmmlserver", - "defaultImageVersion": "latest", - "supportedFrameworks": [ - "pmml" - ], - "multiModelServer": false - }, - "lightgbm": { - "image": "809251082950.dkr.ecr.us-west-2.amazonaws.com/kfserving/lgbserver", - "defaultImageVersion": "latest", - "supportedFrameworks": [ - "lightgbm" - ], - "multiModelServer": true - } - } - transformers: |- - { - } - explainers: |- - { - "alibi": { - "image" : "809251082950.dkr.ecr.us-west-2.amazonaws.com/kfserving/alibi-explainer", - "defaultImageVersion": "latest" - }, - "aix": { - "image" : "809251082950.dkr.ecr.us-west-2.amazonaws.com/kfserving/aix-explainer", - "defaultImageVersion": "latest" - }, - "art": { - "image" : "809251082950.dkr.ecr.us-west-2.amazonaws.com/kfserving/art-explainer", - "defaultImageVersion": "latest" - } - } - storageInitializer: |- - { - "image" : "809251082950.dkr.ecr.us-west-2.amazonaws.com/kfserving/storage-initializer:latest", - "memoryRequest": "100Mi", - "memoryLimit": "1Gi", - "cpuRequest": "100m", - "cpuLimit": "1" - } - credentials: |- - { - "gcs": { - "gcsCredentialFileName": "gcloud-application-credentials.json" - }, - "s3": { - "s3AccessKeyIDName": "awsAccessKeyID", - "s3SecretAccessKeyName": "awsSecretAccessKey" - } - } - ingress: |- - { - "ingressGateway" : "knative-serving/knative-ingress-gateway", - "ingressService" : "istio-ingressgateway.istio-system.svc.cluster.local", - "localGateway": "knative-serving/knative-local-gateway", - "localGatewayService" : "knative-local-gateway.istio-system.svc.cluster.local" - } - logger: |- - { - "image" : "809251082950.dkr.ecr.us-west-2.amazonaws.com/kfserving/agent:latest", - "memoryRequest": "100Mi", - "memoryLimit": "1Gi", - "cpuRequest": "100m", - "cpuLimit": "1", - "defaultUrl": "http://default-broker" - } - batcher: |- - { - "image" : "809251082950.dkr.ecr.us-west-2.amazonaws.com/kfserving/batcher:latest", - "memoryRequest": "100Mi", - "memoryLimit": "500Mi", - "cpuRequest": "100m", - "cpuLimit": "300m" - } - agent: |- - { - "image" : "809251082950.dkr.ecr.us-west-2.amazonaws.com/kfserving/agent:latest", - "memoryRequest": "100Mi", - "memoryLimit": "500Mi", - "cpuRequest": "100m", - "cpuLimit": "300m" - } diff --git a/apps/kfserving/upstream/overlays/test/kustomization.yaml b/apps/kfserving/upstream/overlays/test/kustomization.yaml deleted file mode 100644 index 2f33aeb404..0000000000 --- a/apps/kfserving/upstream/overlays/test/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -bases: - - ../../default - -patches: - - configmap/inferenceservice.yaml - - manager_image_patch.yaml diff --git a/apps/kfserving/upstream/overlays/test/manager_image_patch.yaml b/apps/kfserving/upstream/overlays/test/manager_image_patch.yaml deleted file mode 100644 index c33acfce9b..0000000000 --- a/apps/kfserving/upstream/overlays/test/manager_image_patch.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: kfserving-controller-manager - namespace: kfserving-system -spec: - template: - spec: - containers: - - name: manager - command: - image: 809251082950.dkr.ecr.us-west-2.amazonaws.com/kfserving/kfserving-controller:latest diff --git a/apps/kfserving/upstream/rbac/auth_proxy_role.yaml b/apps/kfserving/upstream/rbac/auth_proxy_role.yaml deleted file mode 100644 index 67422229f7..0000000000 --- a/apps/kfserving/upstream/rbac/auth_proxy_role.yaml +++ /dev/null @@ -1,13 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kfserving-proxy-role -rules: -- apiGroups: ["authentication.k8s.io"] - resources: - - tokenreviews - verbs: ["create"] -- apiGroups: ["authorization.k8s.io"] - resources: - - subjectaccessreviews - verbs: ["create"] diff --git a/apps/kfserving/upstream/rbac/auth_proxy_role_binding.yaml b/apps/kfserving/upstream/rbac/auth_proxy_role_binding.yaml deleted file mode 100644 index 436fa187f9..0000000000 --- a/apps/kfserving/upstream/rbac/auth_proxy_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kfserving-proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kfserving-proxy-role -subjects: -- kind: ServiceAccount - name: default - namespace: kfserving-system diff --git a/apps/kfserving/upstream/rbac/auth_proxy_service.yaml b/apps/kfserving/upstream/rbac/auth_proxy_service.yaml deleted file mode 100644 index 6a2bbe682b..0000000000 --- a/apps/kfserving/upstream/rbac/auth_proxy_service.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - prometheus.io/port: "8443" - prometheus.io/scheme: https - prometheus.io/scrape: "true" - labels: - control-plane: kfserving-controller-manager - controller-tools.k8s.io: "1.0" - name: kfserving-controller-manager-metrics-service - namespace: kfserving-system -spec: - ports: - - name: https - port: 8443 - targetPort: https - selector: - control-plane: kfserving-controller-manager - controller-tools.k8s.io: "1.0" diff --git a/apps/kfserving/upstream/rbac/kustomization.yaml b/apps/kfserving/upstream/rbac/kustomization.yaml deleted file mode 100644 index 817f1fe613..0000000000 --- a/apps/kfserving/upstream/rbac/kustomization.yaml +++ /dev/null @@ -1,11 +0,0 @@ -resources: -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 3 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml diff --git a/apps/kfserving/upstream/rbac/leader_election_role.yaml b/apps/kfserving/upstream/rbac/leader_election_role.yaml deleted file mode 100644 index eaa79158fb..0000000000 --- a/apps/kfserving/upstream/rbac/leader_election_role.yaml +++ /dev/null @@ -1,32 +0,0 @@ -# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - update - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create diff --git a/apps/kfserving/upstream/rbac/leader_election_role_binding.yaml b/apps/kfserving/upstream/rbac/leader_election_role_binding.yaml deleted file mode 100644 index e2b60a7151..0000000000 --- a/apps/kfserving/upstream/rbac/leader_election_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: leader-election-role -subjects: -- kind: ServiceAccount - name: default - namespace: kfserving-system diff --git a/apps/kfserving/upstream/rbac/role.yaml b/apps/kfserving/upstream/rbac/role.yaml deleted file mode 100644 index c96dec5c5d..0000000000 --- a/apps/kfserving/upstream/rbac/role.yaml +++ /dev/null @@ -1,188 +0,0 @@ - ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - creationTimestamp: null - name: kfserving-manager-role -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - mutatingwebhookconfigurations - - validatingwebhookconfigurations - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - list - - update - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - secrets - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - networking.istio.io - resources: - - virtualservices - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - networking.istio.io - resources: - - virtualservices/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - networking.istio.io - resources: - - virtualservices/status - verbs: - - get - - patch - - update -- apiGroups: - - serving.knative.dev - resources: - - services - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - serving.knative.dev - resources: - - services/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - serving.knative.dev - resources: - - services/status - verbs: - - get - - patch - - update -- apiGroups: - - serving.kubeflow.org - resources: - - inferenceservices - - inferenceservices/finalizers - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - serving.kubeflow.org - resources: - - inferenceservices/status - verbs: - - get - - patch - - update -- apiGroups: - - serving.kubeflow.org - resources: - - trainedmodels - verbs: - - create - - delete - - get - - list - - patch - - update - - watch -- apiGroups: - - serving.kubeflow.org - resources: - - trainedmodels/status - verbs: - - get - - patch - - update diff --git a/apps/kfserving/upstream/rbac/role_binding.yaml b/apps/kfserving/upstream/rbac/role_binding.yaml deleted file mode 100644 index 76b24b0d3e..0000000000 --- a/apps/kfserving/upstream/rbac/role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kfserving-manager-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kfserving-manager-role -subjects: -- kind: ServiceAccount - name: default - namespace: kfserving-system diff --git a/apps/kfserving/upstream/web-app/deployment.yaml b/apps/kfserving/upstream/web-app/deployment.yaml deleted file mode 100644 index 1685ad3717..0000000000 --- a/apps/kfserving/upstream/web-app/deployment.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: kfserving-models-web-app - namespace: kfserving-system -spec: - replicas: 1 - selector: - matchLabels: - app.kubernetes.io/component: kfserving-models-web-app - template: - metadata: - labels: - app.kubernetes.io/component: kfserving-models-web-app - spec: - containers: - - image: kfserving/models-web-app:v0.6.1 - imagePullPolicy: Always - name: kfserving-models-web-app - envFrom: - - configMapRef: - name: kfserving-models-web-app-config - ports: - - containerPort: 5000 - serviceAccountName: kfserving-models-web-app diff --git a/apps/kfserving/upstream/web-app/istio.yaml b/apps/kfserving/upstream/web-app/istio.yaml deleted file mode 100644 index e011fc97cc..0000000000 --- a/apps/kfserving/upstream/web-app/istio.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: networking.istio.io/v1beta1 -kind: VirtualService -metadata: - name: kfserving-models-web-app - namespace: kfserving-system -spec: - gateways: - - $(ingressGateway) - hosts: - - '*' - http: - - match: - - uri: - prefix: /models/ - rewrite: - uri: / - route: - - destination: - host: kfserving-models-web-app.kfserving-system.svc.cluster.local - port: - number: 80 diff --git a/apps/kfserving/upstream/web-app/kustomization.yaml b/apps/kfserving/upstream/web-app/kustomization.yaml deleted file mode 100644 index 9aa2c65b7d..0000000000 --- a/apps/kfserving/upstream/web-app/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -resources: -- rbac.yaml -- service.yaml -- deployment.yaml -- istio.yaml -commonLabels: - kustomize.component: kfserving-models-web-app - app.kubernetes.io/component: kfserving-models-web-app -configMapGenerator: - - name: kfserving-models-web-app-config - literals: - - APP_DISABLE_AUTH="True" diff --git a/apps/kfserving/upstream/web-app/rbac.yaml b/apps/kfserving/upstream/web-app/rbac.yaml deleted file mode 100644 index ca34cc7584..0000000000 --- a/apps/kfserving/upstream/web-app/rbac.yaml +++ /dev/null @@ -1,68 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: kfserving-models-web-app - namespace: kfserving-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kfserving-models-web-app-cluster-role -rules: -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create -- apiGroups: - - "" - resources: - - namespaces - - pods - - pods/log - - events - verbs: - - get - - list -- apiGroups: - - serving.kubeflow.org - resources: - - inferenceservices - - inferenceservices/status - verbs: - - get - - list - - watch - - create - - delete - - deletecollection - - patch - - update -- apiGroups: - - serving.knative.dev - resources: - - services - - services/status - - routes - - routes/status - - configurations - - configurations/status - - revisions - - revisions/status - verbs: - - get - - list ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: kfserving-models-web-app-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kfserving-models-web-app-cluster-role -subjects: -- kind: ServiceAccount - name: kfserving-models-web-app - namespace: kfserving-system diff --git a/apps/kfserving/upstream/web-app/service.yaml b/apps/kfserving/upstream/web-app/service.yaml deleted file mode 100644 index 4cc0409373..0000000000 --- a/apps/kfserving/upstream/web-app/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kfserving-models-web-app - namespace: kfserving-system -spec: - ports: - - name: http - port: 80 - protocol: TCP - targetPort: 5000 - selector: - app.kubernetes.io/component: kfserving-models-web-app - type: ClusterIP diff --git a/apps/kfserving/upstream/webhook/kustomization.yaml b/apps/kfserving/upstream/webhook/kustomization.yaml deleted file mode 100644 index 9cf26134e4..0000000000 --- a/apps/kfserving/upstream/webhook/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -resources: -- manifests.yaml -- service.yaml - -configurations: -- kustomizeconfig.yaml diff --git a/apps/kfserving/upstream/webhook/kustomizeconfig.yaml b/apps/kfserving/upstream/webhook/kustomizeconfig.yaml deleted file mode 100644 index 25e21e3c96..0000000000 --- a/apps/kfserving/upstream/webhook/kustomizeconfig.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# the following config is for teaching kustomize where to look at when substituting vars. -# It requires kustomize v2.1.0 or newer to work properly. -nameReference: -- kind: Service - version: v1 - fieldSpecs: - - kind: MutatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/name - - kind: ValidatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/name - -namespace: -- kind: MutatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/namespace - create: true -- kind: ValidatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/namespace - create: true - -varReference: -- path: metadata/annotations diff --git a/apps/kfserving/upstream/webhook/manifests.yaml b/apps/kfserving/upstream/webhook/manifests.yaml deleted file mode 100644 index 0c5c76d4b5..0000000000 --- a/apps/kfserving/upstream/webhook/manifests.yaml +++ /dev/null @@ -1,138 +0,0 @@ ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - creationTimestamp: null - name: inferenceservice.serving.kubeflow.org -webhooks: - - clientConfig: - caBundle: Cg== - service: - name: $(webhookServiceName) - namespace: $(kfservingNamespace) - path: /mutate-serving-kubeflow-org-v1alpha2-inferenceservice - failurePolicy: Fail - name: inferenceservice.kfserving-webhook-server.defaulter - rules: - - apiGroups: - - serving.kubeflow.org - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - inferenceservices - - clientConfig: - caBundle: Cg== - service: - name: $(webhookServiceName) - namespace: $(kfservingNamespace) - path: /mutate-serving-kubeflow-org-v1beta1-inferenceservice - failurePolicy: Fail - name: inferenceservice.kfserving-webhook-server.v1beta1.defaulter - rules: - - apiGroups: - - serving.kubeflow.org - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - inferenceservices - - clientConfig: - caBundle: Cg== - service: - name: $(webhookServiceName) - namespace: $(kfservingNamespace) - path: /mutate-pods - failurePolicy: Fail - name: inferenceservice.kfserving-webhook-server.pod-mutator - namespaceSelector: - matchExpressions: - - key: control-plane - operator: DoesNotExist - objectSelector: - matchExpressions: - - key: serving.kubeflow.org/inferenceservice - operator: Exists - rules: - - apiGroups: - - "" - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - pods - ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - creationTimestamp: null - name: inferenceservice.serving.kubeflow.org -webhooks: - - clientConfig: - caBundle: Cg== - service: - name: $(webhookServiceName) - namespace: $(kfservingNamespace) - path: /validate-serving-kubeflow-org-v1alpha2-inferenceservice - failurePolicy: Fail - name: inferenceservice.kfserving-webhook-server.validator - rules: - - apiGroups: - - serving.kubeflow.org - apiVersions: - - v1alpha2 - operations: - - CREATE - - UPDATE - resources: - - inferenceservices - - clientConfig: - caBundle: Cg== - service: - name: $(webhookServiceName) - namespace: $(kfservingNamespace) - path: /validate-serving-kubeflow-org-v1beta1-inferenceservice - failurePolicy: Fail - name: inferenceservice.kfserving-webhook-server.v1beta1.validator - rules: - - apiGroups: - - serving.kubeflow.org - apiVersions: - - v1beta1 - operations: - - CREATE - - UPDATE - resources: - - inferenceservices ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - creationTimestamp: null - name: trainedmodel.serving.kubeflow.org -webhooks: - - clientConfig: - caBundle: Cg== - service: - name: $(webhookServiceName) - namespace: $(kfservingNamespace) - path: /validate-serving-kubeflow-org-v1alpha1-trainedmodel - failurePolicy: Fail - name: trainedmodel.kfserving-webhook-server.validator - rules: - - apiGroups: - - serving.kubeflow.org - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - trainedmodels diff --git a/apps/kfserving/upstream/webhook/service.yaml b/apps/kfserving/upstream/webhook/service.yaml deleted file mode 100644 index eb94aca082..0000000000 --- a/apps/kfserving/upstream/webhook/service.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: kfserving-webhook-server-service - namespace: kfserving-system -spec: - ports: - - port: 443 - targetPort: webhook-server - selector: - control-plane: kfserving-controller-manager diff --git a/apps/pipeline/upstream/OWNERS b/apps/pipeline/upstream/OWNERS index a990990686..97dddb13e2 100644 --- a/apps/pipeline/upstream/OWNERS +++ b/apps/pipeline/upstream/OWNERS @@ -1,5 +1,4 @@ approvers: - zijianjoy reviewers: - - Bobgy - zijianjoy diff --git a/apps/pipeline/upstream/base/cache-deployer/kustomization.yaml b/apps/pipeline/upstream/base/cache-deployer/kustomization.yaml index ebaabd51a8..912d6c290d 100644 --- a/apps/pipeline/upstream/base/cache-deployer/kustomization.yaml +++ b/apps/pipeline/upstream/base/cache-deployer/kustomization.yaml @@ -8,4 +8,4 @@ commonLabels: app: cache-deployer images: - name: gcr.io/ml-pipeline/cache-deployer - newTag: 1.8.1 + newTag: 2.0.0-alpha.3 diff --git a/apps/pipeline/upstream/base/cache/kustomization.yaml b/apps/pipeline/upstream/base/cache/kustomization.yaml index b84093af0a..ed3f731ac9 100644 --- a/apps/pipeline/upstream/base/cache/kustomization.yaml +++ b/apps/pipeline/upstream/base/cache/kustomization.yaml @@ -10,4 +10,4 @@ commonLabels: app: cache-server images: - name: gcr.io/ml-pipeline/cache-server - newTag: 1.8.1 + newTag: 2.0.0-alpha.3 diff --git a/apps/pipeline/upstream/base/installs/generic/pipeline-install-config.yaml b/apps/pipeline/upstream/base/installs/generic/pipeline-install-config.yaml index 2aae3a784e..7f77cd404d 100644 --- a/apps/pipeline/upstream/base/installs/generic/pipeline-install-config.yaml +++ b/apps/pipeline/upstream/base/installs/generic/pipeline-install-config.yaml @@ -11,7 +11,7 @@ data: until the changes take effect. A quick way to restart all deployments in a namespace: `kubectl rollout restart deployment -n `. appName: pipeline - appVersion: 1.8.1 + appVersion: 2.0.0-alpha.3 dbHost: mysql dbPort: "3306" mlmdDb: metadb diff --git a/apps/pipeline/upstream/base/installs/multi-user/pipelines-profile-controller/sync.py b/apps/pipeline/upstream/base/installs/multi-user/pipelines-profile-controller/sync.py index 3ea1aaaea5..031a3fa268 100644 --- a/apps/pipeline/upstream/base/installs/multi-user/pipelines-profile-controller/sync.py +++ b/apps/pipeline/upstream/base/installs/multi-user/pipelines-profile-controller/sync.py @@ -93,7 +93,7 @@ def get_settings_from_env(controller_port=None, def server_factory(visualization_server_image, visualization_server_tag, frontend_image, frontend_tag, disable_istio_sidecar, minio_access_key, - minio_secret_key, kfp_default_pipeline_root=None, + minio_secret_key, kfp_default_pipeline_root=None, url="", controller_port=8080): """ Returns an HTTPServer populated with Handler with customized settings @@ -360,8 +360,8 @@ def sync(self, parent, children): } }, ] - print('Received request:\n', json.dumps(parent, indent=2, sort_keys=True)) - print('Desired resources except secrets:\n', json.dumps(desired_resources, indent=2, sort_keys=True)) + print('Received request:\n', json.dumps(parent, sort_keys=True)) + print('Desired resources except secrets:\n', json.dumps(desired_resources, sort_keys=True)) # Moved after the print argument because this is sensitive data. desired_resources.append({ "apiVersion": "v1", diff --git a/apps/pipeline/upstream/base/installs/multi-user/pipelines-profile-controller/test_sync.py b/apps/pipeline/upstream/base/installs/multi-user/pipelines-profile-controller/test_sync.py index 2f11ae59c8..50362d60fd 100644 --- a/apps/pipeline/upstream/base/installs/multi-user/pipelines-profile-controller/test_sync.py +++ b/apps/pipeline/upstream/base/installs/multi-user/pipelines-profile-controller/test_sync.py @@ -202,7 +202,7 @@ def test_sync_server_with_pipeline_enabled(sync_server, data, expected_status, url = f"http://{server.server_address[0]}:{str(server.server_address[1])}" print("url: ", url) print("data") - print(json.dumps(data, indent=2)) + print(json.dumps(data)) x = requests.post(url, data=json.dumps(data)) results = json.loads(x.text) @@ -245,7 +245,7 @@ def test_sync_server_with_direct_passing_of_settings( url = f"http://{server.server_address[0]}:{str(server.server_address[1])}" print("url: ", url) print("data") - print(json.dumps(data, indent=2)) + print(json.dumps(data)) x = requests.post(url, data=json.dumps(data)) results = json.loads(x.text) @@ -271,7 +271,7 @@ def test_sync_server_without_pipeline_enabled(sync_server, data, expected_status """ Nearly end-to-end test of how Controller serves .sync as a POST - Tests case where metadata.labels.pipelines.kubeflow.org/enabled does not + Tests case where metadata.labels.pipelines.kubeflow.org/enabled does not exist and thus server returns an empty reply """ server, environ = sync_server diff --git a/apps/pipeline/upstream/base/metadata/base/kustomization.yaml b/apps/pipeline/upstream/base/metadata/base/kustomization.yaml index a621def5b3..7f57134927 100644 --- a/apps/pipeline/upstream/base/metadata/base/kustomization.yaml +++ b/apps/pipeline/upstream/base/metadata/base/kustomization.yaml @@ -9,4 +9,4 @@ resources: - metadata-grpc-sa.yaml images: - name: gcr.io/ml-pipeline/metadata-envoy - newTag: 1.8.1 + newTag: 2.0.0-alpha.3 diff --git a/apps/pipeline/upstream/base/pipeline/kustomization.yaml b/apps/pipeline/upstream/base/pipeline/kustomization.yaml index c320f89c19..38a66d0114 100644 --- a/apps/pipeline/upstream/base/pipeline/kustomization.yaml +++ b/apps/pipeline/upstream/base/pipeline/kustomization.yaml @@ -37,14 +37,14 @@ resources: - kfp-launcher-configmap.yaml images: - name: gcr.io/ml-pipeline/api-server - newTag: 1.8.1 + newTag: 2.0.0-alpha.3 - name: gcr.io/ml-pipeline/persistenceagent - newTag: 1.8.1 + newTag: 2.0.0-alpha.3 - name: gcr.io/ml-pipeline/scheduledworkflow - newTag: 1.8.1 + newTag: 2.0.0-alpha.3 - name: gcr.io/ml-pipeline/frontend - newTag: 1.8.1 + newTag: 2.0.0-alpha.3 - name: gcr.io/ml-pipeline/viewer-crd-controller - newTag: 1.8.1 + newTag: 2.0.0-alpha.3 - name: gcr.io/ml-pipeline/visualization-server - newTag: 1.8.1 + newTag: 2.0.0-alpha.3 diff --git a/apps/pipeline/upstream/base/pipeline/metadata-writer/kustomization.yaml b/apps/pipeline/upstream/base/pipeline/metadata-writer/kustomization.yaml index 5b49a9ffbf..4bbe387cfd 100644 --- a/apps/pipeline/upstream/base/pipeline/metadata-writer/kustomization.yaml +++ b/apps/pipeline/upstream/base/pipeline/metadata-writer/kustomization.yaml @@ -7,4 +7,4 @@ resources: - metadata-writer-sa.yaml images: - name: gcr.io/ml-pipeline/metadata-writer - newTag: 1.8.1 + newTag: 2.0.0-alpha.3 diff --git a/apps/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml b/apps/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml index a85b2a9d40..fea2381110 100644 --- a/apps/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml +++ b/apps/pipeline/upstream/base/pipeline/ml-pipeline-apiserver-deployment.yaml @@ -105,6 +105,21 @@ spec: initialDelaySeconds: 3 periodSeconds: 5 timeoutSeconds: 2 + # This startup probe provides up to a 60 second grace window before the + # liveness probe takes over to accomodate the occasional database + # migration. + startupProbe: + exec: + command: + - wget + - -q # quiet + - -S # show server response + - -O + - "-" # Redirect output to stdout + - http://localhost:8888/apis/v1beta1/healthz + failureThreshold: 12 + periodSeconds: 5 + timeoutSeconds: 2 resources: requests: cpu: 250m diff --git a/apps/pipeline/upstream/env/aws/README.md b/apps/pipeline/upstream/env/aws/README.md index fc0a643735..4502094802 100644 --- a/apps/pipeline/upstream/env/aws/README.md +++ b/apps/pipeline/upstream/env/aws/README.md @@ -30,7 +30,7 @@ aws s3 mb s3://$S3_BUCKET --region $AWS_REGION 3. Prepare RDS -Follow this [doc](https://www.kubeflow.org/docs/aws/rds/#deploy-amazon-rds-mysql-in-your-environment) to set up AWS RDS instance. +Follow this [doc](https://awslabs.github.io/kubeflow-manifests/docs/deployment/rds-s3/guide/) to set up AWS RDS instance. 4. Customize your values - Edit [params.env](params.env), [secret.env](secret.env) and [minio-artifact-secret-patch.env](minio-artifact-secret-patch.env) diff --git a/apps/pipeline/upstream/env/cert-manager/base/cache-cert-issuer.yaml b/apps/pipeline/upstream/env/cert-manager/base/cache-cert-issuer.yaml new file mode 100644 index 0000000000..1c0ba59611 --- /dev/null +++ b/apps/pipeline/upstream/env/cert-manager/base/cache-cert-issuer.yaml @@ -0,0 +1,6 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: kfp-cache-selfsigned-issuer +spec: + selfSigned: {} \ No newline at end of file diff --git a/apps/pipeline/upstream/env/cert-manager/base/cache-cert.yaml b/apps/pipeline/upstream/env/cert-manager/base/cache-cert.yaml new file mode 100644 index 0000000000..7d1136729a --- /dev/null +++ b/apps/pipeline/upstream/env/cert-manager/base/cache-cert.yaml @@ -0,0 +1,15 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: kfp-cache-cert +spec: + commonName: kfp-cache-cert + isCA: true + dnsNames: + - cache-server + - cache-server.$(kfp-namespace) + - cache-server.$(kfp-namespace).svc + issuerRef: + kind: Issuer + name: kfp-cache-selfsigned-issuer + secretName: webhook-server-tls \ No newline at end of file diff --git a/apps/pipeline/upstream/env/cert-manager/base/cache-webhook-config.yaml b/apps/pipeline/upstream/env/cert-manager/base/cache-webhook-config.yaml new file mode 100644 index 0000000000..0f6b43c4fd --- /dev/null +++ b/apps/pipeline/upstream/env/cert-manager/base/cache-webhook-config.yaml @@ -0,0 +1,25 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: cache-webhook-kubeflow + annotations: + cert-manager.io/inject-ca-from: $(kfp-namespace)/kfp-cache-cert +webhooks: + - name: cache-server.$(kfp-namespace).svc + clientConfig: + service: + name: cache-server + namespace: $(kfp-namespace) + path: "/mutate" + failurePolicy: Ignore + rules: + - operations: [ "CREATE" ] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + sideEffects: None + timeoutSeconds: 5 + objectSelector: + matchLabels: + pipelines.kubeflow.org/cache_enabled: "true" + admissionReviewVersions: ["v1beta1"] \ No newline at end of file diff --git a/apps/pipeline/upstream/env/cert-manager/base/kustomization.yaml b/apps/pipeline/upstream/env/cert-manager/base/kustomization.yaml new file mode 100644 index 0000000000..14cacd9316 --- /dev/null +++ b/apps/pipeline/upstream/env/cert-manager/base/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow + +resources: + - cache-cert-issuer.yaml + - cache-cert.yaml + - cache-webhook-config.yaml +commonLabels: + app: cache-server-cert-manager + +configurations: +- params.yaml diff --git a/apps/pipeline/upstream/env/cert-manager/base/params.yaml b/apps/pipeline/upstream/env/cert-manager/base/params.yaml new file mode 100644 index 0000000000..8ee2b1b3c9 --- /dev/null +++ b/apps/pipeline/upstream/env/cert-manager/base/params.yaml @@ -0,0 +1,13 @@ +varReference: + - path: spec/commonName + kind: Certificate + - path: spec/dnsNames + kind: Certificate + - path: spec/issuerRef/name + kind: Certificate + - path: metadata/annotations + kind: MutatingWebhookConfiguration + - path: webhooks/clientConfig/service/namespace + kind: MutatingWebhookConfiguration + - path: webhooks/name + kind: MutatingWebhookConfiguration \ No newline at end of file diff --git a/apps/pipeline/upstream/env/cert-manager/cluster-scoped-resources/kustomization.yaml b/apps/pipeline/upstream/env/cert-manager/cluster-scoped-resources/kustomization.yaml new file mode 100644 index 0000000000..c5df9e990b --- /dev/null +++ b/apps/pipeline/upstream/env/cert-manager/cluster-scoped-resources/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: +- ../../../third-party/application/cluster-scoped +- ../../../third-party/argo/installs/namespace/cluster-scoped +- ../../../base/pipeline/cluster-scoped \ No newline at end of file diff --git a/apps/pipeline/upstream/env/cert-manager/dev/delete-cache-deployer.yaml b/apps/pipeline/upstream/env/cert-manager/dev/delete-cache-deployer.yaml new file mode 100644 index 0000000000..07e2f878c7 --- /dev/null +++ b/apps/pipeline/upstream/env/cert-manager/dev/delete-cache-deployer.yaml @@ -0,0 +1,18 @@ +# Delete cache deployer related resources as we use the cert-manager instead +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cache-deployer-deployment +$patch: delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: kubeflow-pipelines-cache-deployer-role +$patch: delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-rolebinding +$patch: delete \ No newline at end of file diff --git a/apps/pipeline/upstream/env/cert-manager/dev/kustomization.yaml b/apps/pipeline/upstream/env/cert-manager/dev/kustomization.yaml new file mode 100644 index 0000000000..e4dc5ed009 --- /dev/null +++ b/apps/pipeline/upstream/env/cert-manager/dev/kustomization.yaml @@ -0,0 +1,47 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: + - ../../dev + - ../base +namespace: kubeflow + +# Delete the cache deployer as we use the cert-manager instead +patchesStrategicMerge: + - ./delete-cache-deployer.yaml + +resources: +- namespace.yaml + +vars: +# NOTE: var name must be unique globally to allow composition of multiple kustomize +# packages. Therefore, we added prefix `kfp-dev-` to distinguish it from +# others. +- name: kfp-dev-namespace + objref: + # ml-pipeline sa's metadata.namespace will be first transformed by namespace field in kustomization.yaml + # so that we only need to change kustomization.yaml's namespace field for namespace customization. + kind: ServiceAccount + name: ml-pipeline + apiVersion: v1 + fieldref: + fieldpath: metadata.namespace +configurations: +- params.yaml + +# Pass proper arguments to cache-server to use cert-manager certificate +patches: +- patch: |- + - op: add + path: /spec/template/spec/containers/0/args/- + value: "--tls_cert_filename=tls.crt" + target: + kind: Deployment + name: cache-server +- patch: |- + - op: add + path: /spec/template/spec/containers/0/args/- + value: "--tls_key_filename=tls.key" + target: + kind: Deployment + name: cache-server diff --git a/apps/pipeline/upstream/env/cert-manager/dev/namespace.yaml b/apps/pipeline/upstream/env/cert-manager/dev/namespace.yaml new file mode 100644 index 0000000000..51de7acfd8 --- /dev/null +++ b/apps/pipeline/upstream/env/cert-manager/dev/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: '$(kfp-dev-namespace)' diff --git a/apps/pipeline/upstream/env/cert-manager/dev/params.yaml b/apps/pipeline/upstream/env/cert-manager/dev/params.yaml new file mode 100644 index 0000000000..cc253fe266 --- /dev/null +++ b/apps/pipeline/upstream/env/cert-manager/dev/params.yaml @@ -0,0 +1,4 @@ +# Allow Kustomize var to replace following fields. +varReference: +- path: metadata/name + kind: Namespace diff --git a/apps/pipeline/upstream/env/cert-manager/platform-agnostic-multi-user/delete-cache-deployer.yaml b/apps/pipeline/upstream/env/cert-manager/platform-agnostic-multi-user/delete-cache-deployer.yaml new file mode 100644 index 0000000000..de57ccce1b --- /dev/null +++ b/apps/pipeline/upstream/env/cert-manager/platform-agnostic-multi-user/delete-cache-deployer.yaml @@ -0,0 +1,36 @@ +# Delete cache deployer as we use the cert-manager instead +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: kubeflow-pipelines-cache-deployer-clusterrole +$patch: delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-clusterrolebinding +$patch: delete +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: kubeflow-pipelines-cache-deployer-sa +$patch: delete +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: cache-deployer-deployment +$patch: delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: kubeflow-pipelines-cache-deployer-role +$patch: delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: kubeflow-pipelines-cache-deployer-rolebinding +$patch: delete \ No newline at end of file diff --git a/apps/pipeline/upstream/env/cert-manager/platform-agnostic-multi-user/kustomization.yaml b/apps/pipeline/upstream/env/cert-manager/platform-agnostic-multi-user/kustomization.yaml new file mode 100644 index 0000000000..3d21848789 --- /dev/null +++ b/apps/pipeline/upstream/env/cert-manager/platform-agnostic-multi-user/kustomization.yaml @@ -0,0 +1,28 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +bases: + - ../../platform-agnostic-multi-user + - ../base +namespace: kubeflow + +# Delete the cache deployer as we use the cert-manager instead +patchesStrategicMerge: + - ./delete-cache-deployer.yaml + +# Pass proper arguments to cache-server to use cert-manager certificate +patches: +- patch: |- + - op: add + path: /spec/template/spec/containers/0/args/- + value: "--tls_cert_filename=tls.crt" + target: + kind: Deployment + name: cache-server +- patch: |- + - op: add + path: /spec/template/spec/containers/0/args/- + value: "--tls_key_filename=tls.key" + target: + kind: Deployment + name: cache-server diff --git a/apps/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml b/apps/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml index f9081522b4..32d425c474 100644 --- a/apps/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml +++ b/apps/pipeline/upstream/env/gcp/inverse-proxy/kustomization.yaml @@ -2,7 +2,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: gcr.io/ml-pipeline/inverse-proxy-agent - newTag: 1.8.1 + newTag: 2.0.0-alpha.3 resources: - proxy-configmap.yaml - proxy-deployment.yaml diff --git a/apps/pipeline/upstream/env/platform-agnostic-multi-user-emissary/workflow-controller-configmap-patch.yaml b/apps/pipeline/upstream/env/platform-agnostic-multi-user-emissary/workflow-controller-configmap-patch.yaml index 64d4b40220..410a8f4c59 100644 --- a/apps/pipeline/upstream/env/platform-agnostic-multi-user-emissary/workflow-controller-configmap-patch.yaml +++ b/apps/pipeline/upstream/env/platform-agnostic-multi-user-emissary/workflow-controller-configmap-patch.yaml @@ -4,9 +4,9 @@ metadata: name: workflow-controller-configmap data: # References: - # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/config/config.go - # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/docs/workflow-controller-configmap.md - # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/docs/workflow-controller-configmap.yaml + # * https://github.com/argoproj/argo-workflows/blob/v3.3.8/config/config.go + # * https://github.com/argoproj/argo-workflows/blob/v3.3.8/docs/workflow-controller-configmap.md + # * https://github.com/argoproj/argo-workflows/blob/v3.3.8/docs/workflow-controller-configmap.yaml # Emissary Executor: https://argoproj.github.io/argo-workflows/workflow-executors/#emissary-emissary containerRuntimeExecutor: emissary diff --git a/apps/pipeline/upstream/env/platform-agnostic-multi-user-pns/workflow-controller-configmap-patch.yaml b/apps/pipeline/upstream/env/platform-agnostic-multi-user-pns/workflow-controller-configmap-patch.yaml index e007c93fe4..e555b601d6 100644 --- a/apps/pipeline/upstream/env/platform-agnostic-multi-user-pns/workflow-controller-configmap-patch.yaml +++ b/apps/pipeline/upstream/env/platform-agnostic-multi-user-pns/workflow-controller-configmap-patch.yaml @@ -4,9 +4,9 @@ metadata: name: workflow-controller-configmap data: # References: - # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/config/config.go - # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/docs/workflow-controller-configmap.md - # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/docs/workflow-controller-configmap.yaml + # * https://github.com/argoproj/argo-workflows/blob/v3.3.8/config/config.go + # * https://github.com/argoproj/argo-workflows/blob/v3.3.8/docs/workflow-controller-configmap.md + # * https://github.com/argoproj/argo-workflows/blob/v3.3.8/docs/workflow-controller-configmap.yaml # pns executor is a more portable default, see https://github.com/kubeflow/pipelines/issues/1654. containerRuntimeExecutor: pns diff --git a/apps/pipeline/upstream/env/platform-agnostic-pns/workflow-controller-configmap-patch.yaml b/apps/pipeline/upstream/env/platform-agnostic-pns/workflow-controller-configmap-patch.yaml index 41d25fa7b5..d851a450e1 100644 --- a/apps/pipeline/upstream/env/platform-agnostic-pns/workflow-controller-configmap-patch.yaml +++ b/apps/pipeline/upstream/env/platform-agnostic-pns/workflow-controller-configmap-patch.yaml @@ -4,9 +4,9 @@ metadata: name: workflow-controller-configmap data: # References: - # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/config/config.go - # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/docs/workflow-controller-configmap.md - # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/docs/workflow-controller-configmap.yaml + # * https://github.com/argoproj/argo-workflows/blob/v3.3.8/config/config.go + # * https://github.com/argoproj/argo-workflows/blob/v3.3.8/docs/workflow-controller-configmap.md + # * https://github.com/argoproj/argo-workflows/blob/v3.3.8/docs/workflow-controller-configmap.yaml # pns executor is a more portable default, see https://github.com/kubeflow/pipelines/issues/1654. # However, it is flaky for containers that run really fast, see https://github.com/kubeflow/pipelines/issues/5285. diff --git a/apps/pipeline/upstream/third-party/argo/base/workflow-controller-configmap-patch.yaml b/apps/pipeline/upstream/third-party/argo/base/workflow-controller-configmap-patch.yaml index 654b98b713..96a6ccf995 100644 --- a/apps/pipeline/upstream/third-party/argo/base/workflow-controller-configmap-patch.yaml +++ b/apps/pipeline/upstream/third-party/argo/base/workflow-controller-configmap-patch.yaml @@ -4,9 +4,9 @@ metadata: name: workflow-controller-configmap data: # References: - # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/config/config.go - # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/docs/workflow-controller-configmap.md - # * https://github.com/argoproj/argo-workflows/blob/v3.2.3/docs/workflow-controller-configmap.yaml + # * https://github.com/argoproj/argo-workflows/blob/v3.3.8/config/config.go + # * https://github.com/argoproj/argo-workflows/blob/v3.3.8/docs/workflow-controller-configmap.md + # * https://github.com/argoproj/argo-workflows/blob/v3.3.8/docs/workflow-controller-configmap.yaml # emissary executor is a more portable default, see https://github.com/kubeflow/pipelines/issues/1654. containerRuntimeExecutor: emissary diff --git a/apps/pipeline/upstream/third-party/argo/base/workflow-controller-deployment-patch.yaml b/apps/pipeline/upstream/third-party/argo/base/workflow-controller-deployment-patch.yaml index 2efbeb1f8f..770b86a8a8 100644 --- a/apps/pipeline/upstream/third-party/argo/base/workflow-controller-deployment-patch.yaml +++ b/apps/pipeline/upstream/third-party/argo/base/workflow-controller-deployment-patch.yaml @@ -7,12 +7,12 @@ spec: spec: containers: - name: workflow-controller - image: gcr.io/ml-pipeline/workflow-controller:v3.2.3-license-compliance + image: gcr.io/ml-pipeline/workflow-controller:v3.3.8-license-compliance args: - --configmap - workflow-controller-configmap - --executor-image - - gcr.io/ml-pipeline/argoexec:v3.2.3-license-compliance + - gcr.io/ml-pipeline/argoexec:v3.3.8-license-compliance resources: requests: cpu: 100m diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/Kptfile b/apps/pipeline/upstream/third-party/argo/upstream/manifests/Kptfile index 9f7d43c895..3b21f24bbe 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/Kptfile +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/Kptfile @@ -7,12 +7,12 @@ upstream: git: repo: https://github.com/argoproj/argo-workflows directory: /manifests - ref: v3.2.3 + ref: v3.3.8 updateStrategy: resource-merge upstreamLock: type: git git: repo: https://github.com/argoproj/argo-workflows directory: /manifests - ref: v3.2.3 - commit: e5dc961b7846efe0fe36ab3a0964180eaedd2672 + ref: v3.3.8 + commit: 621b0d1a8e09634666ebe403ee7b8fc29db1dc4e diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-deployment.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-deployment.yaml index b1f16b8d5a..479de12103 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-deployment.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/argo-server/argo-server-deployment.yaml @@ -16,10 +16,14 @@ spec: - name: argo-server image: quay.io/argoproj/argocli:latest securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false capabilities: drop: - ALL args: [server] + env: [] ports: - name: web containerPort: 2746 diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_clusterworkflowtemplates.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_clusterworkflowtemplates.yaml index 3e833bb1a2..149d63b6df 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_clusterworkflowtemplates.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_clusterworkflowtemplates.yaml @@ -726,88 +726,495 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string type: array - globalName: - type: string - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + artifactRepositoryRef: + properties: + configMap: + type: string + key: + type: string + type: object + automountServiceAccountToken: + type: boolean + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + entrypoint: + type: string + executor: + properties: + serviceAccountName: + type: string + type: object + hooks: + additionalProperties: + properties: + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + description: + type: string + enum: + items: type: string - optional: - type: boolean - required: - - key - type: object - default: - type: string - event: - type: string - expression: - type: string - jqFilter: - type: string - jsonPath: - type: string - parameter: - type: string - path: - type: string - supplied: - type: object - type: object - required: - - name + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array type: object - type: array - type: object - artifactRepositoryRef: - properties: - configMap: - type: string - key: - type: string - type: object - automountServiceAccountToken: - type: boolean - dnsConfig: - properties: - nameservers: - items: + expression: type: string - type: array - options: - items: + template: + type: string + templateRef: properties: + clusterScope: + type: boolean name: type: string - value: + template: type: string type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - entrypoint: - type: string - executor: - properties: - serviceAccountName: - type: string + type: object type: object hostAliases: items: @@ -1072,6 +1479,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -1974,6 +2383,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2068,6 +2487,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2198,6 +2627,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -2214,6 +2645,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2534,6 +2975,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2628,6 +3079,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2758,6 +3219,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -2774,6 +3237,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2878,6 +3351,18 @@ spec: - name type: object type: array + retryStrategy: + properties: + duration: + type: string + retries: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - retries + type: object volumeMounts: items: properties: @@ -3252,6 +3737,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -3653,6 +4140,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -3698,10 +4187,19 @@ spec: type: object type: array type: object + expression: + type: string template: type: string - required: - - template + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + template: + type: string + type: object type: object type: object inline: {} @@ -4151,8 +4649,12 @@ spec: - name type: object type: array + insecureSkipVerify: + type: boolean method: type: string + successCondition: + type: string timeoutSeconds: format: int64 type: integer @@ -4372,6 +4874,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -4468,6 +4980,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -4598,6 +5120,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -4614,6 +5138,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -5058,6 +5592,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -5549,6 +6085,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -5599,6 +6137,8 @@ spec: parallelism: format: int64 type: integer + plugin: + type: object podSpecPatch: type: string priority: @@ -5868,6 +6408,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -5962,6 +6512,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -6092,6 +6652,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -6110,6 +6672,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -6272,6 +6844,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -6489,6 +7063,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -6585,6 +7169,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -6715,6 +7309,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -6731,6 +7327,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -7091,6 +7697,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -8424,6 +9042,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -8518,6 +9146,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -8648,6 +9286,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -8664,6 +9304,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -8984,6 +9634,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -9078,6 +9738,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -9208,6 +9878,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -9224,6 +9896,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -9328,6 +10010,18 @@ spec: - name type: object type: array + retryStrategy: + properties: + duration: + type: string + retries: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - retries + type: object volumeMounts: items: properties: @@ -9702,6 +10396,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -10103,6 +10799,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -10148,10 +10846,19 @@ spec: type: object type: array type: object + expression: + type: string template: type: string - required: - - template + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + template: + type: string + type: object type: object type: object inline: {} @@ -10601,8 +11308,12 @@ spec: - name type: object type: array + insecureSkipVerify: + type: boolean method: type: string + successCondition: + type: string timeoutSeconds: format: int64 type: integer @@ -10822,6 +11533,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -10918,6 +11639,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -11048,6 +11779,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -11064,6 +11797,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -11508,6 +12251,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -11999,6 +12744,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -12049,6 +12796,8 @@ spec: parallelism: format: int64 type: integer + plugin: + type: object podSpecPatch: type: string priority: @@ -12318,6 +13067,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -12412,6 +13171,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -12542,6 +13311,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -12560,6 +13331,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -12722,6 +13503,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -12939,6 +13722,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -13035,6 +13828,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -13165,6 +13968,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -13181,6 +13986,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -13541,6 +14356,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -14064,6 +14891,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -14119,6 +14958,14 @@ spec: items: type: string type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object capacity: additionalProperties: anyOf: @@ -14151,6 +14998,8 @@ spec: type: array phase: type: string + resizeStatus: + type: string type: object type: object type: array @@ -14361,6 +15210,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -14823,6 +15684,24 @@ spec: type: object type: array workflowMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + labelsFrom: + additionalProperties: + properties: + expression: + type: string + required: + - expression + type: object + type: object type: object workflowTemplateRef: properties: diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_cronworkflows.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_cronworkflows.yaml index cf9c144d7e..a29cb602cc 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_cronworkflows.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_cronworkflows.yaml @@ -747,88 +747,495 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string type: array - globalName: - type: string - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + artifactRepositoryRef: + properties: + configMap: + type: string + key: + type: string + type: object + automountServiceAccountToken: + type: boolean + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + entrypoint: + type: string + executor: + properties: + serviceAccountName: + type: string + type: object + hooks: + additionalProperties: + properties: + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + description: + type: string + enum: + items: type: string - optional: - type: boolean - required: - - key - type: object - default: - type: string - event: - type: string - expression: - type: string - jqFilter: - type: string - jsonPath: - type: string - parameter: - type: string - path: - type: string - supplied: - type: object - type: object - required: - - name + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array type: object - type: array - type: object - artifactRepositoryRef: - properties: - configMap: - type: string - key: - type: string - type: object - automountServiceAccountToken: - type: boolean - dnsConfig: - properties: - nameservers: - items: + expression: type: string - type: array - options: - items: + template: + type: string + templateRef: properties: + clusterScope: + type: boolean name: type: string - value: + template: type: string type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - entrypoint: - type: string - executor: - properties: - serviceAccountName: - type: string + type: object type: object hostAliases: items: @@ -1093,6 +1500,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -1995,6 +2404,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2089,6 +2508,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2219,6 +2648,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -2235,6 +2666,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2555,6 +2996,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2649,6 +3100,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2779,6 +3240,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -2795,6 +3258,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2899,6 +3372,18 @@ spec: - name type: object type: array + retryStrategy: + properties: + duration: + type: string + retries: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - retries + type: object volumeMounts: items: properties: @@ -3273,6 +3758,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -3674,6 +4161,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -3719,10 +4208,19 @@ spec: type: object type: array type: object + expression: + type: string template: type: string - required: - - template + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + template: + type: string + type: object type: object type: object inline: {} @@ -4172,8 +4670,12 @@ spec: - name type: object type: array + insecureSkipVerify: + type: boolean method: type: string + successCondition: + type: string timeoutSeconds: format: int64 type: integer @@ -4393,6 +4895,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -4489,6 +5001,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -4619,6 +5141,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -4635,6 +5159,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -5079,6 +5613,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -5570,6 +6106,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -5620,6 +6158,8 @@ spec: parallelism: format: int64 type: integer + plugin: + type: object podSpecPatch: type: string priority: @@ -5889,6 +6429,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -5983,6 +6533,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -6113,6 +6673,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -6131,6 +6693,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -6293,6 +6865,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -6510,6 +7084,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -6606,6 +7190,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -6736,6 +7330,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -6752,6 +7348,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -7112,6 +7718,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -8445,6 +9063,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -8539,6 +9167,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -8669,6 +9307,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -8685,6 +9325,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -9005,6 +9655,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -9099,6 +9759,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -9229,6 +9899,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -9245,6 +9917,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -9349,6 +10031,18 @@ spec: - name type: object type: array + retryStrategy: + properties: + duration: + type: string + retries: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - retries + type: object volumeMounts: items: properties: @@ -9723,6 +10417,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -10124,6 +10820,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -10169,10 +10867,19 @@ spec: type: object type: array type: object + expression: + type: string template: type: string - required: - - template + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + template: + type: string + type: object type: object type: object inline: {} @@ -10622,8 +11329,12 @@ spec: - name type: object type: array + insecureSkipVerify: + type: boolean method: type: string + successCondition: + type: string timeoutSeconds: format: int64 type: integer @@ -10843,6 +11554,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -10939,6 +11660,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -11069,6 +11800,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -11085,6 +11818,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -11529,6 +12272,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -12020,6 +12765,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -12070,6 +12817,8 @@ spec: parallelism: format: int64 type: integer + plugin: + type: object podSpecPatch: type: string priority: @@ -12339,6 +13088,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -12433,6 +13192,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -12563,6 +13332,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -12581,6 +13352,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -12743,6 +13524,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -12960,6 +13743,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -13056,6 +13849,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -13186,6 +13989,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -13202,6 +14007,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -13562,6 +14377,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -14085,6 +14912,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -14140,6 +14979,14 @@ spec: items: type: string type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object capacity: additionalProperties: anyOf: @@ -14172,6 +15019,8 @@ spec: type: array phase: type: string + resizeStatus: + type: string type: object type: object type: array @@ -14382,6 +15231,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -14843,6 +15704,26 @@ spec: - name type: object type: array + workflowMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + labelsFrom: + additionalProperties: + properties: + expression: + type: string + required: + - expression + type: object + type: object + type: object workflowTemplateRef: properties: clusterScope: diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workfloweventbindings.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workfloweventbindings.yaml index 18ef078678..b94ed5b9a6 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workfloweventbindings.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workfloweventbindings.yaml @@ -375,6 +375,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflows.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflows.yaml index ff123591ef..ac4e73396c 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflows.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflows.yaml @@ -735,6 +735,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -818,6 +820,411 @@ spec: serviceAccountName: type: string type: object + hooks: + additionalProperties: + properties: + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + description: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + expression: + type: string + template: + type: string + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + template: + type: string + type: object + type: object + type: object hostAliases: items: properties: @@ -1081,6 +1488,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -1983,6 +2392,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2077,6 +2496,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2207,6 +2636,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -2223,6 +2654,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2543,6 +2984,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2637,6 +3088,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2767,6 +3228,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -2783,6 +3246,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2887,6 +3360,18 @@ spec: - name type: object type: array + retryStrategy: + properties: + duration: + type: string + retries: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - retries + type: object volumeMounts: items: properties: @@ -3261,6 +3746,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -3662,6 +4149,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -3707,10 +4196,19 @@ spec: type: object type: array type: object + expression: + type: string template: type: string - required: - - template + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + template: + type: string + type: object type: object type: object inline: {} @@ -4160,8 +4658,12 @@ spec: - name type: object type: array + insecureSkipVerify: + type: boolean method: type: string + successCondition: + type: string timeoutSeconds: format: int64 type: integer @@ -4381,6 +4883,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -4477,6 +4989,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -4607,6 +5129,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -4623,6 +5147,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -5067,6 +5601,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -5558,6 +6094,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -5608,6 +6146,8 @@ spec: parallelism: format: int64 type: integer + plugin: + type: object podSpecPatch: type: string priority: @@ -5877,6 +6417,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -5971,6 +6521,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -6101,6 +6661,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -6119,6 +6681,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -6281,6 +6853,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -6498,6 +7072,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -6594,6 +7178,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -6724,6 +7318,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -6740,6 +7336,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -7100,6 +7706,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -8433,100 +9051,120 @@ spec: failureThreshold: format: int32 type: integer - httpGet: + grpc: properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true required: - port type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer httpGet: properties: host: @@ -8657,6 +9295,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -8673,6 +9313,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -8993,6 +9643,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -9087,152 +9747,174 @@ spec: failureThreshold: format: int32 type: integer - httpGet: + grpc: properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true required: - port type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer httpGet: properties: host: @@ -9337,6 +10019,18 @@ spec: - name type: object type: array + retryStrategy: + properties: + duration: + type: string + retries: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - retries + type: object volumeMounts: items: properties: @@ -9711,6 +10405,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -10112,6 +10808,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -10157,10 +10855,19 @@ spec: type: object type: array type: object + expression: + type: string template: type: string - required: - - template + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + template: + type: string + type: object type: object type: object inline: {} @@ -10610,8 +11317,12 @@ spec: - name type: object type: array + insecureSkipVerify: + type: boolean method: type: string + successCondition: + type: string timeoutSeconds: format: int64 type: integer @@ -10831,6 +11542,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -10927,6 +11648,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -11057,6 +11788,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -11073,6 +11806,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -11517,6 +12260,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -12008,6 +12753,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -12058,6 +12805,8 @@ spec: parallelism: format: int64 type: integer + plugin: + type: object podSpecPatch: type: string priority: @@ -12327,6 +13076,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -12421,6 +13180,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -12551,6 +13320,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -12569,6 +13340,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -12731,6 +13512,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -12948,6 +13731,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -13044,6 +13837,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -13174,6 +13977,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -13190,6 +13995,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -13550,6 +14365,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -14073,6 +14900,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -14128,6 +14967,14 @@ spec: items: type: string type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object capacity: additionalProperties: anyOf: @@ -14160,6 +15007,8 @@ spec: type: array phase: type: string + resizeStatus: + type: string type: object type: object type: array @@ -14370,6 +15219,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -14831,6 +15692,26 @@ spec: - name type: object type: array + workflowMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + labelsFrom: + additionalProperties: + properties: + expression: + type: string + required: + - expression + type: object + type: object + type: object workflowTemplateRef: properties: clusterScope: @@ -15446,6 +16327,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -15854,6 +16737,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -16285,6 +17170,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -16539,6 +17426,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -17883,6 +18782,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -17977,6 +18886,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -18107,6 +19026,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -18123,6 +19044,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -18443,6 +19374,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -18537,6 +19478,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -18667,6 +19618,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -18683,6 +19636,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -18787,6 +19750,18 @@ spec: - name type: object type: array + retryStrategy: + properties: + duration: + type: string + retries: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - retries + type: object volumeMounts: items: properties: @@ -19161,6 +20136,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -19562,6 +20539,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -19607,10 +20586,19 @@ spec: type: object type: array type: object + expression: + type: string template: type: string - required: - - template + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + template: + type: string + type: object type: object type: object inline: {} @@ -20060,8 +21048,12 @@ spec: - name type: object type: array + insecureSkipVerify: + type: boolean method: type: string + successCondition: + type: string timeoutSeconds: format: int64 type: integer @@ -20281,6 +21273,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -20377,6 +21379,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -20507,6 +21519,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -20523,6 +21537,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -20967,6 +21991,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -21458,6 +22484,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -21508,6 +22536,8 @@ spec: parallelism: format: int64 type: integer + plugin: + type: object podSpecPatch: type: string priority: @@ -21777,100 +22807,120 @@ spec: failureThreshold: format: int32 type: integer - httpGet: + grpc: properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true required: - port type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer httpGet: properties: host: @@ -22001,6 +23051,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -22019,6 +23071,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -22181,6 +23243,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -22398,6 +23462,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -22494,152 +23568,174 @@ spec: failureThreshold: format: int32 type: integer - httpGet: + grpc: properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: + format: int32 + type: integer + service: + type: string + required: + - port + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true required: - port type: object - terminationGracePeriodSeconds: - format: int64 - type: integer - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer httpGet: properties: host: @@ -23000,6 +24096,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -24164,6 +25272,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -24247,6 +25357,411 @@ spec: serviceAccountName: type: string type: object + hooks: + additionalProperties: + properties: + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + description: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + expression: + type: string + template: + type: string + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + template: + type: string + type: object + type: object + type: object hostAliases: items: properties: @@ -24510,6 +26025,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -25412,6 +26929,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -25506,6 +27033,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -25636,6 +27173,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -25652,6 +27191,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -25972,6 +27521,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -26066,6 +27625,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -26196,6 +27765,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -26212,6 +27783,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -26316,6 +27897,18 @@ spec: - name type: object type: array + retryStrategy: + properties: + duration: + type: string + retries: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - retries + type: object volumeMounts: items: properties: @@ -26690,6 +28283,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -27091,6 +28686,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -27136,10 +28733,19 @@ spec: type: object type: array type: object + expression: + type: string template: type: string - required: - - template + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + template: + type: string + type: object type: object type: object inline: {} @@ -27589,8 +29195,12 @@ spec: - name type: object type: array + insecureSkipVerify: + type: boolean method: type: string + successCondition: + type: string timeoutSeconds: format: int64 type: integer @@ -27810,6 +29420,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -27906,6 +29526,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -28036,6 +29666,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -28052,6 +29684,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -28496,6 +30138,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -28987,6 +30631,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -29037,6 +30683,8 @@ spec: parallelism: format: int64 type: integer + plugin: + type: object podSpecPatch: type: string priority: @@ -29306,6 +30954,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -29400,6 +31058,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -29530,6 +31198,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -29548,6 +31218,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -29710,6 +31390,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -29927,6 +31609,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -30023,6 +31715,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -30153,6 +31855,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -30169,6 +31873,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -30529,6 +32243,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -31862,6 +33588,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -31956,6 +33692,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -32086,6 +33832,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -32102,6 +33850,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -32422,6 +34180,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -32516,6 +34284,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -32646,6 +34424,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -32662,6 +34442,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -32766,6 +34556,18 @@ spec: - name type: object type: array + retryStrategy: + properties: + duration: + type: string + retries: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - retries + type: object volumeMounts: items: properties: @@ -33140,6 +34942,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -33541,6 +35345,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -33586,10 +35392,19 @@ spec: type: object type: array type: object + expression: + type: string template: type: string - required: - - template + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + template: + type: string + type: object type: object type: object inline: {} @@ -34039,8 +35854,12 @@ spec: - name type: object type: array + insecureSkipVerify: + type: boolean method: type: string + successCondition: + type: string timeoutSeconds: format: int64 type: integer @@ -34260,6 +36079,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -34356,6 +36185,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -34486,6 +36325,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -34502,6 +36343,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -34946,6 +36797,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -35437,6 +37290,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -35487,6 +37342,8 @@ spec: parallelism: format: int64 type: integer + plugin: + type: object podSpecPatch: type: string priority: @@ -35756,6 +37613,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -35850,6 +37717,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -35980,6 +37857,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -35998,6 +37877,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -36160,6 +38049,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -36377,6 +38268,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -36473,6 +38374,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -36603,6 +38514,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -36619,6 +38532,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -36979,6 +38902,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -37502,6 +39437,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -37557,6 +39504,14 @@ spec: items: type: string type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object capacity: additionalProperties: anyOf: @@ -37589,6 +39544,8 @@ spec: type: array phase: type: string + resizeStatus: + type: string type: object type: object type: array @@ -37799,6 +39756,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -38260,6 +40229,26 @@ spec: - name type: object type: array + workflowMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + labelsFrom: + additionalProperties: + properties: + expression: + type: string + required: + - expression + type: object + type: object + type: object workflowTemplateRef: properties: clusterScope: diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtaskresults.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtaskresults.yaml new file mode 100644 index 0000000000..8d7803e208 --- /dev/null +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtaskresults.yaml @@ -0,0 +1,426 @@ +# This is an auto-generated file. DO NOT EDIT +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: # kpt-merge: /workflowtaskresults.argoproj.io + name: workflowtaskresults.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTaskResult + listKind: WorkflowTaskResultList + plural: workflowtaskresults + singular: workflowtaskresult + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + message: + type: string + metadata: + type: object + outputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + exitCode: + type: string + parameters: + items: + properties: + default: + type: string + description: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + result: + type: string + type: object + phase: + type: string + progress: + type: string + required: + - metadata + type: object + served: true + storage: true diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtasksets.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtasksets.yaml index 627eb7681d..de25052a2b 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtasksets.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtasksets.yaml @@ -897,6 +897,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -991,6 +1001,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1121,6 +1141,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -1137,6 +1159,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1457,6 +1489,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1551,6 +1593,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1681,6 +1733,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -1697,6 +1751,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -1801,6 +1865,18 @@ spec: - name type: object type: array + retryStrategy: + properties: + duration: + type: string + retries: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - retries + type: object volumeMounts: items: properties: @@ -2175,6 +2251,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -2576,6 +2654,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -2621,10 +2701,19 @@ spec: type: object type: array type: object + expression: + type: string template: type: string - required: - - template + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + template: + type: string + type: object type: object type: object inline: {} @@ -3074,8 +3163,12 @@ spec: - name type: object type: array + insecureSkipVerify: + type: boolean method: type: string + successCondition: + type: string timeoutSeconds: format: int64 type: integer @@ -3295,6 +3388,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -3391,6 +3494,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -3521,6 +3634,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -3537,6 +3652,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -3981,6 +4106,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -4472,6 +4599,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -4522,6 +4651,8 @@ spec: parallelism: format: int64 type: integer + plugin: + type: object podSpecPatch: type: string priority: @@ -4791,6 +4922,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -4885,6 +5026,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -5015,6 +5166,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -5033,6 +5186,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -5195,6 +5358,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -5412,6 +5577,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -5508,6 +5683,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -5638,6 +5823,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -5654,6 +5841,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -6014,6 +6211,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -6827,6 +7036,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -6876,6 +7087,8 @@ spec: type: object phase: type: string + progress: + type: string type: object type: object type: object @@ -6885,3 +7098,5 @@ spec: type: object served: true storage: true + subresources: + status: {} diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtemplates.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtemplates.yaml index 409389e0d3..5b713755aa 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtemplates.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/argoproj.io_workflowtemplates.yaml @@ -725,88 +725,495 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string type: array - globalName: - type: string - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + type: object + artifactRepositoryRef: + properties: + configMap: + type: string + key: + type: string + type: object + automountServiceAccountToken: + type: boolean + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + entrypoint: + type: string + executor: + properties: + serviceAccountName: + type: string + type: object + hooks: + additionalProperties: + properties: + arguments: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + parameters: + items: + properties: + default: + type: string + description: + type: string + enum: + items: type: string - optional: - type: boolean - required: - - key - type: object - default: - type: string - event: - type: string - expression: - type: string - jqFilter: - type: string - jsonPath: - type: string - parameter: - type: string - path: - type: string - supplied: - type: object - type: object - required: - - name + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array type: object - type: array - type: object - artifactRepositoryRef: - properties: - configMap: - type: string - key: - type: string - type: object - automountServiceAccountToken: - type: boolean - dnsConfig: - properties: - nameservers: - items: + expression: type: string - type: array - options: - items: + template: + type: string + templateRef: properties: + clusterScope: + type: boolean name: type: string - value: + template: type: string type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - entrypoint: - type: string - executor: - properties: - serviceAccountName: - type: string + type: object type: object hostAliases: items: @@ -1071,6 +1478,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -1973,6 +2382,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2067,6 +2486,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2197,6 +2626,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -2213,6 +2644,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2533,6 +2974,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2627,6 +3078,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2757,6 +3218,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -2773,6 +3236,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -2877,6 +3350,18 @@ spec: - name type: object type: array + retryStrategy: + properties: + duration: + type: string + retries: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - retries + type: object volumeMounts: items: properties: @@ -3251,6 +3736,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -3652,6 +4139,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -3697,10 +4186,19 @@ spec: type: object type: array type: object + expression: + type: string template: type: string - required: - - template + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + template: + type: string + type: object type: object type: object inline: {} @@ -4150,8 +4648,12 @@ spec: - name type: object type: array + insecureSkipVerify: + type: boolean method: type: string + successCondition: + type: string timeoutSeconds: format: int64 type: integer @@ -4371,6 +4873,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -4467,6 +4979,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -4597,6 +5119,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -4613,6 +5137,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -5057,6 +5591,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -5548,6 +6084,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -5598,6 +6136,8 @@ spec: parallelism: format: int64 type: integer + plugin: + type: object podSpecPatch: type: string priority: @@ -5867,6 +6407,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -5961,6 +6511,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -6091,6 +6651,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -6109,6 +6671,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -6271,6 +6843,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -6488,6 +7062,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -6584,6 +7168,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -6714,6 +7308,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -6730,6 +7326,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -7090,6 +7696,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -8423,6 +9041,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -8517,6 +9145,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -8647,6 +9285,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -8663,6 +9303,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -8983,6 +9633,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -9077,6 +9737,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -9207,6 +9877,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -9223,6 +9895,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -9327,6 +10009,18 @@ spec: - name type: object type: array + retryStrategy: + properties: + duration: + type: string + retries: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - retries + type: object volumeMounts: items: properties: @@ -9701,6 +10395,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -10102,6 +10798,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -10147,10 +10845,19 @@ spec: type: object type: array type: object + expression: + type: string template: type: string - required: - - template + templateRef: + properties: + clusterScope: + type: boolean + name: + type: string + template: + type: string + type: object type: object type: object inline: {} @@ -10600,8 +11307,12 @@ spec: - name type: object type: array + insecureSkipVerify: + type: boolean method: type: string + successCondition: + type: string timeoutSeconds: format: int64 type: integer @@ -10821,6 +11532,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -10917,6 +11638,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -11047,6 +11778,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -11063,6 +11796,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -11507,6 +12250,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -11998,6 +12743,8 @@ spec: properties: default: type: string + description: + type: string enum: items: type: string @@ -12048,6 +12795,8 @@ spec: parallelism: format: int64 type: integer + plugin: + type: object podSpecPatch: type: string priority: @@ -12317,6 +13066,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -12411,6 +13170,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -12541,6 +13310,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -12559,6 +13330,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -12721,6 +13502,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -12938,6 +13721,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -13034,6 +13827,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -13164,6 +13967,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -13180,6 +13985,16 @@ spec: failureThreshold: format: int32 type: integer + grpc: + properties: + port: + format: int32 + type: integer + service: + type: string + required: + - port + type: object httpGet: properties: host: @@ -13540,6 +14355,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -14063,6 +14890,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -14118,6 +14957,14 @@ spec: items: type: string type: array + allocatedResources: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object capacity: additionalProperties: anyOf: @@ -14150,6 +14997,8 @@ spec: type: array phase: type: string + resizeStatus: + type: string type: object type: object type: array @@ -14360,6 +15209,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -14822,6 +15683,24 @@ spec: type: object type: array workflowMetadata: + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + labelsFrom: + additionalProperties: + properties: + expression: + type: string + required: + - expression + type: object + type: object type: object workflowTemplateRef: properties: diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/kustomization.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/kustomization.yaml index 9204c2a296..62ba49061d 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/kustomization.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/full/kustomization.yaml @@ -7,3 +7,4 @@ resources: - argoproj.io_workflowtemplates.yaml - argoproj.io_workfloweventbindings.yaml - argoproj.io_workflowtasksets.yaml +- argoproj.io_workflowtaskresults.yaml diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtaskresults.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtaskresults.yaml new file mode 100644 index 0000000000..6ef09a57c2 --- /dev/null +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtaskresults.yaml @@ -0,0 +1,425 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: # kpt-merge: /workflowtaskresults.argoproj.io + name: workflowtaskresults.argoproj.io +spec: + group: argoproj.io + names: + kind: WorkflowTaskResult + listKind: WorkflowTaskResultList + plural: workflowtaskresults + singular: workflowtaskresult + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + message: + type: string + metadata: + type: object + outputs: + properties: + artifacts: + items: + properties: + archive: + properties: + none: + type: object + tar: + properties: + compressionLevel: + format: int32 + type: integer + type: object + zip: + type: object + type: object + archiveLogs: + type: boolean + artifactory: + properties: + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + url: + type: string + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - url + type: object + from: + type: string + fromExpression: + type: string + gcs: + properties: + bucket: + type: string + key: + type: string + serviceAccountKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - key + type: object + git: + properties: + depth: + format: int64 + type: integer + disableSubmodules: + type: boolean + fetch: + items: + type: string + type: array + insecureIgnoreHostKey: + type: boolean + passwordSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + repo: + type: string + revision: + type: string + sshPrivateKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + usernameSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + required: + - repo + type: object + globalName: + type: string + hdfs: + properties: + addresses: + items: + type: string + type: array + force: + type: boolean + hdfsUser: + type: string + krbCCacheSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbConfigConfigMap: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbKeytabSecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + krbRealm: + type: string + krbServicePrincipalName: + type: string + krbUsername: + type: string + path: + type: string + required: + - path + type: object + http: + properties: + headers: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + url: + type: string + required: + - url + type: object + mode: + format: int32 + type: integer + name: + type: string + optional: + type: boolean + oss: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + type: boolean + endpoint: + type: string + key: + type: string + lifecycleRule: + properties: + markDeletionAfterDays: + format: int32 + type: integer + markInfrequentAccessAfterDays: + format: int32 + type: integer + type: object + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + securityToken: + type: string + required: + - key + type: object + path: + type: string + raw: + properties: + data: + type: string + required: + - data + type: object + recurseMode: + type: boolean + s3: + properties: + accessKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + bucket: + type: string + createBucketIfNotPresent: + properties: + objectLocking: + type: boolean + type: object + encryptionOptions: + properties: + enableEncryption: + type: boolean + kmsEncryptionContext: + type: string + kmsKeyId: + type: string + serverSideCustomerKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + endpoint: + type: string + insecure: + type: boolean + key: + type: string + region: + type: string + roleARN: + type: string + secretKeySecret: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + useSDKCreds: + type: boolean + type: object + subPath: + type: string + required: + - name + type: object + type: array + exitCode: + type: string + parameters: + items: + properties: + default: + type: string + description: + type: string + enum: + items: + type: string + type: array + globalName: + type: string + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + default: + type: string + event: + type: string + expression: + type: string + jqFilter: + type: string + jsonPath: + type: string + parameter: + type: string + path: + type: string + supplied: + type: object + type: object + required: + - name + type: object + type: array + result: + type: string + type: object + phase: + type: string + progress: + type: string + required: + - metadata + type: object + served: true + storage: true diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtasksets.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtasksets.yaml index 0cb8b6adcd..9620d8e72e 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtasksets.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/minimal/argoproj.io_workflowtasksets.yaml @@ -37,3 +37,5 @@ spec: type: object served: true storage: true + subresources: + status: {} diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/minimal/kustomization.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/minimal/kustomization.yaml index 9204c2a296..62ba49061d 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/minimal/kustomization.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/crds/minimal/kustomization.yaml @@ -7,3 +7,4 @@ resources: - argoproj.io_workflowtemplates.yaml - argoproj.io_workfloweventbindings.yaml - argoproj.io_workflowtasksets.yaml +- argoproj.io_workflowtaskresults.yaml diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/workflow-controller/kustomization.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/workflow-controller/kustomization.yaml index e3b2bf3b74..9b852afc6d 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/workflow-controller/kustomization.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/workflow-controller/kustomization.yaml @@ -5,3 +5,4 @@ resources: - workflow-controller-deployment.yaml - workflow-controller-sa.yaml - workflow-controller-metrics-service.yaml +- workflow-controller-priorityclass.yaml diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-deployment.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-deployment.yaml index 6d8315b5db..27ebd138dc 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-deployment.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-deployment.yaml @@ -11,6 +11,7 @@ spec: labels: app: workflow-controller spec: + priorityClassName: workflow-controller serviceAccountName: argo containers: - name: workflow-controller diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-metrics-service.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-metrics-service.yaml index c646a2482f..525f0a2092 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-metrics-service.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-metrics-service.yaml @@ -4,6 +4,11 @@ metadata: # kpt-merge: /workflow-controller-metrics name: workflow-controller-metrics labels: app: workflow-controller + annotations: + workflows.argoproj.io/description: | + This service is deprecated. It will be removed in v3.4. + + https://github.com/argoproj/argo-workflows/issues/8441 spec: selector: app: workflow-controller diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-priorityclass.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-priorityclass.yaml new file mode 100644 index 0000000000..37a7716a44 --- /dev/null +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/base/workflow-controller/workflow-controller-priorityclass.yaml @@ -0,0 +1,5 @@ +apiVersion: scheduling.k8s.io/v1 +kind: PriorityClass +metadata: # kpt-merge: /workflow-controller + name: workflow-controller +value: 1000000 diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterole.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterole.yaml index 506221526a..fa214417ce 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterole.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/cluster-install/argo-server-rbac/argo-server-clusterole.yaml @@ -18,6 +18,8 @@ rules: verbs: - get - create + - list + - watch - apiGroups: - "" resources: @@ -44,6 +46,7 @@ rules: verbs: - get - list + - watch - apiGroups: - argoproj.io resources: diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/cluster-install/kustomization.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/cluster-install/kustomization.yaml index 7f5d34ea7f..bfdc9ec83d 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/cluster-install/kustomization.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/cluster-install/kustomization.yaml @@ -4,3 +4,4 @@ resources: - ../base - ./workflow-controller-rbac - ./argo-server-rbac +namespace: argo diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrole.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrole.yaml index 043dda81d0..e14d00ba84 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrole.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/cluster-install/workflow-controller-rbac/workflow-controller-clusterrole.yaml @@ -28,8 +28,10 @@ rules: - "" resources: - persistentvolumeclaims + - persistentvolumeclaims/finalizers verbs: - create + - update - delete - get - apiGroups: @@ -58,6 +60,14 @@ rules: - get - list - watch +- apiGroups: + - argoproj.io + resources: + - workflowtaskresults + verbs: + - list + - watch + - deletecollection - apiGroups: - "" resources: diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-role.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-role.yaml index ca14f4c34f..cff53deabb 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-role.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/namespace-install/argo-server-rbac/argo-server-role.yaml @@ -18,6 +18,8 @@ rules: verbs: - get - create + - list + - watch - apiGroups: - "" resources: @@ -44,6 +46,7 @@ rules: verbs: - get - list + - watch - apiGroups: - argoproj.io resources: diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml index 5aeb8791fc..22a7751bde 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/namespace-install/workflow-controller-rbac/workflow-controller-role.yaml @@ -36,8 +36,10 @@ rules: - "" resources: - persistentvolumeclaims + - persistentvolumeclaims/finalizers verbs: - create + - update - delete - get - apiGroups: @@ -71,6 +73,21 @@ rules: verbs: - get - list + - apiGroups: + - argoproj.io + resources: + - workflowtaskresults + verbs: + - list + - watch + - deletecollection + - apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - get + - list - apiGroups: - "" resources: diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/agent-default-rolebinding.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/agent-default-rolebinding.yaml new file mode 100644 index 0000000000..0c21120ca4 --- /dev/null +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/agent-default-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: # kpt-merge: /agent-default + name: agent-default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: agent +subjects: + - kind: ServiceAccount + name: default diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/agent-role.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/agent-role.yaml new file mode 100644 index 0000000000..6bd90ea719 --- /dev/null +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/agent-role.yaml @@ -0,0 +1,24 @@ +# https://argoproj.github.io/argo-workflows/workflow-rbac/ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: # kpt-merge: /agent + name: agent + annotations: + workflows.argoproj.io/description: | + This is the minimum recommended permissions needed if you want to use the agent, e.g. for HTTP or plugin templates. + + If <= v3.2 you must replace `workflowtasksets/status` with `patch workflowtasksets`. +rules: + - apiGroups: + - argoproj.io + resources: + - workflowtasksets + verbs: + - list + - watch + - apiGroups: + - argoproj.io + resources: + - workflowtasksets/status + verbs: + - patch diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor-default-rolebinding.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor-default-rolebinding.yaml new file mode 100644 index 0000000000..428373639a --- /dev/null +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor-default-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: # kpt-merge: /executor-default + name: executor-default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: executor +subjects: + - kind: ServiceAccount + name: default diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/docker/executor-role.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/docker/executor-role.yaml new file mode 100644 index 0000000000..6cf15278da --- /dev/null +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/docker/executor-role.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: # kpt-merge: /executor + name: executor + annotations: + workflows.argoproj.io/description: | + Recommended minimum permissions for the `docker` executor. + + This executor is superseded by the `emmisary` executor, so we do not recommend you use it anymore. +rules: + - apiGroups: + - argoproj.io + resources: + - workflowtaskresults + verbs: + - create + - patch diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/emissary/executor-role.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/emissary/executor-role.yaml new file mode 100644 index 0000000000..89a3b410fc --- /dev/null +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/emissary/executor-role.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: # kpt-merge: /executor + name: executor + annotations: + workflows.argoproj.io/description: | + Recomended minimum permissions for the `emissary` executor. +rules: + - apiGroups: + - argoproj.io + resources: + - workflowtaskresults + verbs: + - create + - patch diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/k8sapi/executor-role.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/k8sapi/executor-role.yaml new file mode 100644 index 0000000000..02da8765e1 --- /dev/null +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/k8sapi/executor-role.yaml @@ -0,0 +1,36 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: # kpt-merge: /executor + name: executor + annotations: + workflows.argoproj.io/description: | + Recommended minimum permissions for `k8siapi` executor. + + This executor is superseded by the `emmisary` executor, so we do not recommend you use it anymore. +rules: + - apiGroups: + - argoproj.io + resources: + - workflowtaskresults + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - pods + verbs: + - get + - watch + - apiGroups: + - "" + resources: + - pods/exec + verbs: + - create + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/kubelet/executor-role.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/kubelet/executor-role.yaml new file mode 100644 index 0000000000..22340524d4 --- /dev/null +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/kubelet/executor-role.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: # kpt-merge: /executor + name: executor + annotations: + workflows.argoproj.io/description: | + Recommended minimum permissions for `kubelet` executor. + + This executor is superseded by the `emmisary` executor, so we do not recommend you use it anymore. +rules: + - apiGroups: + - argoproj.io + resources: + - workflowtaskresults + verbs: + - create + - patch diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/kubelet-executor-clusterrole.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/kubelet/kubelet-executor-clusterrole.yaml similarity index 100% rename from apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/kubelet-executor-clusterrole.yaml rename to apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/kubelet/kubelet-executor-clusterrole.yaml diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/kubelet-executor-default-clusterrolebinding.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/kubelet/kubelet-executor-default-clusterrolebinding.yaml similarity index 100% rename from apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/kubelet-executor-default-clusterrolebinding.yaml rename to apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/kubelet/kubelet-executor-default-clusterrolebinding.yaml diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/pns/executor-role.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/pns/executor-role.yaml new file mode 100644 index 0000000000..50fae28073 --- /dev/null +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/executor/pns/executor-role.yaml @@ -0,0 +1,27 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: # kpt-merge: /executor + name: executor + annotations: + workflows.argoproj.io/description: | + Recomended minimum permissions for `pns` executor. +rules: + - apiGroups: + - argoproj.io + resources: + - workflowtaskresults + verbs: + - create + - patch + - apiGroups: + - "" + resources: + - pods + verbs: + - watch + - apiGroups: + - "" + resources: + - pods/log + verbs: + - get diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/kustomization.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/kustomization.yaml index 8d9f7a8d40..ceef08adfb 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/kustomization.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/kustomization.yaml @@ -5,10 +5,14 @@ resources: - minio - webhooks - argo-server-sso-secret.yaml - - workflow-role.yaml - - kubelet-executor-clusterrole.yaml - - kubelet-executor-default-clusterrolebinding.yaml - - workflow-default-rolebinding.yaml + - executor/emissary/executor-role.yaml + - executor-default-rolebinding.yaml + - pod-manager-role.yaml + - pod-manager-default-rolebinding.yaml + - workflow-manager-role.yaml + - workflow-manager-default-rolebinding.yaml + - agent-role.yaml + - agent-default-rolebinding.yaml - cluster-workflow-template-rbac.yaml - artifact-repositories-configmap.yaml patchesStrategicMerge: diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/memoizer-default-rolebinding.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/memoizer-default-rolebinding.yaml new file mode 100644 index 0000000000..926858e36d --- /dev/null +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/memoizer-default-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: # kpt-merge: /memoizer-default + name: memoizer-default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: memoizer +subjects: + - kind: ServiceAccount + name: default diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/memoizer-role.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/memoizer-role.yaml new file mode 100644 index 0000000000..84ddab79e4 --- /dev/null +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/memoizer-role.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: # kpt-merge: /memoizer + name: memoizer + annotations: + workflows.argoproj.io/description: | + Only needed if you are using ConfigMap-based cache for memoization. +rules: + - apiGroups: + - "" + resources: + - configmaps + verbs: + - create + - get + - update diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-deploy.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-deploy.yaml index 4a75c8316e..2ac1da545b 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-deploy.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-deploy.yaml @@ -15,7 +15,7 @@ spec: spec: containers: - name: main - image: minio/minio:RELEASE.2019-12-17T23-16-33Z + image: minio/minio env: - name: MINIO_ACCESS_KEY value: admin diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-pod.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-pod.yaml deleted file mode 100644 index 8c617a68fa..0000000000 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/minio/minio-pod.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: # kpt-merge: /minio - name: minio - labels: - app: minio -spec: - containers: - - name: main - image: minio/minio:RELEASE.2019-12-17T23-16-33Z - env: - - name: MINIO_ACCESS_KEY - value: admin - - name: MINIO_SECRET_KEY - value: password - ports: - - containerPort: 9000 - command: [minio, server, /data] - lifecycle: - postStart: - exec: - command: [mkdir, -p, /data/my-bucket] - readinessProbe: - httpGet: - path: /minio/health/ready - port: 9000 - initialDelaySeconds: 5 - periodSeconds: 10 - livenessProbe: - httpGet: - path: /minio/health/live - port: 9000 - initialDelaySeconds: 5 - periodSeconds: 10 diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/workflow-controller-configmap.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/workflow-controller-configmap.yaml index 4cc36b4c6f..89e4fbfa6e 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/workflow-controller-configmap.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/overlays/workflow-controller-configmap.yaml @@ -5,16 +5,15 @@ data: requests: cpu: 10m memory: 64Mi - containerRuntimeExecutor: docker containerRuntimeExecutors: | - - name: k8sapi - selector: - matchLabels: - workflows.argoproj.io/container-runtime-executor: k8sapi - name: emissary selector: matchLabels: workflows.argoproj.io/container-runtime-executor: emissary + - name: pns + selector: + matchLabels: + workflows.argoproj.io/container-runtime-executor: pns images: | argoproj/argosay:v1: command: [cowsay] diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/pod-manager-default-rolebinding.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/pod-manager-default-rolebinding.yaml new file mode 100644 index 0000000000..a2e1c35075 --- /dev/null +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/pod-manager-default-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: # kpt-merge: /pod-manager-default + name: pod-manager-default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: pod-manager +subjects: + - kind: ServiceAccount + name: default diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/pod-manager-role.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/pod-manager-role.yaml new file mode 100644 index 0000000000..e98f0df1c9 --- /dev/null +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/pod-manager-role.yaml @@ -0,0 +1,17 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: # kpt-merge: /pod-manager + name: pod-manager + annotations: + workflows.argoproj.io/description: | + This is an example of the permissions you would need if you wanted to use a resource template to create and manage + other pods. The same pattern would be suitable for other resurces, e.g. a service +rules: + - apiGroups: + - "" + resources: + - pods + verbs: + - create + - get + - patch diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-default-rolebinding.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-default-rolebinding.yaml index 52ec46ba53..ebfc4c7dca 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-default-rolebinding.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-default-rolebinding.yaml @@ -5,7 +5,7 @@ metadata: # kpt-merge: /workflow-default-binding roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: workflow-role + name: workflow subjects: - kind: ServiceAccount name: default diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-manager-default-rolebinding.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-manager-default-rolebinding.yaml new file mode 100644 index 0000000000..5c4b9d2d5c --- /dev/null +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-manager-default-rolebinding.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: # kpt-merge: /workflow-manager-default + name: workflow-manager-default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: workflow-manager +subjects: + - kind: ServiceAccount + name: default diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-manager-role.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-manager-role.yaml new file mode 100644 index 0000000000..7cebf4b977 --- /dev/null +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-manager-role.yaml @@ -0,0 +1,16 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: # kpt-merge: /workflow-manager + name: workflow-manager + annotations: + workflows.argoproj.io/description: | + This is an example of the permissions you would need if you wanted to use a resource template to create and manage + other workflows. The same pattern would be suitable for other resurces, e.g. a service +rules: + - apiGroups: + - argoproj.io + resources: + - workflows + verbs: + - create + - get diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-role.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-role.yaml deleted file mode 100644 index d46bb06677..0000000000 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/base/workflow-role.yaml +++ /dev/null @@ -1,63 +0,0 @@ -# https://argoproj.github.io/argo-workflows/workflow-rbac/ -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: # kpt-merge: /workflow-role - name: workflow-role -rules: - # pod get/watch is used to identify the container IDs of the current pod - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - watch - # pod patch is used to annotate the step's outputs back to controller (e.g. artifact location) - # This is ONLY needed if the step/task has outputs that are used by another step or task. - - patch - # logs get/watch are used to get the pods logs for script outputs, and for log archival - - apiGroups: - - "" - resources: - - pods/log - verbs: - - get - - watch - # Only needed if you are running the `k8sapi` executor. - - apiGroups: - - "" - resources: - - pods/exec - verbs: - - create - # Only needed if you are using ConfigMap-based cache for memoization. - - apiGroups: - - "" - resources: - - configmaps - verbs: - - create - - get - - update - # This allows one workflow to create another. - # This is only needed for resource templates. - - apiGroups: - - argoproj.io - resources: - - workflows - verbs: - - create - - get - # This allows agent pod to update the taskset. - # This is only needed for http templates. - - apiGroups: - - argoproj.io - resources: - - workflowtasksets - - workflowtasksets/finalizers - verbs: - - list - - watch - - get - - update - - patch diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/minimal/kustomization.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/minimal/kustomization.yaml index 27bb5cb0b4..b376c091eb 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/minimal/kustomization.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/minimal/kustomization.yaml @@ -2,3 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../base +patchesStrategicMerge: + - overlays/workflow-controller-configmap.yaml diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/minimal/overlays/workflow-controller-configmap.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/minimal/overlays/workflow-controller-configmap.yaml new file mode 100644 index 0000000000..870c83a3ab --- /dev/null +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/minimal/overlays/workflow-controller-configmap.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +data: + retentionPolicy: | + completed: 10 + failed: 3 + errored: 3 +kind: ConfigMap +metadata: # kpt-merge: /workflow-controller-configmap + name: workflow-controller-configmap diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/mysql/overlays/workflow-controller-configmap.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/mysql/overlays/workflow-controller-configmap.yaml index 31b15d50bd..146893289b 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/mysql/overlays/workflow-controller-configmap.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/mysql/overlays/workflow-controller-configmap.yaml @@ -19,6 +19,10 @@ data: passwordSecret: name: argo-mysql-config key: password + retentionPolicy: | + completed: 10 + failed: 3 + errored: 3 kind: ConfigMap metadata: # kpt-merge: /workflow-controller-configmap name: workflow-controller-configmap diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/postgres/overlays/workflow-controller-configmap.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/postgres/overlays/workflow-controller-configmap.yaml index 28daa5b87e..7c7eb92000 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/postgres/overlays/workflow-controller-configmap.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/postgres/overlays/workflow-controller-configmap.yaml @@ -19,6 +19,10 @@ data: passwordSecret: name: argo-postgres-config key: password + retentionPolicy: | + completed: 10 + failed: 3 + errored: 3 kind: ConfigMap metadata: # kpt-merge: /workflow-controller-configmap name: workflow-controller-configmap diff --git a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/workflow-controller-configmap.yaml b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/workflow-controller-configmap.yaml index a5dcef1dba..fb694c07ff 100644 --- a/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/workflow-controller-configmap.yaml +++ b/apps/pipeline/upstream/third-party/argo/upstream/manifests/quick-start/sso/overlays/workflow-controller-configmap.yaml @@ -2,7 +2,7 @@ apiVersion: v1 data: sso: | issuer: http://dex:5556/dex - issuerAlias: http://mydex:5556/dex + issuerAlias: http://dex:5556/dex clientId: name: argo-server-sso key: clientID @@ -13,6 +13,7 @@ data: scopes: - groups - email + - profile rbac: enabled: true kind: ConfigMap diff --git a/apps/pipeline/upstream/third-party/mysql/base/mysql-deployment.yaml b/apps/pipeline/upstream/third-party/mysql/base/mysql-deployment.yaml index c7174d44b4..c56ba13105 100644 --- a/apps/pipeline/upstream/third-party/mysql/base/mysql-deployment.yaml +++ b/apps/pipeline/upstream/third-party/mysql/base/mysql-deployment.yaml @@ -26,7 +26,7 @@ spec: env: - name: MYSQL_ALLOW_EMPTY_PASSWORD value: "true" - image: gcr.io/ml-pipeline/mysql:5.7 + image: gcr.io/ml-pipeline/mysql:5.7-debian name: mysql ports: - containerPort: 3306 diff --git a/apps/profiles/upstream/base/kustomization.yaml b/apps/profiles/upstream/base/kustomization.yaml index 95d07413af..48d7e6c3d7 100644 --- a/apps/profiles/upstream/base/kustomization.yaml +++ b/apps/profiles/upstream/base/kustomization.yaml @@ -10,9 +10,8 @@ patchesStrategicMerge: - patches/manager.yaml images: -- name: public.ecr.aws/j1r0q0g6/notebooks/profile-controller - newName: public.ecr.aws/j1r0q0g6/notebooks/profile-controller - newTag: v1.5.0 +- name: docker.io/kubeflownotebookswg/profile-controller + newTag: v1.6.0-rc.1 configMapGenerator: - name: namespace-labels-data diff --git a/apps/profiles/upstream/crd/bases/kubeflow.org_profiles.yaml b/apps/profiles/upstream/crd/bases/kubeflow.org_profiles.yaml index 7d878b5726..d6086200ca 100644 --- a/apps/profiles/upstream/crd/bases/kubeflow.org_profiles.yaml +++ b/apps/profiles/upstream/crd/bases/kubeflow.org_profiles.yaml @@ -1,10 +1,9 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.4.0 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null name: profiles.kubeflow.org spec: @@ -22,10 +21,14 @@ spec: description: Profile is the Schema for the profiles API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -36,16 +39,23 @@ spec: description: The profile owner properties: apiGroup: - description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + description: APIGroup holds the API group of the referenced subject. + Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" + for User and Group subjects. type: string kind: - description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + description: Kind of object being referenced. Values defined by + this API group are "User", "Group", and "ServiceAccount". If + the Authorizer does not recognized the kind value, the Authorizer + should report an error. type: string name: description: Name of the object being referenced. type: string namespace: - description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + description: Namespace of the referenced object. If the object + kind is non-namespace, such as "User" or "Group", and this value + is not empty the Authorizer should report an error. type: string required: - kind @@ -56,10 +66,16 @@ spec: description: Plugin is for customize actions on different platform. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string spec: type: object @@ -76,24 +92,39 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + description: 'hard is the set of desired hard limits for each + named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' type: object scopeSelector: - description: scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. + description: scopeSelector is also a collection of filters like + scopes that must match each object tracked by a quota but expressed + using ScopeSelectorOperator in combination with possible values. + For a resource to match, both scopes AND scopeSelector (if specified + in spec), must be matched. properties: matchExpressions: - description: A list of scope selector requirements by scope of the resources. + description: A list of scope selector requirements by scope + of the resources. items: - description: A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values. + description: A scoped-resource selector requirement is a + selector that contains values, a scope name, and an operator + that relates the scope name and values. properties: operator: - description: Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. + description: Represents a scope's relationship to a + set of values. Valid operators are In, NotIn, Exists, + DoesNotExist. type: string scopeName: - description: The name of the scope that the selector applies to. + description: The name of the scope that the selector + applies to. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during + a strategic merge patch. items: type: string type: array @@ -104,9 +135,12 @@ spec: type: array type: object scopes: - description: A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects. + description: A collection of filters that must match each object + tracked by a quota. If not specified, the quota matches all + objects. items: - description: A ResourceQuotaScope defines a filter that must match each object tracked by a quota + description: A ResourceQuotaScope defines a filter that must + match each object tracked by a quota type: string type: array type: object @@ -137,10 +171,14 @@ spec: description: Profile is the Schema for the profiles API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object @@ -151,16 +189,23 @@ spec: description: The profile owner properties: apiGroup: - description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. + description: APIGroup holds the API group of the referenced subject. + Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" + for User and Group subjects. type: string kind: - description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. + description: Kind of object being referenced. Values defined by + this API group are "User", "Group", and "ServiceAccount". If + the Authorizer does not recognized the kind value, the Authorizer + should report an error. type: string name: description: Name of the object being referenced. type: string namespace: - description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. + description: Namespace of the referenced object. If the object + kind is non-namespace, such as "User" or "Group", and this value + is not empty the Authorizer should report an error. type: string required: - kind @@ -171,10 +216,16 @@ spec: description: Plugin is for customize actions on different platform. properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string spec: type: object @@ -191,24 +242,39 @@ spec: - type: string pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - description: 'hard is the set of desired hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + description: 'hard is the set of desired hard limits for each + named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' type: object scopeSelector: - description: scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota but expressed using ScopeSelectorOperator in combination with possible values. For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched. + description: scopeSelector is also a collection of filters like + scopes that must match each object tracked by a quota but expressed + using ScopeSelectorOperator in combination with possible values. + For a resource to match, both scopes AND scopeSelector (if specified + in spec), must be matched. properties: matchExpressions: - description: A list of scope selector requirements by scope of the resources. + description: A list of scope selector requirements by scope + of the resources. items: - description: A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator that relates the scope name and values. + description: A scoped-resource selector requirement is a + selector that contains values, a scope name, and an operator + that relates the scope name and values. properties: operator: - description: Represents a scope's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. + description: Represents a scope's relationship to a + set of values. Valid operators are In, NotIn, Exists, + DoesNotExist. type: string scopeName: - description: The name of the scope that the selector applies to. + description: The name of the scope that the selector + applies to. type: string values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during + a strategic merge patch. items: type: string type: array @@ -219,9 +285,12 @@ spec: type: array type: object scopes: - description: A collection of filters that must match each object tracked by a quota. If not specified, the quota matches all objects. + description: A collection of filters that must match each object + tracked by a quota. If not specified, the quota matches all + objects. items: - description: A ResourceQuotaScope defines a filter that must match each object tracked by a quota + description: A ResourceQuotaScope defines a filter that must + match each object tracked by a quota type: string type: array type: object diff --git a/apps/profiles/upstream/crd/kustomization.yaml b/apps/profiles/upstream/crd/kustomization.yaml index 2463cf6666..6a99c5f05c 100644 --- a/apps/profiles/upstream/crd/kustomization.yaml +++ b/apps/profiles/upstream/crd/kustomization.yaml @@ -3,19 +3,19 @@ # It should be run by config/default resources: - bases/kubeflow.org_profiles.yaml -# +kubebuilder:scaffold:crdkustomizeresource +#+kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: - patches/trivial_conversion_patch.yaml # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # patches here are for enabling the conversion webhook for each CRD #- patches/webhook_in_profiles.yaml -# +kubebuilder:scaffold:crdkustomizewebhookpatch +#+kubebuilder:scaffold:crdkustomizewebhookpatch -# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. +# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. # patches here are for enabling the CA injection for each CRD #- patches/cainjection_in_profiles.yaml -# +kubebuilder:scaffold:crdkustomizecainjectionpatch +#+kubebuilder:scaffold:crdkustomizecainjectionpatch # the following config is for teaching kustomize how to do kustomization for CRDs. configurations: diff --git a/apps/profiles/upstream/crd/kustomizeconfig.yaml b/apps/profiles/upstream/crd/kustomizeconfig.yaml index 6f83d9a94b..ec5c150a9d 100644 --- a/apps/profiles/upstream/crd/kustomizeconfig.yaml +++ b/apps/profiles/upstream/crd/kustomizeconfig.yaml @@ -4,13 +4,15 @@ nameReference: version: v1 fieldSpecs: - kind: CustomResourceDefinition + version: v1 group: apiextensions.k8s.io - path: spec/conversion/webhookClientConfig/service/name + path: spec/conversion/webhook/clientConfig/service/name namespace: - kind: CustomResourceDefinition + version: v1 group: apiextensions.k8s.io - path: spec/conversion/webhookClientConfig/service/namespace + path: spec/conversion/webhook/clientConfig/service/namespace create: false varReference: diff --git a/apps/profiles/upstream/crd/patches/cainjection_in_profiles.yaml b/apps/profiles/upstream/crd/patches/cainjection_in_profiles.yaml index 469003317a..283cb438fe 100644 --- a/apps/profiles/upstream/crd/patches/cainjection_in_profiles.yaml +++ b/apps/profiles/upstream/crd/patches/cainjection_in_profiles.yaml @@ -1,8 +1,7 @@ # The following patch adds a directive for certmanager to inject CA into the CRD -# CRD conversion requires k8s 1.13 or later. apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - certmanager.k8s.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) name: profiles.kubeflow.org diff --git a/apps/profiles/upstream/crd/patches/trivial_conversion_patch.yaml b/apps/profiles/upstream/crd/patches/trivial_conversion_patch.yaml index 084756256c..32209f97c1 100644 --- a/apps/profiles/upstream/crd/patches/trivial_conversion_patch.yaml +++ b/apps/profiles/upstream/crd/patches/trivial_conversion_patch.yaml @@ -3,5 +3,6 @@ kind: CustomResourceDefinition metadata: name: profiles.kubeflow.org spec: + preserveUnknownFields: false # TODO: Remove in Kubeflow 1.7 release conversion: strategy: None \ No newline at end of file diff --git a/apps/profiles/upstream/crd/patches/webhook_in_profiles.yaml b/apps/profiles/upstream/crd/patches/webhook_in_profiles.yaml index 0031f277b0..ab379f18f3 100644 --- a/apps/profiles/upstream/crd/patches/webhook_in_profiles.yaml +++ b/apps/profiles/upstream/crd/patches/webhook_in_profiles.yaml @@ -1,5 +1,4 @@ -# The following patch enables conversion webhook for CRD -# CRD conversion requires k8s 1.13 or later. +# The following patch enables a conversion webhook for the CRD apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -7,11 +6,11 @@ metadata: spec: conversion: strategy: Webhook - webhookClientConfig: - # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, - # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) - caBundle: Cg== - service: - namespace: system - name: webhook-service - path: /convert + webhook: + clientConfig: + service: + namespace: system + name: webhook-service + path: /convert + conversionReviewVersions: + - v1 diff --git a/apps/profiles/upstream/default/kustomization.yaml b/apps/profiles/upstream/default/kustomization.yaml index 80e47e6895..3951af943f 100644 --- a/apps/profiles/upstream/default/kustomization.yaml +++ b/apps/profiles/upstream/default/kustomization.yaml @@ -16,15 +16,18 @@ bases: - ../crd - ../rbac - ../manager -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in crd/kustomization.yaml +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# crd/kustomization.yaml #- ../webhook # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. #- ../certmanager +# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. +#- ../prometheus patchesStrategicMerge: - # Protect the /metrics endpoint by putting it behind auth. - # Only one of manager_auth_proxy_patch.yaml and - # manager_prometheus_metrics_patch.yaml should be enabled. +# Protect the /metrics endpoint by putting it behind auth. +# If you want your controller-manager to expose the /metrics +# endpoint w/o any authn/z, please comment the following line. # - manager_auth_proxy_patch.yaml # If you want your controller-manager to expose the /metrics # endpoint w/o any authn/z, uncomment the following line and @@ -33,7 +36,8 @@ patchesStrategicMerge: # manager_prometheus_metrics_patch.yaml should be enabled. #- manager_prometheus_metrics_patch.yaml -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in crd/kustomization.yaml +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# crd/kustomization.yaml #- manager_webhook_patch.yaml # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. @@ -47,16 +51,16 @@ vars: #- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR # objref: # kind: Certificate -# group: certmanager.k8s.io -# version: v1alpha1 +# group: cert-manager.io +# version: v1 # name: serving-cert # this name should match the one in certificate.yaml # fieldref: # fieldpath: metadata.namespace #- name: CERTIFICATE_NAME # objref: # kind: Certificate -# group: certmanager.k8s.io -# version: v1alpha1 +# group: cert-manager.io +# version: v1 # name: serving-cert # this name should match the one in certificate.yaml #- name: SERVICE_NAMESPACE # namespace of the service # objref: diff --git a/apps/profiles/upstream/default/manager_auth_proxy_patch.yaml b/apps/profiles/upstream/default/manager_auth_proxy_patch.yaml index 889fdf74cc..131a314292 100644 --- a/apps/profiles/upstream/default/manager_auth_proxy_patch.yaml +++ b/apps/profiles/upstream/default/manager_auth_proxy_patch.yaml @@ -1,24 +1,34 @@ -# This patch inject a sidecar container which is a HTTP proxy for the controller manager, -# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. +# This patch inject a sidecar container which is a HTTP proxy for the +# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. apiVersion: apps/v1 kind: Deployment metadata: - name: deployment + name: controller-manager + namespace: system spec: template: spec: containers: - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0 args: - "--secure-listen-address=0.0.0.0:8443" - "--upstream=http://127.0.0.1:8080/" - "--logtostderr=true" - - "--v=10" + - "--v=0" ports: - containerPort: 8443 + protocol: TCP name: https + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi - name: manager args: - - "--metrics-addr=127.0.0.1:8080" - - "--enable-leader-election" + - "--health-probe-bind-address=:8081" + - "--metrics-bind-address=127.0.0.1:8080" + - "--leader-elect" diff --git a/apps/profiles/upstream/manager/kustomization.yaml b/apps/profiles/upstream/manager/kustomization.yaml index b6e143061c..e5b6827b42 100644 --- a/apps/profiles/upstream/manager/kustomization.yaml +++ b/apps/profiles/upstream/manager/kustomization.yaml @@ -3,9 +3,9 @@ resources: - service-account.yaml configMapGenerator: -- name: config - literals: +- literals: - ADMIN= - WORKLOAD_IDENTITY= - USERID_HEADER="kubeflow-userid" - USERID_PREFIX= + name: config \ No newline at end of file diff --git a/apps/profiles/upstream/manager/manager.yaml b/apps/profiles/upstream/manager/manager.yaml index 5666b66e81..7708b77e35 100644 --- a/apps/profiles/upstream/manager/manager.yaml +++ b/apps/profiles/upstream/manager/manager.yaml @@ -28,17 +28,24 @@ spec: envFrom: - configMapRef: name: config - image: public.ecr.aws/j1r0q0g6/notebooks/profile-controller + image: docker.io/kubeflownotebookswg/profile-controller imagePullPolicy: Always name: manager - livenessProbe: - httpGet: - path: /metrics - port: 8080 - initialDelaySeconds: 30 - periodSeconds: 30 ports: - containerPort: 8080 name: manager-http protocol: TCP - serviceAccountName: controller-service-account + - containerPort: 9876 + livenessProbe: + httpGet: + path: /healthz + port: 9876 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 9876 + initialDelaySeconds: 5 + periodSeconds: 10 + serviceAccountName: controller-manager diff --git a/apps/profiles/upstream/overlays/kubeflow/kustomization.yaml b/apps/profiles/upstream/overlays/kubeflow/kustomization.yaml index 2957d462de..e6bee083c1 100644 --- a/apps/profiles/upstream/overlays/kubeflow/kustomization.yaml +++ b/apps/profiles/upstream/overlays/kubeflow/kustomization.yaml @@ -27,6 +27,5 @@ vars: apiVersion: v1 images: -- name: public.ecr.aws/j1r0q0g6/notebooks/access-management - newName: public.ecr.aws/j1r0q0g6/notebooks/access-management - newTag: v1.5.0 +- name: docker.io/kubeflownotebookswg/kfam + newTag: v1.6.0-rc.1 diff --git a/apps/profiles/upstream/overlays/kubeflow/patches/kfam.yaml b/apps/profiles/upstream/overlays/kubeflow/patches/kfam.yaml index b4366df83b..96cf296e7f 100644 --- a/apps/profiles/upstream/overlays/kubeflow/patches/kfam.yaml +++ b/apps/profiles/upstream/overlays/kubeflow/patches/kfam.yaml @@ -20,7 +20,7 @@ spec: envFrom: - configMapRef: name: config - image: public.ecr.aws/j1r0q0g6/notebooks/access-management + image: docker.io/kubeflownotebookswg/kfam imagePullPolicy: Always name: kfam livenessProbe: diff --git a/apps/profiles/upstream/prometheus/kustomization.yaml b/apps/profiles/upstream/prometheus/kustomization.yaml new file mode 100644 index 0000000000..ed137168a1 --- /dev/null +++ b/apps/profiles/upstream/prometheus/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- monitor.yaml diff --git a/apps/profiles/upstream/prometheus/monitor.yaml b/apps/profiles/upstream/prometheus/monitor.yaml new file mode 100644 index 0000000000..d19136ae71 --- /dev/null +++ b/apps/profiles/upstream/prometheus/monitor.yaml @@ -0,0 +1,20 @@ + +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - path: /metrics + port: https + scheme: https + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + tlsConfig: + insecureSkipVerify: true + selector: + matchLabels: + control-plane: controller-manager diff --git a/apps/profiles/upstream/rbac/auth_proxy_client_clusterrole.yaml b/apps/profiles/upstream/rbac/auth_proxy_client_clusterrole.yaml new file mode 100644 index 0000000000..51a75db47a --- /dev/null +++ b/apps/profiles/upstream/rbac/auth_proxy_client_clusterrole.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-reader +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/apps/profiles/upstream/rbac/auth_proxy_role.yaml b/apps/profiles/upstream/rbac/auth_proxy_role.yaml index 618f5e4177..80e1857c59 100644 --- a/apps/profiles/upstream/rbac/auth_proxy_role.yaml +++ b/apps/profiles/upstream/rbac/auth_proxy_role.yaml @@ -3,11 +3,15 @@ kind: ClusterRole metadata: name: proxy-role rules: -- apiGroups: ["authentication.k8s.io"] +- apiGroups: + - authentication.k8s.io resources: - tokenreviews - verbs: ["create"] -- apiGroups: ["authorization.k8s.io"] + verbs: + - create +- apiGroups: + - authorization.k8s.io resources: - subjectaccessreviews - verbs: ["create"] + verbs: + - create diff --git a/apps/profiles/upstream/rbac/auth_proxy_service.yaml b/apps/profiles/upstream/rbac/auth_proxy_service.yaml index d61e5469fb..71f1797279 100644 --- a/apps/profiles/upstream/rbac/auth_proxy_service.yaml +++ b/apps/profiles/upstream/rbac/auth_proxy_service.yaml @@ -1,10 +1,6 @@ apiVersion: v1 kind: Service metadata: - annotations: - prometheus.io/port: "8443" - prometheus.io/scheme: https - prometheus.io/scrape: "true" labels: control-plane: controller-manager name: controller-manager-metrics-service @@ -13,6 +9,7 @@ spec: ports: - name: https port: 8443 + protocol: TCP targetPort: https selector: control-plane: controller-manager diff --git a/apps/profiles/upstream/rbac/kustomization.yaml b/apps/profiles/upstream/rbac/kustomization.yaml index 00ea48591c..bd995d6fab 100644 --- a/apps/profiles/upstream/rbac/kustomization.yaml +++ b/apps/profiles/upstream/rbac/kustomization.yaml @@ -1,11 +1,18 @@ resources: +# All RBAC will be applied under this service account in +# the deployment namespace. You may comment out this resource +# if your manager will use a service account that exists at +# runtime. Be sure to update RoleBinding and ClusterRoleBinding +# subjects if changing service account names. +# - service_account.yaml # - role.yaml - role_binding.yaml - leader_election_role.yaml - leader_election_role_binding.yaml -# Comment the following 3 lines if you want to disable +# Comment the following 4 lines if you want to disable # the auth proxy (https://github.com/brancz/kube-rbac-proxy) # which protects your /metrics endpoint. # - auth_proxy_service.yaml # - auth_proxy_role.yaml # - auth_proxy_role_binding.yaml +# - auth_proxy_client_clusterrole.yaml diff --git a/apps/profiles/upstream/rbac/leader_election_role_binding.yaml b/apps/profiles/upstream/rbac/leader_election_role_binding.yaml index 902b8d9f1f..e2afd1e758 100644 --- a/apps/profiles/upstream/rbac/leader_election_role_binding.yaml +++ b/apps/profiles/upstream/rbac/leader_election_role_binding.yaml @@ -8,4 +8,4 @@ roleRef: name: leader-election-role subjects: - kind: ServiceAccount - name: controller-service-account \ No newline at end of file + name: controller-service-account diff --git a/apps/profiles/upstream/rbac/profile_editor_role.yaml b/apps/profiles/upstream/rbac/profile_editor_role.yaml new file mode 100644 index 0000000000..daf0325166 --- /dev/null +++ b/apps/profiles/upstream/rbac/profile_editor_role.yaml @@ -0,0 +1,24 @@ +# permissions for end users to edit profiles. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: profile-editor-role +rules: +- apiGroups: + - kubeflow.org + resources: + - profiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - kubeflow.org + resources: + - profiles/status + verbs: + - get diff --git a/apps/profiles/upstream/rbac/profile_viewer_role.yaml b/apps/profiles/upstream/rbac/profile_viewer_role.yaml new file mode 100644 index 0000000000..b14ccd5556 --- /dev/null +++ b/apps/profiles/upstream/rbac/profile_viewer_role.yaml @@ -0,0 +1,20 @@ +# permissions for end users to view profiles. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: profile-viewer-role +rules: +- apiGroups: + - kubeflow.org + resources: + - profiles + verbs: + - get + - list + - watch +- apiGroups: + - kubeflow.org + resources: + - profiles/status + verbs: + - get diff --git a/apps/profiles/upstream/rbac/role.yaml b/apps/profiles/upstream/rbac/role.yaml new file mode 100644 index 0000000000..db354a0c75 --- /dev/null +++ b/apps/profiles/upstream/rbac/role.yaml @@ -0,0 +1,39 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: manager-role +rules: +- apiGroups: + - "" + resources: + - namespaces + verbs: + - '*' +- apiGroups: + - "" + resources: + - serviceaccounts + verbs: + - '*' +- apiGroups: + - kubeflow.org + resources: + - profiles + - profiles/finalizers + - profiles/status + verbs: + - '*' +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + verbs: + - '*' +- apiGroups: + - security.istio.io + resources: + - authorizationpolicies + verbs: + - '*' diff --git a/apps/profiles/upstream/rbac/role_binding.yaml b/apps/profiles/upstream/rbac/role_binding.yaml index 3c260a3e04..6dc1096adb 100644 --- a/apps/profiles/upstream/rbac/role_binding.yaml +++ b/apps/profiles/upstream/rbac/role_binding.yaml @@ -1,12 +1,8 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: cluster-role-binding + name: cluster-rolebinding roleRef: - # profile-controller creates RoleBindings that give permissions in various - # user namespaces.These permissions are defined in another ClusterRole and is - # not known beforehand. Thus, profile-controller is using a more permissive - # ClusterRole. apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin diff --git a/apps/profiles/upstream/rbac/service_account.yaml b/apps/profiles/upstream/rbac/service_account.yaml new file mode 100644 index 0000000000..7cd6025bfc --- /dev/null +++ b/apps/profiles/upstream/rbac/service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: system diff --git a/apps/profiles/upstream/samples/_v1_profile.yaml b/apps/profiles/upstream/samples/_v1_profile.yaml new file mode 100644 index 0000000000..5a87ff0750 --- /dev/null +++ b/apps/profiles/upstream/samples/_v1_profile.yaml @@ -0,0 +1,6 @@ +apiVersion: kubeflow.org/v1 +kind: Profile +metadata: + name: profile-sample +spec: + # TODO(user): Add fields here diff --git a/apps/profiles/upstream/samples/_v1beta1_profile.yaml b/apps/profiles/upstream/samples/_v1beta1_profile.yaml new file mode 100644 index 0000000000..7e4a070b45 --- /dev/null +++ b/apps/profiles/upstream/samples/_v1beta1_profile.yaml @@ -0,0 +1,6 @@ +apiVersion: kubeflow.org/v1beta1 +kind: Profile +metadata: + name: profile-sample +spec: + # TODO(user): Add fields here diff --git a/apps/profiles/upstream/samples/profile_v1_aws_iam.yaml b/apps/profiles/upstream/samples/profile_v1_aws_iam.yaml deleted file mode 100644 index bd94903aaf..0000000000 --- a/apps/profiles/upstream/samples/profile_v1_aws_iam.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kubeflow.org/v1 -kind: Profile -metadata: - name: profile-aws-iam -spec: - owner: - kind: User - name: test-user@kubeflow.org - plugins: - - kind: AwsIamForServiceAccount - spec: - awsIamRole: arn:aws:iam::account-id:role/s3-reader diff --git a/apps/profiles/upstream/samples/profile_v1_profile.yaml b/apps/profiles/upstream/samples/profile_v1_profile.yaml deleted file mode 100644 index 4fd18b2c05..0000000000 --- a/apps/profiles/upstream/samples/profile_v1_profile.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kubeflow.org/v1 -kind: Profile -metadata: - name: profile-v1beta1 -spec: - owner: - kind: User - name: user1@abcd.com - plugins: - - kind: WorkloadIdentity - spec: - gcpServiceAccount: kubeflow2@project-id.iam.gserviceaccount.com diff --git a/apps/profiles/upstream/samples/profile_v1beta1_profile.yaml b/apps/profiles/upstream/samples/profile_v1beta1_profile.yaml deleted file mode 100644 index 6db0472423..0000000000 --- a/apps/profiles/upstream/samples/profile_v1beta1_profile.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: kubeflow.org/v1beta1 -kind: Profile -metadata: - name: kubeflow-user1 -spec: - owner: - kind: User - name: user1@abcd.com - plugins: - - kind: WorkloadIdentity - spec: - gcpServiceAccount: kubeflow2@project-id.iam.gserviceaccount.com - resourceQuotaSpec: - hard: - cpu: "10" - memory: 20Gi - pods: "20" diff --git a/apps/tensorboard/tensorboard-controller/upstream/base/kustomization.yaml b/apps/tensorboard/tensorboard-controller/upstream/base/kustomization.yaml index bcb75ea57a..b20097ddda 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/base/kustomization.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/base/kustomization.yaml @@ -2,38 +2,14 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - ../default -- service_account.yaml configMapGenerator: - name: tensorboard-controller-config literals: - RWO_PVC_SCHEDULING="True" + - TENSORBOARD_IMAGE=tensorflow/tensorflow:2.1.0 + - ISTIO_GATEWAY=kubeflow/kubeflow-gateway patchesStrategicMerge: - patches/add_controller_config.yaml -- patches/add_service_account.yaml -patches: -- patch: | - apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: "*" - subjects: - - kind: ServiceAccount - name: tensorboard-controller - target: - kind: "RoleBinding" - group: "rbac.authorization.k8s.io" -- patch: | - apiVersion: rbac.authorization.k8s.io/v1 - kind: ClusterRoleBinding - metadata: - name: "*" - subjects: - - kind: ServiceAccount - name: tensorboard-controller - target: - kind: "ClusterRoleBinding" - group: "rbac.authorization.k8s.io" images: -- name: public.ecr.aws/j1r0q0g6/notebooks/tensorboard-controller - newName: public.ecr.aws/j1r0q0g6/notebooks/tensorboard-controller - newTag: v1.5.0 +- name: docker.io/kubeflownotebookswg/tensorboard-controller + newTag: v1.6.0-rc.1 diff --git a/apps/tensorboard/tensorboard-controller/upstream/base/patches/add_controller_config.yaml b/apps/tensorboard/tensorboard-controller/upstream/base/patches/add_controller_config.yaml index 221a2d719f..d5d2827dc9 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/base/patches/add_controller_config.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/base/patches/add_controller_config.yaml @@ -1,8 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager - namespace: system + name: deployment spec: template: spec: diff --git a/apps/tensorboard/tensorboard-controller/upstream/base/patches/add_service_account.yaml b/apps/tensorboard/tensorboard-controller/upstream/base/patches/add_service_account.yaml index db108a6f08..8491360112 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/base/patches/add_service_account.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/base/patches/add_service_account.yaml @@ -1,8 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager - namespace: system + name: deployment spec: template: spec: diff --git a/apps/tensorboard/tensorboard-controller/upstream/crd/bases/tensorboard.kubeflow.org_tensorboards.yaml b/apps/tensorboard/tensorboard-controller/upstream/crd/bases/tensorboard.kubeflow.org_tensorboards.yaml index cc3a1e9f6e..2c3666053b 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/crd/bases/tensorboard.kubeflow.org_tensorboards.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/crd/bases/tensorboard.kubeflow.org_tensorboards.yaml @@ -1,10 +1,9 @@ - --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.2.5 + controller-gen.kubebuilder.io/version: v0.8.0 creationTimestamp: null name: tensorboards.tensorboard.kubeflow.org spec: @@ -15,70 +14,70 @@ spec: plural: tensorboards singular: tensorboard scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - description: Tensorboard is the Schema for the tensorboards API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: TensorboardSpec defines the desired state of Tensorboard - properties: - logspath: - description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster - Important: Run "make" to regenerate code after modifying this file' - type: string - required: - - logspath - type: object - status: - description: TensorboardStatus defines the observed state of Tensorboard - properties: - conditions: - description: Conditions is an array of current conditions - items: - description: TensorboardCondition defines the observed state of Tensorboard - properties: - deploymentState: - description: Deployment status, 'Available', 'Progressing', 'ReplicaFailure' - . - type: string - lastProbeTime: - description: Last time we probed the condition. - format: date-time - type: string - required: - - deploymentState - type: object - type: array - readyReplicas: - description: ReadyReplicas defines the number of Tensorboard Servers - that are available to connect. The value of ReadyReplicas can be either - 0 or 1 - format: int32 - type: integer - required: - - conditions - - readyReplicas - type: object - type: object - version: v1alpha1 versions: - name: v1alpha1 + schema: + openAPIV3Schema: + description: Tensorboard is the Schema for the tensorboards API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: TensorboardSpec defines the desired state of Tensorboard + properties: + logspath: + description: 'INSERT ADDITIONAL SPEC FIELDS - desired state of cluster + Important: Run "make" to regenerate code after modifying this file' + type: string + required: + - logspath + type: object + status: + description: TensorboardStatus defines the observed state of Tensorboard + properties: + conditions: + description: Conditions is an array of current conditions + items: + description: TensorboardCondition defines the observed state of + Tensorboard + properties: + deploymentState: + description: Deployment status, 'Available', 'Progressing', + 'ReplicaFailure' . + type: string + lastProbeTime: + description: Last time we probed the condition. + format: date-time + type: string + required: + - deploymentState + type: object + type: array + readyReplicas: + description: ReadyReplicas defines the number of Tensorboard Servers + that are available to connect. The value of ReadyReplicas can be + either 0 or 1 + format: int32 + type: integer + required: + - conditions + - readyReplicas + type: object + type: object served: true storage: true + subresources: + status: {} status: acceptedNames: kind: "" diff --git a/apps/tensorboard/tensorboard-controller/upstream/crd/kustomization.yaml b/apps/tensorboard/tensorboard-controller/upstream/crd/kustomization.yaml index cfca2421f8..2c596543a2 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/crd/kustomization.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/crd/kustomization.yaml @@ -3,18 +3,18 @@ # It should be run by config/default resources: - bases/tensorboard.kubeflow.org_tensorboards.yaml -# +kubebuilder:scaffold:crdkustomizeresource +#+kubebuilder:scaffold:crdkustomizeresource patchesStrategicMerge: # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix. # patches here are for enabling the conversion webhook for each CRD #- patches/webhook_in_tensorboards.yaml -# +kubebuilder:scaffold:crdkustomizewebhookpatch +#+kubebuilder:scaffold:crdkustomizewebhookpatch -# [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix. +# [CERTMANAGER] To enable cert-manager, uncomment all the sections with [CERTMANAGER] prefix. # patches here are for enabling the CA injection for each CRD #- patches/cainjection_in_tensorboards.yaml -# +kubebuilder:scaffold:crdkustomizecainjectionpatch +#+kubebuilder:scaffold:crdkustomizecainjectionpatch # the following config is for teaching kustomize how to do kustomization for CRDs. configurations: diff --git a/apps/tensorboard/tensorboard-controller/upstream/crd/kustomizeconfig.yaml b/apps/tensorboard/tensorboard-controller/upstream/crd/kustomizeconfig.yaml index 6f83d9a94b..ec5c150a9d 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/crd/kustomizeconfig.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/crd/kustomizeconfig.yaml @@ -4,13 +4,15 @@ nameReference: version: v1 fieldSpecs: - kind: CustomResourceDefinition + version: v1 group: apiextensions.k8s.io - path: spec/conversion/webhookClientConfig/service/name + path: spec/conversion/webhook/clientConfig/service/name namespace: - kind: CustomResourceDefinition + version: v1 group: apiextensions.k8s.io - path: spec/conversion/webhookClientConfig/service/namespace + path: spec/conversion/webhook/clientConfig/service/namespace create: false varReference: diff --git a/apps/tensorboard/tensorboard-controller/upstream/crd/patches/cainjection_in_tensorboards.yaml b/apps/tensorboard/tensorboard-controller/upstream/crd/patches/cainjection_in_tensorboards.yaml index 7258fc4307..8f5fd6c5a8 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/crd/patches/cainjection_in_tensorboards.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/crd/patches/cainjection_in_tensorboards.yaml @@ -1,8 +1,7 @@ # The following patch adds a directive for certmanager to inject CA into the CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - certmanager.k8s.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) name: tensorboards.tensorboard.kubeflow.org diff --git a/apps/tensorboard/tensorboard-controller/upstream/crd/patches/webhook_in_tensorboards.yaml b/apps/tensorboard/tensorboard-controller/upstream/crd/patches/webhook_in_tensorboards.yaml index 789da5e661..2497153fa4 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/crd/patches/webhook_in_tensorboards.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/crd/patches/webhook_in_tensorboards.yaml @@ -1,17 +1,16 @@ -# The following patch enables conversion webhook for CRD -# CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +# The following patch enables a conversion webhook for the CRD +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: tensorboards.tensorboard.kubeflow.org spec: conversion: strategy: Webhook - webhookClientConfig: - # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, - # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) - caBundle: Cg== - service: - namespace: system - name: webhook-service - path: /convert + webhook: + clientConfig: + service: + namespace: system + name: webhook-service + path: /convert + conversionReviewVersions: + - v1 diff --git a/apps/tensorboard/tensorboard-controller/upstream/default/kustomization.yaml b/apps/tensorboard/tensorboard-controller/upstream/default/kustomization.yaml index cf51dcfcd0..399ffd068f 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/default/kustomization.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/default/kustomization.yaml @@ -14,27 +14,29 @@ commonLabels: kustomize.component: tensorboard-controller bases: -- ../crd -- ../rbac -- ../manager -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in crd/kustomization.yaml + - ../crd + - ../rbac + - ../manager +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# crd/kustomization.yaml #- ../webhook # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. #- ../certmanager +# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. +#- ../prometheus patchesStrategicMerge: # Protect the /metrics endpoint by putting it behind auth. - # Only one of manager_auth_proxy_patch.yaml and - # manager_prometheus_metrics_patch.yaml should be enabled. -- manager_auth_proxy_patch.yaml # If you want your controller-manager to expose the /metrics - # endpoint w/o any authn/z, uncomment the following line and - # comment manager_auth_proxy_patch.yaml. - # Only one of manager_auth_proxy_patch.yaml and - # manager_prometheus_metrics_patch.yaml should be enabled. -#- manager_prometheus_metrics_patch.yaml + # endpoint w/o any authn/z, please comment the following line. + - manager_auth_proxy_patch.yaml -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in crd/kustomization.yaml +# Mount the controller config file for loading manager configurations +# through a ComponentConfig type +#- manager_config_patch.yaml + +# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in +# crd/kustomization.yaml #- manager_webhook_patch.yaml # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. @@ -48,16 +50,16 @@ vars: #- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR # objref: # kind: Certificate -# group: certmanager.k8s.io -# version: v1alpha1 +# group: cert-manager.io +# version: v1 # name: serving-cert # this name should match the one in certificate.yaml # fieldref: # fieldpath: metadata.namespace #- name: CERTIFICATE_NAME # objref: # kind: Certificate -# group: certmanager.k8s.io -# version: v1alpha1 +# group: cert-manager.io +# version: v1 # name: serving-cert # this name should match the one in certificate.yaml #- name: SERVICE_NAMESPACE # namespace of the service # objref: diff --git a/apps/tensorboard/tensorboard-controller/upstream/default/manager_auth_proxy_patch.yaml b/apps/tensorboard/tensorboard-controller/upstream/default/manager_auth_proxy_patch.yaml index 989d698878..10da88ce4e 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/default/manager_auth_proxy_patch.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/default/manager_auth_proxy_patch.yaml @@ -1,25 +1,32 @@ -# This patch inject a sidecar container which is a HTTP proxy for the controller manager, -# it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. +# This patch inject a sidecar container which is a HTTP proxy for the +# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager - namespace: system + name: deployment spec: template: spec: containers: - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=10" - ports: - - containerPort: 8443 - name: https - - name: manager - args: - - "--metrics-addr=127.0.0.1:8080" - - "--enable-leader-election" + - name: kube-rbac-proxy + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 + args: + - "--secure-listen-address=0.0.0.0:8443" + - "--upstream=http://127.0.0.1:8080/" + - "--logtostderr=true" + - "--v=0" + ports: + - containerPort: 8443 + protocol: TCP + name: https + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 5m + memory: 64Mi + - name: manager + args: + - "--health-probe-bind-address=:8081" + - "--metrics-bind-address=127.0.0.1:8080" diff --git a/apps/tensorboard/tensorboard-controller/upstream/default/manager_prometheus_metrics_patch.yaml b/apps/tensorboard/tensorboard-controller/upstream/default/manager_prometheus_metrics_patch.yaml index 0b96c6813e..31cb5df32d 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/default/manager_prometheus_metrics_patch.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/default/manager_prometheus_metrics_patch.yaml @@ -2,8 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager - namespace: system + name: deployment spec: template: metadata: diff --git a/apps/tensorboard/tensorboard-controller/upstream/default/manager_webhook_patch.yaml b/apps/tensorboard/tensorboard-controller/upstream/default/manager_webhook_patch.yaml index 738de350b7..680e7b9bbd 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/default/manager_webhook_patch.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/default/manager_webhook_patch.yaml @@ -1,8 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager - namespace: system + name: deployment spec: template: spec: diff --git a/apps/tensorboard/tensorboard-controller/upstream/manager/controller_manager_config.yaml b/apps/tensorboard/tensorboard-controller/upstream/manager/controller_manager_config.yaml new file mode 100644 index 0000000000..8778751aae --- /dev/null +++ b/apps/tensorboard/tensorboard-controller/upstream/manager/controller_manager_config.yaml @@ -0,0 +1,11 @@ +apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 +kind: ControllerManagerConfig +health: + healthProbeBindAddress: :8081 +metrics: + bindAddress: 127.0.0.1:8080 +webhook: + port: 9443 +leaderElection: + leaderElect: false + resourceName: kubeflow-tensorboard-controller diff --git a/apps/tensorboard/tensorboard-controller/upstream/manager/manager.yaml b/apps/tensorboard/tensorboard-controller/upstream/manager/manager.yaml index 09507c93e4..7630a5bac9 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/manager/manager.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/manager/manager.yaml @@ -8,8 +8,7 @@ metadata: apiVersion: apps/v1 kind: Deployment metadata: - name: controller-manager - namespace: system + name: deployment labels: control-plane: controller-manager spec: @@ -19,21 +18,39 @@ spec: replicas: 1 template: metadata: + annotations: + kubectl.kubernetes.io/default-container: manager labels: control-plane: controller-manager spec: + securityContext: + runAsNonRoot: true + runAsUser: 999 containers: - - command: - - /manager - args: - - --enable-leader-election - image: public.ecr.aws/j1r0q0g6/notebooks/tensorboard-controller - name: manager - resources: - limits: - cpu: 100m - memory: 50Mi - requests: - cpu: 100m - memory: 30Mi + - command: + - /manager + image: docker.io/kubeflownotebookswg/tensorboard-controller + name: manager + securityContext: + allowPrivilegeEscalation: false + livenessProbe: + httpGet: + path: /healthz + port: 8081 + initialDelaySeconds: 15 + periodSeconds: 20 + readinessProbe: + httpGet: + path: /readyz + port: 8081 + initialDelaySeconds: 5 + periodSeconds: 10 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + serviceAccountName: controller-manager terminationGracePeriodSeconds: 10 diff --git a/apps/tensorboard/tensorboard-controller/upstream/prometheus/kustomization.yaml b/apps/tensorboard/tensorboard-controller/upstream/prometheus/kustomization.yaml new file mode 100644 index 0000000000..ed137168a1 --- /dev/null +++ b/apps/tensorboard/tensorboard-controller/upstream/prometheus/kustomization.yaml @@ -0,0 +1,2 @@ +resources: +- monitor.yaml diff --git a/apps/tensorboard/tensorboard-controller/upstream/prometheus/monitor.yaml b/apps/tensorboard/tensorboard-controller/upstream/prometheus/monitor.yaml new file mode 100644 index 0000000000..d19136ae71 --- /dev/null +++ b/apps/tensorboard/tensorboard-controller/upstream/prometheus/monitor.yaml @@ -0,0 +1,20 @@ + +# Prometheus Monitor Service (Metrics) +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + labels: + control-plane: controller-manager + name: controller-manager-metrics-monitor + namespace: system +spec: + endpoints: + - path: /metrics + port: https + scheme: https + bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + tlsConfig: + insecureSkipVerify: true + selector: + matchLabels: + control-plane: controller-manager diff --git a/apps/tensorboard/tensorboard-controller/upstream/rbac/auth_proxy_client_clusterrole.yaml b/apps/tensorboard/tensorboard-controller/upstream/rbac/auth_proxy_client_clusterrole.yaml new file mode 100644 index 0000000000..51a75db47a --- /dev/null +++ b/apps/tensorboard/tensorboard-controller/upstream/rbac/auth_proxy_client_clusterrole.yaml @@ -0,0 +1,9 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: metrics-reader +rules: +- nonResourceURLs: + - "/metrics" + verbs: + - get diff --git a/apps/tensorboard/tensorboard-controller/upstream/rbac/auth_proxy_role.yaml b/apps/tensorboard/tensorboard-controller/upstream/rbac/auth_proxy_role.yaml index 618f5e4177..2e55d6aeac 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/rbac/auth_proxy_role.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/rbac/auth_proxy_role.yaml @@ -3,11 +3,15 @@ kind: ClusterRole metadata: name: proxy-role rules: -- apiGroups: ["authentication.k8s.io"] - resources: - - tokenreviews - verbs: ["create"] -- apiGroups: ["authorization.k8s.io"] - resources: - - subjectaccessreviews - verbs: ["create"] + - apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create + - apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create diff --git a/apps/tensorboard/tensorboard-controller/upstream/rbac/auth_proxy_role_binding.yaml b/apps/tensorboard/tensorboard-controller/upstream/rbac/auth_proxy_role_binding.yaml index 48ed1e4b85..ec70c40200 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/rbac/auth_proxy_role_binding.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/rbac/auth_proxy_role_binding.yaml @@ -7,6 +7,6 @@ roleRef: kind: ClusterRole name: proxy-role subjects: -- kind: ServiceAccount - name: default - namespace: system + - kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/apps/tensorboard/tensorboard-controller/upstream/rbac/auth_proxy_service.yaml b/apps/tensorboard/tensorboard-controller/upstream/rbac/auth_proxy_service.yaml index d61e5469fb..7fa7a01045 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/rbac/auth_proxy_service.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/rbac/auth_proxy_service.yaml @@ -1,18 +1,15 @@ apiVersion: v1 kind: Service metadata: - annotations: - prometheus.io/port: "8443" - prometheus.io/scheme: https - prometheus.io/scrape: "true" labels: control-plane: controller-manager name: controller-manager-metrics-service namespace: system spec: ports: - - name: https - port: 8443 - targetPort: https + - name: https + port: 8443 + protocol: TCP + targetPort: https selector: control-plane: controller-manager diff --git a/apps/tensorboard/tensorboard-controller/upstream/rbac/kustomization.yaml b/apps/tensorboard/tensorboard-controller/upstream/rbac/kustomization.yaml index 817f1fe613..0ebbc6f6f0 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/rbac/kustomization.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/rbac/kustomization.yaml @@ -1,11 +1,18 @@ resources: -- role.yaml -- role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 3 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml + # All RBAC will be applied under this service account in + # the deployment namespace. You may comment out this resource + # if your manager will use a service account that exists at + # runtime. Be sure to update RoleBinding and ClusterRoleBinding + # subjects if changing service account names. + - service_account.yaml + - role.yaml + - role_binding.yaml + - leader_election_role.yaml + - leader_election_role_binding.yaml + # Comment the following 4 lines if you want to disable + # the auth proxy (https://github.com/brancz/kube-rbac-proxy) + # which protects your /metrics endpoint. + - auth_proxy_service.yaml + - auth_proxy_role.yaml + - auth_proxy_role_binding.yaml + - auth_proxy_client_clusterrole.yaml diff --git a/apps/tensorboard/tensorboard-controller/upstream/rbac/leader_election_role.yaml b/apps/tensorboard/tensorboard-controller/upstream/rbac/leader_election_role.yaml index eaa79158fb..9221419fae 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/rbac/leader_election_role.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/rbac/leader_election_role.yaml @@ -4,29 +4,34 @@ kind: Role metadata: name: leader-election-role rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - update - - patch -- apiGroups: - - "" - resources: - - events - verbs: - - create + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/apps/tensorboard/tensorboard-controller/upstream/rbac/leader_election_role_binding.yaml b/apps/tensorboard/tensorboard-controller/upstream/rbac/leader_election_role_binding.yaml index eed16906f4..887508ddef 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/rbac/leader_election_role_binding.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/rbac/leader_election_role_binding.yaml @@ -7,6 +7,6 @@ roleRef: kind: Role name: leader-election-role subjects: -- kind: ServiceAccount - name: default - namespace: system + - kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/apps/tensorboard/tensorboard-controller/upstream/rbac/role.yaml b/apps/tensorboard/tensorboard-controller/upstream/rbac/role.yaml index e958606c4b..6ea6ee5f83 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/rbac/role.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/rbac/role.yaml @@ -1,4 +1,3 @@ - --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -56,7 +55,6 @@ rules: - tensorboard.kubeflow.org resources: - tensorboards - - tensorboards/finalizers verbs: - create - delete @@ -65,6 +63,12 @@ rules: - patch - update - watch +- apiGroups: + - tensorboard.kubeflow.org + resources: + - tensorboards/finalizers + verbs: + - update - apiGroups: - tensorboard.kubeflow.org resources: diff --git a/apps/tensorboard/tensorboard-controller/upstream/rbac/role_binding.yaml b/apps/tensorboard/tensorboard-controller/upstream/rbac/role_binding.yaml index 8f2658702c..d5925c3ac9 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/rbac/role_binding.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/rbac/role_binding.yaml @@ -7,6 +7,6 @@ roleRef: kind: ClusterRole name: manager-role subjects: -- kind: ServiceAccount - name: default - namespace: system + - kind: ServiceAccount + name: controller-manager + namespace: system diff --git a/apps/tensorboard/tensorboard-controller/upstream/rbac/service_account.yaml b/apps/tensorboard/tensorboard-controller/upstream/rbac/service_account.yaml new file mode 100644 index 0000000000..7cd6025bfc --- /dev/null +++ b/apps/tensorboard/tensorboard-controller/upstream/rbac/service_account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: controller-manager + namespace: system diff --git a/apps/tensorboard/tensorboard-controller/upstream/samples/tensorboard_v1alpha1_tensorboard.yaml b/apps/tensorboard/tensorboard-controller/upstream/samples/tensorboard_v1alpha1_tensorboard.yaml index 6c93395a9e..f73590801a 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/samples/tensorboard_v1alpha1_tensorboard.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/samples/tensorboard_v1alpha1_tensorboard.yaml @@ -2,7 +2,7 @@ apiVersion: tensorboard.kubeflow.org/v1alpha1 kind: Tensorboard metadata: name: tensorboard-sample1 - namespace: kubeflow-quanlin + namespace: kubeflow spec: # Add fields here logspath: "gs://quanlinkubeflow1_tf_mnist_logs1/mnist_tutorial/" diff --git a/apps/tensorboard/tensorboards-web-app/upstream/base/deployment.yaml b/apps/tensorboard/tensorboards-web-app/upstream/base/deployment.yaml index f191cb793e..6c44af5937 100644 --- a/apps/tensorboard/tensorboards-web-app/upstream/base/deployment.yaml +++ b/apps/tensorboard/tensorboards-web-app/upstream/base/deployment.yaml @@ -11,7 +11,7 @@ spec: spec: containers: - name: tensorboards-web-app - image: public.ecr.aws/j1r0q0g6/notebooks/tensorboards-web-app + image: docker.io/kubeflownotebookswg/tensorboards-web-app ports: - containerPort: 5000 env: @@ -21,4 +21,6 @@ spec: value: $(TWA_USERID_HEADER) - name: USERID_PREFIX value: $(TWA_USERID_PREFIX) + - name: APP_SECURE_COOKIES + value: $(TWA_APP_SECURE_COOKIES) serviceAccountName: service-account diff --git a/apps/tensorboard/tensorboards-web-app/upstream/base/kustomization.yaml b/apps/tensorboard/tensorboards-web-app/upstream/base/kustomization.yaml index 68705c3457..ff83819d1b 100644 --- a/apps/tensorboard/tensorboards-web-app/upstream/base/kustomization.yaml +++ b/apps/tensorboard/tensorboards-web-app/upstream/base/kustomization.yaml @@ -12,9 +12,8 @@ commonLabels: app: tensorboards-web-app kustomize.component: tensorboards-web-app images: -- name: public.ecr.aws/j1r0q0g6/notebooks/tensorboards-web-app - newName: public.ecr.aws/j1r0q0g6/notebooks/tensorboards-web-app - newTag: v1.5.0 +- name: docker.io/kubeflownotebookswg/tensorboards-web-app + newTag: v1.6.0-rc.1 # We need the name to be unique without the suffix because the original name is what # gets used with patches configMapGenerator: diff --git a/apps/tensorboard/tensorboards-web-app/upstream/base/params.env b/apps/tensorboard/tensorboards-web-app/upstream/base/params.env index 929f5dd398..e21d77d542 100644 --- a/apps/tensorboard/tensorboards-web-app/upstream/base/params.env +++ b/apps/tensorboard/tensorboards-web-app/upstream/base/params.env @@ -2,3 +2,4 @@ TWA_CLUSTER_DOMAIN=cluster.local TWA_USERID_HEADER=kubeflow-userid TWA_USERID_PREFIX= TWA_PREFIX=/tensorboards +TWA_APP_SECURE_COOKIES=true diff --git a/apps/training-operator/upstream/base/crds/kubeflow.org_mpijobs.yaml b/apps/training-operator/upstream/base/crds/kubeflow.org_mpijobs.yaml index 3a3aefece6..50dd294114 100644 --- a/apps/training-operator/upstream/base/crds/kubeflow.org_mpijobs.yaml +++ b/apps/training-operator/upstream/base/crds/kubeflow.org_mpijobs.yaml @@ -424,12 +424,85 @@ spec: are ANDed. type: object type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object namespaces: description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); null - or empty list means "this pod's - namespace" + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -539,11 +612,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies - to (matches against); null or empty - list means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -655,12 +795,85 @@ spec: are ANDed. type: object type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object namespaces: description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); null - or empty list means "this pod's - namespace" + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -770,11 +983,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies - to (matches against); null or empty - list means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -811,12 +1091,14 @@ spec: properties: args: description: 'Arguments to the entrypoint. The - docker image''s CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). + container image''s CMD is used if this is not + provided. Variable references $(VAR_NAME) are + expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for + escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' @@ -825,16 +1107,17 @@ spec: type: array command: description: 'Entrypoint array. Not executed within - a shell. The docker image''s ENTRYPOINT is used - if this is not provided. Variable references + a shell. The container image''s ENTRYPOINT is + used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array @@ -851,13 +1134,15 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) - are expanded using the previous defined + are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can - be escaped with a double $$, ie: $$(VAR_NAME). + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' @@ -1011,7 +1296,8 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments @@ -1037,9 +1323,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -1110,10 +1395,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -1140,21 +1427,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -1225,10 +1510,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -1255,9 +1542,8 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -1282,6 +1568,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1350,10 +1656,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -1371,6 +1675,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -1442,9 +1768,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -1469,6 +1794,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1537,10 +1882,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -1558,6 +1901,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -1567,7 +1932,7 @@ spec: type: object resources: description: 'Compute Resources required by this - container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: limits: additionalProperties: @@ -1578,7 +1943,7 @@ spec: x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1592,12 +1957,14 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + description: 'SecurityContext defines the security + options the container should be run with. If + set, the fields of SecurityContext override + the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: @@ -1607,13 +1974,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -1634,7 +2004,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -1643,10 +2014,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -1654,7 +2029,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -1676,7 +2052,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -1686,7 +2063,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -1709,7 +2088,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -1740,7 +2121,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -1754,6 +2137,22 @@ spec: the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if + a container should be run as a 'Host + Process' container. This field is alpha-level + and will only be honored by components + that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed + to have a mix of HostProcess containers + and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container @@ -1776,14 +2175,11 @@ spec: parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. - This cannot be updated. This is a beta feature - enabled by the StartupProbe feature flag. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -1808,6 +2204,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1876,10 +2292,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -1897,6 +2311,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -2094,33 +2530,35 @@ spec: and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - This field is alpha-level and is only honored by servers - that enable the EphemeralContainers feature. + This field is beta-level and available on clusters + that haven't disabled the EphemeralContainers feature + gate. items: - description: An EphemeralContainer is a container - that may be added temporarily to an existing pod - for user-initiated activities such as debugging. - Ephemeral containers have no resource or scheduling - guarantees, and they will not be restarted when - they exit or when a pod is removed or restarted. - If an ephemeral container causes a pod to exceed - its resource allocation, the pod may be evicted. - Ephemeral containers may not be added by directly - updating the pod spec. They must be added via the - pod's ephemeralcontainers subresource, and they - will appear in the pod spec once added. This is - an alpha feature enabled by the EphemeralContainers - feature flag. + description: "An EphemeralContainer is a temporary + container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral + containers have no resource or scheduling guarantees, + and they will not be restarted when they exit or + when a Pod is removed or restarted. The kubelet + may evict a Pod if an ephemeral container causes + the Pod to exceed its resource allocation. \n To + add an ephemeral container, use the ephemeralcontainers + subresource of an existing Pod. Ephemeral containers + may not be removed or restarted. \n This is a beta + feature available on clusters that haven't disabled + the EphemeralContainers feature gate." properties: args: description: 'Arguments to the entrypoint. The - docker image''s CMD is used if this is not provided. + image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, regardless + string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: @@ -2128,16 +2566,17 @@ spec: type: array command: description: 'Entrypoint array. Not executed within - a shell. The docker image''s ENTRYPOINT is used - if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, - the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + a shell. The image''s ENTRYPOINT is used if + this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for + escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array @@ -2154,13 +2593,15 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) - are expanded using the previous defined + are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can - be escaped with a double $$, ie: $$(VAR_NAME). + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' @@ -2314,7 +2755,8 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images' + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images' type: string imagePullPolicy: description: 'Image pull policy. One of Always, @@ -2335,9 +2777,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -2408,10 +2849,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -2438,21 +2881,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -2523,10 +2964,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -2552,9 +2995,8 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -2579,6 +3021,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2647,10 +3109,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2668,6 +3128,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -2722,14 +3204,17 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -2754,6 +3239,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2822,10 +3327,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2843,6 +3346,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -2864,7 +3389,7 @@ spec: x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2878,12 +3403,14 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: SecurityContext is not allowed for - ephemeral containers. + description: 'Optional: SecurityContext defines + the security options the ephemeral container + should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext.' properties: allowPrivilegeEscalation: description: 'AllowPrivilegeEscalation controls @@ -2892,13 +3419,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -2919,7 +3449,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -2928,10 +3459,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -2939,7 +3474,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -2961,7 +3497,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -2971,7 +3508,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -2994,7 +3533,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -3025,7 +3566,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -3039,6 +3582,22 @@ spec: the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if + a container should be run as a 'Host + Process' container. This field is alpha-level + and will only be honored by components + that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed + to have a mix of HostProcess containers + and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container @@ -3056,9 +3615,8 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -3083,6 +3641,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3151,10 +3729,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3172,6 +3748,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -3202,13 +3800,15 @@ spec: EOF. Default is false type: boolean targetContainerName: - description: If set, the name of the container + description: "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set - then the ephemeral container is run in whatever - namespaces are shared for the pod. Note that - the container runtime must support this feature. + then the ephemeral container uses the namespaces + configured in the Pod spec. \n The container + runtime must implement support for this feature. + If the runtime does not support namespace targeting + then the result of setting this field is undefined." type: string terminationMessagePath: description: 'Optional: Path at which the file @@ -3261,7 +3861,8 @@ spec: type: array volumeMounts: description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + filesystem. Subpath mounts are not allowed for + ephemeral containers. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -3360,9 +3961,8 @@ spec: references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual - puller implementations for them to use. For example, - in the case of docker, only DockerConfig type secrets - are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + puller implementations for them to use. More info: + https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: description: LocalObjectReference contains enough information to let you locate the referenced object @@ -3399,12 +3999,14 @@ spec: properties: args: description: 'Arguments to the entrypoint. The - docker image''s CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). + container image''s CMD is used if this is not + provided. Variable references $(VAR_NAME) are + expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for + escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' @@ -3413,16 +4015,17 @@ spec: type: array command: description: 'Entrypoint array. Not executed within - a shell. The docker image''s ENTRYPOINT is used - if this is not provided. Variable references + a shell. The container image''s ENTRYPOINT is + used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array @@ -3439,13 +4042,15 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) - are expanded using the previous defined + are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can - be escaped with a double $$, ie: $$(VAR_NAME). + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' @@ -3599,7 +4204,8 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments @@ -3625,9 +4231,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -3698,10 +4303,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -3728,21 +4335,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -3813,10 +4418,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -3843,9 +4450,8 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -3870,6 +4476,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3938,10 +4564,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3959,6 +4583,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -4030,9 +4676,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -4057,6 +4702,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4125,10 +4790,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4146,6 +4809,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -4155,7 +4840,7 @@ spec: type: object resources: description: 'Compute Resources required by this - container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: limits: additionalProperties: @@ -4166,7 +4851,7 @@ spec: x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -4180,12 +4865,14 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + description: 'SecurityContext defines the security + options the container should be run with. If + set, the fields of SecurityContext override + the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: @@ -4195,13 +4882,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -4222,7 +4912,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -4231,10 +4922,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -4242,7 +4937,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -4264,7 +4960,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -4274,7 +4971,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -4297,7 +4996,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -4328,7 +5029,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -4342,6 +5045,22 @@ spec: the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if + a container should be run as a 'Host + Process' container. This field is alpha-level + and will only be honored by components + that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed + to have a mix of HostProcess containers + and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container @@ -4364,14 +5083,11 @@ spec: parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. - This cannot be updated. This is a beta feature - enabled by the StartupProbe feature flag. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -4396,6 +5112,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4464,10 +5200,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4485,6 +5219,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -4634,6 +5390,40 @@ spec: must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object + x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in + the pod. Some pod and container fields are restricted + if this is set. \n If the OS field is set to linux, + the following fields must be unset: -securityContext.windowsOptions + \n If the OS field is set to windows, following fields + must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions + - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities + - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - + spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup This + is a beta field and requires the IdentifyPodOS feature" + properties: + name: + description: 'Name is the name of the operating + system. The currently supported values are linux + and windows. Additional value may be defined in + future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values + and treat unrecognized values in this field as + os: null' + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -4652,17 +5442,12 @@ spec: and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. - More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md - This field is alpha-level as of Kubernetes v1.16, - and is only honored by servers that enable the PodOverhead - feature.' + More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' type: object preemptionPolicy: description: PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. - Defaults to PreemptLowerPriority if unset. This field - is beta-level, gated by the NonPreemptingPriority - feature-gate. + Defaults to PreemptLowerPriority if unset. type: string priority: description: The priority value. Various system components @@ -4687,7 +5472,7 @@ spec: be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" - More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' items: description: PodReadinessGate contains the reference to a pod condition @@ -4713,8 +5498,7 @@ spec: or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: - https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is a beta feature as of Kubernetes v1.14.' + https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' type: string schedulerName: description: If specified, the pod will be dispatched @@ -4736,7 +5520,9 @@ spec: is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not - modify the ownership and permissions of any volume." + modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name + is windows." format: int64 type: integer fsGroupChangePolicy: @@ -4747,7 +5533,9 @@ spec: based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' + and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name + is windows.' type: string runAsGroup: description: The GID to run the entrypoint of the @@ -4755,7 +5543,8 @@ spec: May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -4776,6 +5565,8 @@ spec: set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: @@ -4785,7 +5576,8 @@ spec: for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot + be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that @@ -4806,7 +5598,8 @@ spec: type: object seccompProfile: description: The seccomp options to use by the containers - in this pod. + in this pod. Note that this field cannot be set + when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -4832,7 +5625,9 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, - no groups will be added to any container. + no groups will be added to any container. Note + that this field cannot be set when spec.os.name + is windows. items: format: int64 type: integer @@ -4841,6 +5636,8 @@ spec: description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name + is windows. items: description: Sysctl defines a kernel parameter to be set @@ -4862,6 +5659,8 @@ spec: within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -4873,6 +5672,20 @@ spec: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be + honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. Defaults @@ -4924,10 +5737,11 @@ spec: description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value - zero indicates delete immediately. If this value is - nil, the default grace period will be used instead. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination + zero indicates stop immediately via the kill signal + (no opportunity to shut down). If this value is nil, + the default grace period will be used instead. The + grace period is the duration in seconds after the + processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults @@ -5047,28 +5861,69 @@ spec: `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and - the global minimum. For example, in a 3-zone + the global minimum. The global minimum is the + minimum number of matching pods in an eligible + domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with - the same labelSelector spread as 1/1/0: | zone1 - | zone2 | zone3 | | P | P | | - - if MaxSkew is 1, incoming pod can only be - scheduled to zone3 to become 1/1/1; scheduling - it onto zone1(zone2) would make the ActualSkew(2-0) - on zone1(zone2) violate MaxSkew(1). - if MaxSkew - is 2, incoming pod can be scheduled onto any - zone. When `whenUnsatisfiable=ScheduleAnyway`, + the same labelSelector spread as 2/2/1: In this + case, the global minimum is 1. | zone1 | zone2 + | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to + zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It''s a required field. Default value is 1 and 0 is not allowed.' format: int32 type: integer + minDomains: + description: "MinDomains indicates a minimum number + of eligible domains. When the number of eligible + domains with matching topology keys is less + than minDomains, Pod Topology Spread treats + \"global minimum\" as 0, and then the calculation + of Skew is performed. And when the number of + eligible domains with matching topology keys + equals or greater than minDomains, this value + has no effect on scheduling. As a result, when + the number of eligible domains is less than + minDomains, scheduler won't schedule more than + maxSkew Pods to those domains. If value is nil, + the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than + 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a + 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector + spread as 2/2/2: | zone1 | zone2 | zone3 | | + \ P P | P P | P P | The number of domains + is less than 5(MinDomains), so \"global minimum\" + is treated as 0. In this situation, new pod + with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new + Pod is scheduled to any of the three zones, + it will violate MaxSkew. \n This is an alpha + field and requires enabling MinDomainsInPodTopologySpread + feature gate." + format: int32 + type: integer topologyKey: description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into - each bucket. It's a required field. + each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible + domain as a domain whose nodes match the node + selector. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, + if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. It's + a required field. type: string whenUnsatisfiable: description: 'WhenUnsatisfiable indicates how @@ -5080,7 +5935,7 @@ spec: topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible - node assigment for that pod would violate "MaxSkew" + node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 @@ -5111,77 +5966,78 @@ spec: pod. properties: awsElasticBlockStore: - description: 'AWSElasticBlockStore represents + description: 'awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + description: 'fsType is the filesystem type + of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume - that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the - property empty).' + description: 'partition is the partition in + the volume that you want to mount. If omitted, + the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can + leave the property empty).' format: int32 type: integer readOnly: - description: 'Specify "true" to force and - set the ReadOnly property in VolumeMounts - to "true". If omitted, the default is "false". - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'readOnly value true will force + the readOnly setting in VolumeMounts. More + info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'Unique ID of the persistent - disk resource in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'volumeID is unique ID of the + persistent disk resource in AWS (Amazon + EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: AzureDisk represents an Azure Data + description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. properties: cachingMode: - description: 'Host Caching mode: None, Read - Only, Read Write.' + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' type: string diskName: - description: The Name of the data disk in - the blob storage + description: diskName is the Name of the data + disk in the blob storage type: string diskURI: - description: The URI the data disk in the - blob storage + description: diskURI is the URI of data disk + in the blob storage type: string fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is Filesystem type to + mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string kind: - description: 'Expected values Shared: multiple - blob disks per storage account Dedicated: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' type: string readOnly: - description: Defaults to false (read/write). + description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean @@ -5190,56 +6046,59 @@ spec: - diskURI type: object azureFile: - description: AzureFile represents an Azure File + description: azureFile represents an Azure File Service mount on the host and bind mount to the pod. properties: readOnly: - description: Defaults to false (read/write). + description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: the name of secret that contains - Azure Storage Account Name and Key + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key type: string shareName: - description: Share Name + description: shareName is the azure share + Name type: string required: - secretName - shareName type: object cephfs: - description: CephFS represents a Ceph FS mount + description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: monitors: - description: 'Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'monitors is Required: Monitors + is a collection of Ceph monitors More info: + https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'Optional: Used as the mounted - root, rather than the full Ceph tree, default - is /' + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' type: string readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'readOnly is Optional: Defaults + to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretFile is Optional: SecretFile + is the path to key ring for User, default + is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'Optional: SecretRef is reference - to the authentication secret for User, default - is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretRef is Optional: SecretRef + is reference to the authentication secret + for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: description: 'Name of the referent. More @@ -5249,34 +6108,35 @@ spec: type: string type: object user: - description: 'Optional: User is the rados - user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'user is optional: User is the + rados user name, default is admin More info: + https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'Cinder represents a cinder volume + description: 'cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'Optional: points to a secret - object containing parameters used to connect - to OpenStack.' + description: 'secretRef is optional: points + to a secret object containing parameters + used to connect to OpenStack.' properties: name: description: 'Name of the referent. More @@ -5286,32 +6146,33 @@ spec: type: string type: object volumeID: - description: 'volume id used to identify the + description: 'volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: ConfigMap represents a configMap + description: configMap represents a configMap that should populate this volume properties: defaultMode: - description: 'Optional: mode bits used to - set permissions on created files by default. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the - path are not affected by this setting. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits set.' + description: 'defaultMode is optional: mode + bits used to set permissions on created + files by default. Must be an octal value + between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. + Directories within the path are not affected + by this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value + description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content @@ -5328,27 +6189,27 @@ spec: within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used - to set permissions on this file. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' + description: 'mode is Optional: mode + bits used to set permissions on this + file. Must be an octal value between + 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. If not + specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the + file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain + description: path is the relative path + of the file to map the key to. May + not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string @@ -5364,30 +6225,30 @@ spec: kind, uid?' type: string optional: - description: Specify whether the ConfigMap - or its keys must be defined + description: optional specify whether the + ConfigMap or its keys must be defined type: boolean type: object csi: - description: CSI (Container Storage Interface) + description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). properties: driver: - description: Driver is the name of the CSI + description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. type: string fsType: - description: Filesystem type to mount. Ex. - "ext4", "xfs", "ntfs". If not provided, - the empty value is passed to the associated - CSI driver which will determine the default - filesystem to apply. + description: fsType to mount. Ex. "ext4", + "xfs", "ntfs". If not provided, the empty + value is passed to the associated CSI driver + which will determine the default filesystem + to apply. type: string nodePublishSecretRef: - description: NodePublishSecretRef is a reference + description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume @@ -5404,13 +6265,14 @@ spec: type: string type: object readOnly: - description: Specifies a read-only configuration - for the volume. Defaults to false (read/write). + description: readOnly specifies a read-only + configuration for the volume. Defaults to + false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: VolumeAttributes stores driver-specific + description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. @@ -5419,7 +6281,7 @@ spec: - driver type: object downwardAPI: - description: DownwardAPI represents downward API + description: downwardAPI represents downward API about the pod that should populate this volume properties: defaultMode: @@ -5520,62 +6382,59 @@ spec: type: array type: object emptyDir: - description: 'EmptyDir represents a temporary + description: 'emptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'What type of storage medium - should back this directory. The default - is "" which means to use the node''s default - medium. Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'medium represents what type + of storage medium should back this directory. + The default is "" which means to use the + node''s default medium. Must be an empty + string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'Total amount of local storage - required for this EmptyDir volume. The size - limit is also applicable for memory medium. - The maximum usage on memory medium EmptyDir - would be the minimum value between the SizeLimit - specified here and the sum of memory limits - of all containers in a pod. The default - is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'sizeLimit is the total amount + of local storage required for this EmptyDir + volume. The size limit is also applicable + for memory medium. The maximum usage on + memory medium EmptyDir would be the minimum + value between the SizeLimit specified here + and the sum of memory limits of all containers + in a pod. The default is nil which means + that the limit is undefined. More info: + http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "Ephemeral represents a volume that - is handled by a cluster storage driver (Alpha - feature). The volume's lifecycle is tied to - the pod that defines it - it will be created - before the pod starts, and deleted when the - pod is removed. \n Use this if: a) the volume - is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot - or capacity tracking are needed, c) the storage - driver is specified through a storage class, - and d) the storage driver supports dynamic volume - provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information - on the connection between this volume type and - PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes - that persist for longer than the lifecycle of - an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver is - meant to be used that way - see the documentation - of the driver for more information. \n A pod - can use both types of ephemeral volumes and - persistent volumes at the same time." + description: "ephemeral represents a volume that + is handled by a cluster storage driver. The + volume's lifecycle is tied to the pod that defines + it - it will be created before the pod starts, + and deleted when the pod is removed. \n Use + this if: a) the volume is only needed while + the pod runs, b) features of normal volumes + like restoring from snapshot or capacity tracking + are needed, c) the storage driver is specified + through a storage class, and d) the storage + driver supports dynamic volume provisioning + through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between + this volume type and PersistentVolumeClaim). + \n Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than + the lifecycle of an individual pod. \n Use CSI + for light-weight local ephemeral volumes if + the CSI driver is meant to be used that way + - see the documentation of the driver for more + information. \n A pod can use both types of + ephemeral volumes and persistent volumes at + the same time." properties: - readOnly: - description: Specifies a read-only configuration - for the volume. Defaults to false (read/write). - type: boolean volumeClaimTemplate: description: "Will be used to create a stand-alone PVC to provision the volume. The pod in @@ -5635,34 +6494,82 @@ spec: are also valid here. properties: accessModes: - description: 'AccessModes contains + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used - to specify either: * An existing - VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - - Beta) * An existing PVC (PersistentVolumeClaim) - * An existing custom resource/object - that implements data population - (Alpha) In order to use VolumeSnapshot - object types, the appropriate feature - gate must be enabled (VolumeSnapshotDataSource - or AnyVolumeDataSource) If the provisioner - or an external controller can support - the specified data source, it will - create a new volume based on the - contents of the specified data source. - If the specified data source is - not supported, the volume will not - be created and the failure will - be reported as an event. In the - future, we plan to support more - data source types and the behavior - of the provisioner may change.' + description: 'dataSource field can + be used to specify either: * An + existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external + controller can support the specified + data source, it will create a new + volume based on the contents of + the specified data source. If the + AnyVolumeDataSource feature gate + is enabled, this field will always + have the same contents as the DataSourceRef + field.' + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any + other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'dataSourceRef specifies + the object from which to populate + the volume with data, if a non-empty + volume is desired. This may be any + local object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, + volume binding will only succeed + if the type of the specified object + matches some installed volume populator + or dynamic provisioner. This field + will replace the functionality of + the DataSource field and as such + if both fields are non-empty, they + must have the same value. For backwards + compatibility, both fields (DataSource + and DataSourceRef) will be set to + the same value automatically if + one of them is empty and the other + is non-empty. There are two important + differences between DataSource and + DataSourceRef: * While DataSource + only allows two specific types of + objects, DataSourceRef allows + any non-core object, as well as + PersistentVolumeClaim objects. * + While DataSource ignores disallowed + values (dropping them), DataSourceRef preserves + all values, and generates an error + if a disallowed value is specified. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -5686,9 +6593,15 @@ spec: - name type: object resources: - description: 'Resources represents + description: 'resources represents the minimum resources the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed + to specify resource requirements + that are lower than previous value + but must still be higher than capacity + recorded in the status field of + the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -5700,7 +6613,7 @@ spec: description: 'Limits describes the maximum amount of compute resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5716,12 +6629,12 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: A label query over volumes - to consider for binding. + description: selector is a label query + over volumes to consider for binding. properties: matchExpressions: description: matchExpressions @@ -5781,9 +6694,9 @@ spec: type: object type: object storageClassName: - description: 'Name of the StorageClass - required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is + the name of the StorageClass required + by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what @@ -5792,7 +6705,7 @@ spec: when not included in claim spec. type: string volumeName: - description: VolumeName is the binding + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string @@ -5802,77 +6715,79 @@ spec: type: object type: object fc: - description: FC represents a Fibre Channel resource + description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. properties: fsType: - description: 'Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem - from compromising the machine' + description: 'fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. TODO: how do we prevent + errors in the filesystem from compromising + the machine' type: string lun: - description: 'Optional: FC target lun number' + description: 'lun is Optional: FC target lun + number' format: int32 type: integer readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts.' + description: 'readOnly is Optional: Defaults + to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'Optional: FC target worldwide - names (WWNs)' + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' items: type: string type: array wwids: - description: 'Optional: FC volume world wide - identifiers (wwids) Either wwids or combination - of targetWWNs and lun must be set, but not - both simultaneously.' + description: 'wwids Optional: FC volume world + wide identifiers (wwids) Either wwids or + combination of targetWWNs and lun must be + set, but not both simultaneously.' items: type: string type: array type: object flexVolume: - description: FlexVolume represents a generic volume + description: flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. properties: driver: - description: Driver is the name of the driver + description: driver is the name of the driver to use for this volume. type: string fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends on FlexVolume - script. + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends + on FlexVolume script. type: string options: additionalProperties: type: string - description: 'Optional: Extra command options - if any.' + description: 'options is Optional: this field + holds extra command options if any.' type: object readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts.' + description: 'readOnly is Optional: defaults + to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'Optional: SecretRef is reference - to the secret object containing sensitive - information to pass to the plugin scripts. - This may be empty if no secret object is - specified. If the secret object contains - more than one secret, all secrets are passed - to the plugin scripts.' + description: 'secretRef is Optional: secretRef + is reference to the secret object containing + sensitive information to pass to the plugin + scripts. This may be empty if no secret + object is specified. If the secret object + contains more than one secret, all secrets + are passed to the plugin scripts.' properties: name: description: 'Name of the referent. More @@ -5885,53 +6800,55 @@ spec: - driver type: object flocker: - description: Flocker represents a Flocker volume + description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running properties: datasetName: - description: Name of the dataset stored as - metadata -> name on the dataset for Flocker - should be considered as deprecated + description: datasetName is Name of the dataset + stored as metadata -> name on the dataset + for Flocker should be considered as deprecated type: string datasetUUID: - description: UUID of the dataset. This is - unique identifier of a Flocker dataset + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset type: string type: object gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE + description: 'gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + description: 'fsType is filesystem type of + the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume - that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the - property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'partition is the partition in + the volume that you want to mount. If omitted, + the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can + leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'Unique name of the PD resource - in GCE. Used to identify the disk in GCE. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'pdName is unique name of the + PD resource in GCE. Used to identify the + disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean @@ -5939,7 +6856,7 @@ spec: - pdName type: object gitRepo: - description: 'GitRepo represents a git repository + description: 'gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer @@ -5947,39 +6864,39 @@ spec: EmptyDir into the Pod''s container.' properties: directory: - description: Target directory name. Must not - contain or start with '..'. If '.' is supplied, - the volume directory will be the git repository. Otherwise, - if specified, the volume will contain the - git repository in the subdirectory with - the given name. + description: directory is the target directory + name. Must not contain or start with '..'. If + '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, + the volume will contain the git repository + in the subdirectory with the given name. type: string repository: - description: Repository URL + description: repository is the URL type: string revision: - description: Commit hash for the specified - revision. + description: revision is the commit hash for + the specified revision. type: string required: - repository type: object glusterfs: - description: 'Glusterfs represents a Glusterfs + description: 'glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'EndpointsName is the endpoint - name that details Glusterfs topology. More - info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'endpoints is the endpoint name + that details Glusterfs topology. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'Path is the Glusterfs volume + description: 'path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' @@ -5989,7 +6906,7 @@ spec: - path type: object hostPath: - description: 'HostPath represents a pre-existing + description: 'hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things @@ -6000,76 +6917,79 @@ spec: mount host directories as read/write.' properties: path: - description: 'Path of the directory on the + description: 'path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'Type for HostPath Volume Defaults + description: 'type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'ISCSI represents an ISCSI Disk resource + description: 'iscsi represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: whether support iSCSI Discovery - CHAP authentication + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: whether support iSCSI Session - CHAP authentication + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication type: boolean fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + description: 'fsType is the filesystem type + of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' type: string initiatorName: - description: Custom iSCSI Initiator Name. - If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for - the connection. + description: initiatorName is the custom iSCSI + Initiator Name. If initiatorName is specified + with iscsiInterface simultaneously, new + iSCSI interface : will be created for the connection. type: string iqn: - description: Target iSCSI Qualified Name. + description: iqn is the target iSCSI Qualified + Name. type: string iscsiInterface: - description: iSCSI Interface Name that uses - an iSCSI transport. Defaults to 'default' - (tcp). + description: iscsiInterface is the interface + Name that uses an iSCSI transport. Defaults + to 'default' (tcp). type: string lun: - description: iSCSI Target Lun number. + description: lun represents iSCSI Target Lun + number. format: int32 type: integer portals: - description: iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if - the port is other than default (typically + description: portals is the iSCSI Target Portal + List. The portal is either an IP or ip_addr:port + if the port is other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: ReadOnly here will force the + description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: CHAP Secret for iSCSI target - and initiator authentication + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication properties: name: description: 'Name of the referent. More @@ -6079,10 +6999,10 @@ spec: type: string type: object targetPortal: - description: iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port - is other than default (typically TCP ports - 860 and 3260). + description: targetPortal is iSCSI Target + Portal. The Portal is either an IP or ip_addr:port + if the port is other than default (typically + TCP ports 860 and 3260). type: string required: - iqn @@ -6090,26 +7010,26 @@ spec: - targetPortal type: object name: - description: 'Volume''s name. Must be a DNS_LABEL + description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'NFS represents an NFS mount on the + description: 'nfs represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'Path that is exported by the + description: 'path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'Server is the hostname or IP + description: 'server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: @@ -6117,99 +7037,101 @@ spec: - server type: object persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource + description: 'persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim + description: 'claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: Will force the ReadOnly setting - in VolumeMounts. Default false. + description: readOnly Will force the ReadOnly + setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: PhotonPersistentDisk represents a + description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string pdID: - description: ID that identifies Photon Controller - persistent disk + description: pdID is the ID that identifies + Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: PortworxVolume represents a portworx + description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine properties: fsType: - description: FSType represents the filesystem + description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). + description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: VolumeID uniquely identifies + description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: Items for all in one resources secrets, - configmaps, and downward API + description: projected items for all in one resources + secrets, configmaps, and downward API properties: defaultMode: - description: Mode bits used to set permissions - on created files by default. Must be an - octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both - octal and decimal values, JSON requires - decimal values for mode bits. Directories - within the path are not affected by this - setting. This might be in conflict with - other options that affect the file mode, - like fsGroup, and the result can be other - mode bits set. + description: defaultMode are the mode bits + used to set permissions on created files + by default. Must be an octal value between + 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. Directories within the path are + not affected by this setting. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set. format: int32 type: integer sources: - description: list of volume projections + description: sources is the list of volume + projections items: description: Projection that may be projected along with other supported volume types properties: configMap: - description: information about the configMap - data to project + description: configMap information about + the configMap data to project properties: items: - description: If unspecified, each - key-value pair in the Data field - of the referenced ConfigMap will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, + description: items if unspecified, + each key-value pair in the Data + field of the referenced ConfigMap + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. @@ -6224,11 +7146,12 @@ spec: to a path within a volume. properties: key: - description: The key to project. + description: key is the key + to project. type: string mode: - description: 'Optional: mode - bits used to set permissions + description: 'mode is Optional: + mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value @@ -6246,7 +7169,7 @@ spec: format: int32 type: integer path: - description: The relative + description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain @@ -6266,14 +7189,14 @@ spec: apiVersion, kind, uid?' type: string optional: - description: Specify whether the - ConfigMap or its keys must be - defined + description: optional specify whether + the ConfigMap or its keys must + be defined type: boolean type: object downwardAPI: - description: information about the downwardAPI - data to project + description: downwardAPI information + about the downwardAPI data to project properties: items: description: Items is a list of @@ -6370,16 +7293,16 @@ spec: type: array type: object secret: - description: information about the secret - data to project + description: secret information about + the secret data to project properties: items: - description: If unspecified, each - key-value pair in the Data field - of the referenced Secret will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, + description: items if unspecified, + each key-value pair in the Data + field of the referenced Secret + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. @@ -6394,11 +7317,12 @@ spec: to a path within a volume. properties: key: - description: The key to project. + description: key is the key + to project. type: string mode: - description: 'Optional: mode - bits used to set permissions + description: 'mode is Optional: + mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value @@ -6416,7 +7340,7 @@ spec: format: int32 type: integer path: - description: The relative + description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain @@ -6436,16 +7360,18 @@ spec: apiVersion, kind, uid?' type: string optional: - description: Specify whether the - Secret or its key must be defined + description: optional field specify + whether the Secret or its key + must be defined type: boolean type: object serviceAccountToken: - description: information about the serviceAccountToken + description: serviceAccountToken is + information about the serviceAccountToken data to project properties: audience: - description: Audience is the intended + description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in @@ -6455,7 +7381,7 @@ spec: of the apiserver. type: string expirationSeconds: - description: ExpirationSeconds is + description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, @@ -6471,7 +7397,7 @@ spec: format: int64 type: integer path: - description: Path is the path relative + description: path is the path relative to the mount point of the file to project the token into. type: string @@ -6480,41 +7406,39 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: - description: Quobyte represents a Quobyte mount + description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: - description: Group to map volume access to + description: group to map volume access to Default is no group type: string readOnly: - description: ReadOnly here will force the + description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. type: boolean registry: - description: Registry represents a single + description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes type: string tenant: - description: Tenant owning the given Quobyte + description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin type: string user: - description: User to map volume access to + description: user to map volume access to Defaults to serivceaccount user type: string volume: - description: Volume is a string that references + description: volume is a string that references an already created Quobyte volume by name. type: string required: @@ -6522,46 +7446,47 @@ spec: - volume type: object rbd: - description: 'RBD represents a Rados Block Device + description: 'rbd represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + description: 'fsType is the filesystem type + of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' type: string image: - description: 'The rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'Keyring is the path to key ring + description: 'keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'A collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'monitors is a collection of + Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'The rados pool name. Default - is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'pool is the rados pool name. + Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'SecretRef is name of the authentication + description: 'secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: @@ -6573,38 +7498,39 @@ spec: type: string type: object user: - description: 'The rados user name. Default - is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'user is the rados user name. + Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: ScaleIO represents a ScaleIO persistent + description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". type: string gateway: - description: The host address of the ScaleIO - API Gateway. + description: gateway is the host address of + the ScaleIO API Gateway. type: string protectionDomain: - description: The name of the ScaleIO Protection - Domain for the configured storage. + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. type: string readOnly: - description: Defaults to false (read/write). + description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef references to the secret + description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. @@ -6617,26 +7543,27 @@ spec: type: string type: object sslEnabled: - description: Flag to enable/disable SSL communication - with Gateway, default false + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false type: boolean storageMode: - description: Indicates whether the storage - for a volume should be ThickProvisioned + description: storageMode indicates whether + the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: The ScaleIO Storage Pool associated - with the protection domain. + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. type: string system: - description: The name of the storage system - as configured in ScaleIO. + description: system is the name of the storage + system as configured in ScaleIO. type: string volumeName: - description: The name of a volume already - created in the ScaleIO system that is associated - with this volume source. + description: volumeName is the name of a volume + already created in the ScaleIO system that + is associated with this volume source. type: string required: - gateway @@ -6644,25 +7571,26 @@ spec: - system type: object secret: - description: 'Secret represents a secret that + description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'Optional: mode bits used to - set permissions on created files by default. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the - path are not affected by this setting. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits set.' + description: 'defaultMode is Optional: mode + bits used to set permissions on created + files by default. Must be an octal value + between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. + Directories within the path are not affected + by this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value + description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content @@ -6679,27 +7607,27 @@ spec: within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used - to set permissions on this file. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' + description: 'mode is Optional: mode + bits used to set permissions on this + file. Must be an octal value between + 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. If not + specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the + file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain + description: path is the relative path + of the file to map the key to. May + not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string @@ -6709,31 +7637,33 @@ spec: type: object type: array optional: - description: Specify whether the Secret or - its keys must be defined + description: optional field specify whether + the Secret or its keys must be defined type: boolean secretName: - description: 'Name of the secret in the pod''s - namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'secretName is the name of the + secret in the pod''s namespace to use. More + info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: StorageOS represents a StorageOS + description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). + description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef specifies the secret + description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. properties: @@ -6745,12 +7675,12 @@ spec: type: string type: object volumeName: - description: VolumeName is the human-readable + description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. type: string volumeNamespace: - description: VolumeNamespace specifies the + description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the @@ -6763,27 +7693,29 @@ spec: type: string type: object vsphereVolume: - description: VsphereVolume represents a vSphere + description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is filesystem type to + mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string storagePolicyID: - description: Storage Policy Based Management - (SPBM) profile ID associated with the StoragePolicyName. + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. type: string storagePolicyName: - description: Storage Policy Based Management - (SPBM) profile name. + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. type: string volumePath: - description: Path that identifies vSphere - volume vmdk + description: volumePath is the path that identifies + vSphere volume vmdk type: string required: - volumePath diff --git a/apps/training-operator/upstream/base/crds/kubeflow.org_mxjobs.yaml b/apps/training-operator/upstream/base/crds/kubeflow.org_mxjobs.yaml index f526b6a2c4..60e34c10ac 100644 --- a/apps/training-operator/upstream/base/crds/kubeflow.org_mxjobs.yaml +++ b/apps/training-operator/upstream/base/crds/kubeflow.org_mxjobs.yaml @@ -422,12 +422,85 @@ spec: are ANDed. type: object type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object namespaces: description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); null - or empty list means "this pod's - namespace" + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -537,11 +610,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies - to (matches against); null or empty - list means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -653,12 +793,85 @@ spec: are ANDed. type: object type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object namespaces: description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); null - or empty list means "this pod's - namespace" + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -768,11 +981,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies - to (matches against); null or empty - list means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -809,12 +1089,14 @@ spec: properties: args: description: 'Arguments to the entrypoint. The - docker image''s CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). + container image''s CMD is used if this is not + provided. Variable references $(VAR_NAME) are + expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for + escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' @@ -823,16 +1105,17 @@ spec: type: array command: description: 'Entrypoint array. Not executed within - a shell. The docker image''s ENTRYPOINT is used - if this is not provided. Variable references + a shell. The container image''s ENTRYPOINT is + used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array @@ -849,13 +1132,15 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) - are expanded using the previous defined + are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can - be escaped with a double $$, ie: $$(VAR_NAME). + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' @@ -1009,7 +1294,8 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments @@ -1035,9 +1321,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -1108,10 +1393,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -1138,21 +1425,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -1223,10 +1508,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -1253,9 +1540,8 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -1280,6 +1566,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1348,10 +1654,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -1369,6 +1673,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -1440,9 +1766,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -1467,6 +1792,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1535,10 +1880,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -1556,6 +1899,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -1565,7 +1930,7 @@ spec: type: object resources: description: 'Compute Resources required by this - container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: limits: additionalProperties: @@ -1576,7 +1941,7 @@ spec: x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1590,12 +1955,14 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + description: 'SecurityContext defines the security + options the container should be run with. If + set, the fields of SecurityContext override + the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: @@ -1605,13 +1972,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -1632,7 +2002,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -1641,10 +2012,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -1652,7 +2027,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -1674,7 +2050,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -1684,7 +2061,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -1707,7 +2086,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -1738,7 +2119,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -1752,6 +2135,22 @@ spec: the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if + a container should be run as a 'Host + Process' container. This field is alpha-level + and will only be honored by components + that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed + to have a mix of HostProcess containers + and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container @@ -1774,14 +2173,11 @@ spec: parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. - This cannot be updated. This is a beta feature - enabled by the StartupProbe feature flag. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -1806,6 +2202,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1874,10 +2290,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -1895,6 +2309,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -2092,33 +2528,35 @@ spec: and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - This field is alpha-level and is only honored by servers - that enable the EphemeralContainers feature. + This field is beta-level and available on clusters + that haven't disabled the EphemeralContainers feature + gate. items: - description: An EphemeralContainer is a container - that may be added temporarily to an existing pod - for user-initiated activities such as debugging. - Ephemeral containers have no resource or scheduling - guarantees, and they will not be restarted when - they exit or when a pod is removed or restarted. - If an ephemeral container causes a pod to exceed - its resource allocation, the pod may be evicted. - Ephemeral containers may not be added by directly - updating the pod spec. They must be added via the - pod's ephemeralcontainers subresource, and they - will appear in the pod spec once added. This is - an alpha feature enabled by the EphemeralContainers - feature flag. + description: "An EphemeralContainer is a temporary + container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral + containers have no resource or scheduling guarantees, + and they will not be restarted when they exit or + when a Pod is removed or restarted. The kubelet + may evict a Pod if an ephemeral container causes + the Pod to exceed its resource allocation. \n To + add an ephemeral container, use the ephemeralcontainers + subresource of an existing Pod. Ephemeral containers + may not be removed or restarted. \n This is a beta + feature available on clusters that haven't disabled + the EphemeralContainers feature gate." properties: args: description: 'Arguments to the entrypoint. The - docker image''s CMD is used if this is not provided. + image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, regardless + string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: @@ -2126,16 +2564,17 @@ spec: type: array command: description: 'Entrypoint array. Not executed within - a shell. The docker image''s ENTRYPOINT is used - if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, - the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + a shell. The image''s ENTRYPOINT is used if + this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for + escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array @@ -2152,13 +2591,15 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) - are expanded using the previous defined + are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can - be escaped with a double $$, ie: $$(VAR_NAME). + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' @@ -2312,7 +2753,8 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images' + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images' type: string imagePullPolicy: description: 'Image pull policy. One of Always, @@ -2333,9 +2775,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -2406,10 +2847,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -2436,21 +2879,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -2521,10 +2962,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -2550,9 +2993,8 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -2577,6 +3019,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2645,10 +3107,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2666,6 +3126,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -2720,14 +3202,17 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -2752,6 +3237,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2820,10 +3325,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2841,6 +3344,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -2862,7 +3387,7 @@ spec: x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2876,12 +3401,14 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: SecurityContext is not allowed for - ephemeral containers. + description: 'Optional: SecurityContext defines + the security options the ephemeral container + should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext.' properties: allowPrivilegeEscalation: description: 'AllowPrivilegeEscalation controls @@ -2890,13 +3417,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -2917,7 +3447,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -2926,10 +3457,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -2937,7 +3472,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -2959,7 +3495,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -2969,7 +3506,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -2992,7 +3531,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -3023,7 +3564,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -3037,6 +3580,22 @@ spec: the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if + a container should be run as a 'Host + Process' container. This field is alpha-level + and will only be honored by components + that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed + to have a mix of HostProcess containers + and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container @@ -3054,9 +3613,8 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -3081,6 +3639,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3149,10 +3727,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3170,6 +3746,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -3200,13 +3798,15 @@ spec: EOF. Default is false type: boolean targetContainerName: - description: If set, the name of the container + description: "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set - then the ephemeral container is run in whatever - namespaces are shared for the pod. Note that - the container runtime must support this feature. + then the ephemeral container uses the namespaces + configured in the Pod spec. \n The container + runtime must implement support for this feature. + If the runtime does not support namespace targeting + then the result of setting this field is undefined." type: string terminationMessagePath: description: 'Optional: Path at which the file @@ -3259,7 +3859,8 @@ spec: type: array volumeMounts: description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + filesystem. Subpath mounts are not allowed for + ephemeral containers. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -3358,9 +3959,8 @@ spec: references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual - puller implementations for them to use. For example, - in the case of docker, only DockerConfig type secrets - are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + puller implementations for them to use. More info: + https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: description: LocalObjectReference contains enough information to let you locate the referenced object @@ -3397,12 +3997,14 @@ spec: properties: args: description: 'Arguments to the entrypoint. The - docker image''s CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). + container image''s CMD is used if this is not + provided. Variable references $(VAR_NAME) are + expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for + escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' @@ -3411,16 +4013,17 @@ spec: type: array command: description: 'Entrypoint array. Not executed within - a shell. The docker image''s ENTRYPOINT is used - if this is not provided. Variable references + a shell. The container image''s ENTRYPOINT is + used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array @@ -3437,13 +4040,15 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) - are expanded using the previous defined + are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can - be escaped with a double $$, ie: $$(VAR_NAME). + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' @@ -3597,7 +4202,8 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments @@ -3623,9 +4229,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -3696,10 +4301,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -3726,21 +4333,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -3811,10 +4416,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -3841,9 +4448,8 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -3868,6 +4474,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3936,10 +4562,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3957,6 +4581,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -4028,9 +4674,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -4055,6 +4700,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4123,10 +4788,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4144,6 +4807,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -4153,7 +4838,7 @@ spec: type: object resources: description: 'Compute Resources required by this - container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: limits: additionalProperties: @@ -4164,7 +4849,7 @@ spec: x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -4178,12 +4863,14 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + description: 'SecurityContext defines the security + options the container should be run with. If + set, the fields of SecurityContext override + the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: @@ -4193,13 +4880,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -4220,7 +4910,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -4229,10 +4920,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -4240,7 +4935,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -4262,7 +4958,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -4272,7 +4969,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -4295,7 +4994,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -4326,7 +5027,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -4340,6 +5043,22 @@ spec: the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if + a container should be run as a 'Host + Process' container. This field is alpha-level + and will only be honored by components + that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed + to have a mix of HostProcess containers + and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container @@ -4362,14 +5081,11 @@ spec: parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. - This cannot be updated. This is a beta feature - enabled by the StartupProbe feature flag. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -4394,6 +5110,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4462,10 +5198,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4483,6 +5217,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -4632,6 +5388,40 @@ spec: must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object + x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in + the pod. Some pod and container fields are restricted + if this is set. \n If the OS field is set to linux, + the following fields must be unset: -securityContext.windowsOptions + \n If the OS field is set to windows, following fields + must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions + - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities + - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - + spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup This + is a beta field and requires the IdentifyPodOS feature" + properties: + name: + description: 'Name is the name of the operating + system. The currently supported values are linux + and windows. Additional value may be defined in + future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values + and treat unrecognized values in this field as + os: null' + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -4650,17 +5440,12 @@ spec: and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. - More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md - This field is alpha-level as of Kubernetes v1.16, - and is only honored by servers that enable the PodOverhead - feature.' + More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' type: object preemptionPolicy: description: PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. - Defaults to PreemptLowerPriority if unset. This field - is beta-level, gated by the NonPreemptingPriority - feature-gate. + Defaults to PreemptLowerPriority if unset. type: string priority: description: The priority value. Various system components @@ -4685,7 +5470,7 @@ spec: be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" - More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' items: description: PodReadinessGate contains the reference to a pod condition @@ -4711,8 +5496,7 @@ spec: or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: - https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is a beta feature as of Kubernetes v1.14.' + https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' type: string schedulerName: description: If specified, the pod will be dispatched @@ -4734,7 +5518,9 @@ spec: is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not - modify the ownership and permissions of any volume." + modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name + is windows." format: int64 type: integer fsGroupChangePolicy: @@ -4745,7 +5531,9 @@ spec: based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' + and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name + is windows.' type: string runAsGroup: description: The GID to run the entrypoint of the @@ -4753,7 +5541,8 @@ spec: May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -4774,6 +5563,8 @@ spec: set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: @@ -4783,7 +5574,8 @@ spec: for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot + be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that @@ -4804,7 +5596,8 @@ spec: type: object seccompProfile: description: The seccomp options to use by the containers - in this pod. + in this pod. Note that this field cannot be set + when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -4830,7 +5623,9 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, - no groups will be added to any container. + no groups will be added to any container. Note + that this field cannot be set when spec.os.name + is windows. items: format: int64 type: integer @@ -4839,6 +5634,8 @@ spec: description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name + is windows. items: description: Sysctl defines a kernel parameter to be set @@ -4860,6 +5657,8 @@ spec: within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -4871,6 +5670,20 @@ spec: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be + honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. Defaults @@ -4922,10 +5735,11 @@ spec: description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value - zero indicates delete immediately. If this value is - nil, the default grace period will be used instead. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination + zero indicates stop immediately via the kill signal + (no opportunity to shut down). If this value is nil, + the default grace period will be used instead. The + grace period is the duration in seconds after the + processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults @@ -5045,28 +5859,69 @@ spec: `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and - the global minimum. For example, in a 3-zone + the global minimum. The global minimum is the + minimum number of matching pods in an eligible + domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with - the same labelSelector spread as 1/1/0: | zone1 - | zone2 | zone3 | | P | P | | - - if MaxSkew is 1, incoming pod can only be - scheduled to zone3 to become 1/1/1; scheduling - it onto zone1(zone2) would make the ActualSkew(2-0) - on zone1(zone2) violate MaxSkew(1). - if MaxSkew - is 2, incoming pod can be scheduled onto any - zone. When `whenUnsatisfiable=ScheduleAnyway`, + the same labelSelector spread as 2/2/1: In this + case, the global minimum is 1. | zone1 | zone2 + | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to + zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It''s a required field. Default value is 1 and 0 is not allowed.' format: int32 type: integer + minDomains: + description: "MinDomains indicates a minimum number + of eligible domains. When the number of eligible + domains with matching topology keys is less + than minDomains, Pod Topology Spread treats + \"global minimum\" as 0, and then the calculation + of Skew is performed. And when the number of + eligible domains with matching topology keys + equals or greater than minDomains, this value + has no effect on scheduling. As a result, when + the number of eligible domains is less than + minDomains, scheduler won't schedule more than + maxSkew Pods to those domains. If value is nil, + the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than + 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a + 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector + spread as 2/2/2: | zone1 | zone2 | zone3 | | + \ P P | P P | P P | The number of domains + is less than 5(MinDomains), so \"global minimum\" + is treated as 0. In this situation, new pod + with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new + Pod is scheduled to any of the three zones, + it will violate MaxSkew. \n This is an alpha + field and requires enabling MinDomainsInPodTopologySpread + feature gate." + format: int32 + type: integer topologyKey: description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into - each bucket. It's a required field. + each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible + domain as a domain whose nodes match the node + selector. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, + if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. It's + a required field. type: string whenUnsatisfiable: description: 'WhenUnsatisfiable indicates how @@ -5078,7 +5933,7 @@ spec: topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible - node assigment for that pod would violate "MaxSkew" + node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 @@ -5109,77 +5964,78 @@ spec: pod. properties: awsElasticBlockStore: - description: 'AWSElasticBlockStore represents + description: 'awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + description: 'fsType is the filesystem type + of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume - that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the - property empty).' + description: 'partition is the partition in + the volume that you want to mount. If omitted, + the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can + leave the property empty).' format: int32 type: integer readOnly: - description: 'Specify "true" to force and - set the ReadOnly property in VolumeMounts - to "true". If omitted, the default is "false". - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'readOnly value true will force + the readOnly setting in VolumeMounts. More + info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'Unique ID of the persistent - disk resource in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'volumeID is unique ID of the + persistent disk resource in AWS (Amazon + EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: AzureDisk represents an Azure Data + description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. properties: cachingMode: - description: 'Host Caching mode: None, Read - Only, Read Write.' + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' type: string diskName: - description: The Name of the data disk in - the blob storage + description: diskName is the Name of the data + disk in the blob storage type: string diskURI: - description: The URI the data disk in the - blob storage + description: diskURI is the URI of data disk + in the blob storage type: string fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is Filesystem type to + mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string kind: - description: 'Expected values Shared: multiple - blob disks per storage account Dedicated: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' type: string readOnly: - description: Defaults to false (read/write). + description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean @@ -5188,56 +6044,59 @@ spec: - diskURI type: object azureFile: - description: AzureFile represents an Azure File + description: azureFile represents an Azure File Service mount on the host and bind mount to the pod. properties: readOnly: - description: Defaults to false (read/write). + description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: the name of secret that contains - Azure Storage Account Name and Key + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key type: string shareName: - description: Share Name + description: shareName is the azure share + Name type: string required: - secretName - shareName type: object cephfs: - description: CephFS represents a Ceph FS mount + description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: monitors: - description: 'Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'monitors is Required: Monitors + is a collection of Ceph monitors More info: + https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'Optional: Used as the mounted - root, rather than the full Ceph tree, default - is /' + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' type: string readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'readOnly is Optional: Defaults + to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretFile is Optional: SecretFile + is the path to key ring for User, default + is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'Optional: SecretRef is reference - to the authentication secret for User, default - is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretRef is Optional: SecretRef + is reference to the authentication secret + for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: description: 'Name of the referent. More @@ -5247,34 +6106,35 @@ spec: type: string type: object user: - description: 'Optional: User is the rados - user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'user is optional: User is the + rados user name, default is admin More info: + https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'Cinder represents a cinder volume + description: 'cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'Optional: points to a secret - object containing parameters used to connect - to OpenStack.' + description: 'secretRef is optional: points + to a secret object containing parameters + used to connect to OpenStack.' properties: name: description: 'Name of the referent. More @@ -5284,32 +6144,33 @@ spec: type: string type: object volumeID: - description: 'volume id used to identify the + description: 'volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: ConfigMap represents a configMap + description: configMap represents a configMap that should populate this volume properties: defaultMode: - description: 'Optional: mode bits used to - set permissions on created files by default. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the - path are not affected by this setting. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits set.' + description: 'defaultMode is optional: mode + bits used to set permissions on created + files by default. Must be an octal value + between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. + Directories within the path are not affected + by this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value + description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content @@ -5326,27 +6187,27 @@ spec: within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used - to set permissions on this file. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' + description: 'mode is Optional: mode + bits used to set permissions on this + file. Must be an octal value between + 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. If not + specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the + file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain + description: path is the relative path + of the file to map the key to. May + not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string @@ -5362,30 +6223,30 @@ spec: kind, uid?' type: string optional: - description: Specify whether the ConfigMap - or its keys must be defined + description: optional specify whether the + ConfigMap or its keys must be defined type: boolean type: object csi: - description: CSI (Container Storage Interface) + description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). properties: driver: - description: Driver is the name of the CSI + description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. type: string fsType: - description: Filesystem type to mount. Ex. - "ext4", "xfs", "ntfs". If not provided, - the empty value is passed to the associated - CSI driver which will determine the default - filesystem to apply. + description: fsType to mount. Ex. "ext4", + "xfs", "ntfs". If not provided, the empty + value is passed to the associated CSI driver + which will determine the default filesystem + to apply. type: string nodePublishSecretRef: - description: NodePublishSecretRef is a reference + description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume @@ -5402,13 +6263,14 @@ spec: type: string type: object readOnly: - description: Specifies a read-only configuration - for the volume. Defaults to false (read/write). + description: readOnly specifies a read-only + configuration for the volume. Defaults to + false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: VolumeAttributes stores driver-specific + description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. @@ -5417,7 +6279,7 @@ spec: - driver type: object downwardAPI: - description: DownwardAPI represents downward API + description: downwardAPI represents downward API about the pod that should populate this volume properties: defaultMode: @@ -5518,62 +6380,59 @@ spec: type: array type: object emptyDir: - description: 'EmptyDir represents a temporary + description: 'emptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'What type of storage medium - should back this directory. The default - is "" which means to use the node''s default - medium. Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'medium represents what type + of storage medium should back this directory. + The default is "" which means to use the + node''s default medium. Must be an empty + string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'Total amount of local storage - required for this EmptyDir volume. The size - limit is also applicable for memory medium. - The maximum usage on memory medium EmptyDir - would be the minimum value between the SizeLimit - specified here and the sum of memory limits - of all containers in a pod. The default - is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'sizeLimit is the total amount + of local storage required for this EmptyDir + volume. The size limit is also applicable + for memory medium. The maximum usage on + memory medium EmptyDir would be the minimum + value between the SizeLimit specified here + and the sum of memory limits of all containers + in a pod. The default is nil which means + that the limit is undefined. More info: + http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "Ephemeral represents a volume that - is handled by a cluster storage driver (Alpha - feature). The volume's lifecycle is tied to - the pod that defines it - it will be created - before the pod starts, and deleted when the - pod is removed. \n Use this if: a) the volume - is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot - or capacity tracking are needed, c) the storage - driver is specified through a storage class, - and d) the storage driver supports dynamic volume - provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information - on the connection between this volume type and - PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes - that persist for longer than the lifecycle of - an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver is - meant to be used that way - see the documentation - of the driver for more information. \n A pod - can use both types of ephemeral volumes and - persistent volumes at the same time." + description: "ephemeral represents a volume that + is handled by a cluster storage driver. The + volume's lifecycle is tied to the pod that defines + it - it will be created before the pod starts, + and deleted when the pod is removed. \n Use + this if: a) the volume is only needed while + the pod runs, b) features of normal volumes + like restoring from snapshot or capacity tracking + are needed, c) the storage driver is specified + through a storage class, and d) the storage + driver supports dynamic volume provisioning + through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between + this volume type and PersistentVolumeClaim). + \n Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than + the lifecycle of an individual pod. \n Use CSI + for light-weight local ephemeral volumes if + the CSI driver is meant to be used that way + - see the documentation of the driver for more + information. \n A pod can use both types of + ephemeral volumes and persistent volumes at + the same time." properties: - readOnly: - description: Specifies a read-only configuration - for the volume. Defaults to false (read/write). - type: boolean volumeClaimTemplate: description: "Will be used to create a stand-alone PVC to provision the volume. The pod in @@ -5633,34 +6492,82 @@ spec: are also valid here. properties: accessModes: - description: 'AccessModes contains + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used - to specify either: * An existing - VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - - Beta) * An existing PVC (PersistentVolumeClaim) - * An existing custom resource/object - that implements data population - (Alpha) In order to use VolumeSnapshot - object types, the appropriate feature - gate must be enabled (VolumeSnapshotDataSource - or AnyVolumeDataSource) If the provisioner - or an external controller can support - the specified data source, it will - create a new volume based on the - contents of the specified data source. - If the specified data source is - not supported, the volume will not - be created and the failure will - be reported as an event. In the - future, we plan to support more - data source types and the behavior - of the provisioner may change.' + description: 'dataSource field can + be used to specify either: * An + existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external + controller can support the specified + data source, it will create a new + volume based on the contents of + the specified data source. If the + AnyVolumeDataSource feature gate + is enabled, this field will always + have the same contents as the DataSourceRef + field.' + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any + other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'dataSourceRef specifies + the object from which to populate + the volume with data, if a non-empty + volume is desired. This may be any + local object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, + volume binding will only succeed + if the type of the specified object + matches some installed volume populator + or dynamic provisioner. This field + will replace the functionality of + the DataSource field and as such + if both fields are non-empty, they + must have the same value. For backwards + compatibility, both fields (DataSource + and DataSourceRef) will be set to + the same value automatically if + one of them is empty and the other + is non-empty. There are two important + differences between DataSource and + DataSourceRef: * While DataSource + only allows two specific types of + objects, DataSourceRef allows + any non-core object, as well as + PersistentVolumeClaim objects. * + While DataSource ignores disallowed + values (dropping them), DataSourceRef preserves + all values, and generates an error + if a disallowed value is specified. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -5684,9 +6591,15 @@ spec: - name type: object resources: - description: 'Resources represents + description: 'resources represents the minimum resources the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed + to specify resource requirements + that are lower than previous value + but must still be higher than capacity + recorded in the status field of + the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -5698,7 +6611,7 @@ spec: description: 'Limits describes the maximum amount of compute resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5714,12 +6627,12 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: A label query over volumes - to consider for binding. + description: selector is a label query + over volumes to consider for binding. properties: matchExpressions: description: matchExpressions @@ -5779,9 +6692,9 @@ spec: type: object type: object storageClassName: - description: 'Name of the StorageClass - required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is + the name of the StorageClass required + by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what @@ -5790,7 +6703,7 @@ spec: when not included in claim spec. type: string volumeName: - description: VolumeName is the binding + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string @@ -5800,77 +6713,79 @@ spec: type: object type: object fc: - description: FC represents a Fibre Channel resource + description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. properties: fsType: - description: 'Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem - from compromising the machine' + description: 'fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. TODO: how do we prevent + errors in the filesystem from compromising + the machine' type: string lun: - description: 'Optional: FC target lun number' + description: 'lun is Optional: FC target lun + number' format: int32 type: integer readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts.' + description: 'readOnly is Optional: Defaults + to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'Optional: FC target worldwide - names (WWNs)' + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' items: type: string type: array wwids: - description: 'Optional: FC volume world wide - identifiers (wwids) Either wwids or combination - of targetWWNs and lun must be set, but not - both simultaneously.' + description: 'wwids Optional: FC volume world + wide identifiers (wwids) Either wwids or + combination of targetWWNs and lun must be + set, but not both simultaneously.' items: type: string type: array type: object flexVolume: - description: FlexVolume represents a generic volume + description: flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. properties: driver: - description: Driver is the name of the driver + description: driver is the name of the driver to use for this volume. type: string fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends on FlexVolume - script. + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends + on FlexVolume script. type: string options: additionalProperties: type: string - description: 'Optional: Extra command options - if any.' + description: 'options is Optional: this field + holds extra command options if any.' type: object readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts.' + description: 'readOnly is Optional: defaults + to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'Optional: SecretRef is reference - to the secret object containing sensitive - information to pass to the plugin scripts. - This may be empty if no secret object is - specified. If the secret object contains - more than one secret, all secrets are passed - to the plugin scripts.' + description: 'secretRef is Optional: secretRef + is reference to the secret object containing + sensitive information to pass to the plugin + scripts. This may be empty if no secret + object is specified. If the secret object + contains more than one secret, all secrets + are passed to the plugin scripts.' properties: name: description: 'Name of the referent. More @@ -5883,53 +6798,55 @@ spec: - driver type: object flocker: - description: Flocker represents a Flocker volume + description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running properties: datasetName: - description: Name of the dataset stored as - metadata -> name on the dataset for Flocker - should be considered as deprecated + description: datasetName is Name of the dataset + stored as metadata -> name on the dataset + for Flocker should be considered as deprecated type: string datasetUUID: - description: UUID of the dataset. This is - unique identifier of a Flocker dataset + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset type: string type: object gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE + description: 'gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + description: 'fsType is filesystem type of + the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume - that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the - property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'partition is the partition in + the volume that you want to mount. If omitted, + the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can + leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'Unique name of the PD resource - in GCE. Used to identify the disk in GCE. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'pdName is unique name of the + PD resource in GCE. Used to identify the + disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean @@ -5937,7 +6854,7 @@ spec: - pdName type: object gitRepo: - description: 'GitRepo represents a git repository + description: 'gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer @@ -5945,39 +6862,39 @@ spec: EmptyDir into the Pod''s container.' properties: directory: - description: Target directory name. Must not - contain or start with '..'. If '.' is supplied, - the volume directory will be the git repository. Otherwise, - if specified, the volume will contain the - git repository in the subdirectory with - the given name. + description: directory is the target directory + name. Must not contain or start with '..'. If + '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, + the volume will contain the git repository + in the subdirectory with the given name. type: string repository: - description: Repository URL + description: repository is the URL type: string revision: - description: Commit hash for the specified - revision. + description: revision is the commit hash for + the specified revision. type: string required: - repository type: object glusterfs: - description: 'Glusterfs represents a Glusterfs + description: 'glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'EndpointsName is the endpoint - name that details Glusterfs topology. More - info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'endpoints is the endpoint name + that details Glusterfs topology. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'Path is the Glusterfs volume + description: 'path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' @@ -5987,7 +6904,7 @@ spec: - path type: object hostPath: - description: 'HostPath represents a pre-existing + description: 'hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things @@ -5998,76 +6915,79 @@ spec: mount host directories as read/write.' properties: path: - description: 'Path of the directory on the + description: 'path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'Type for HostPath Volume Defaults + description: 'type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'ISCSI represents an ISCSI Disk resource + description: 'iscsi represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: whether support iSCSI Discovery - CHAP authentication + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: whether support iSCSI Session - CHAP authentication + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication type: boolean fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + description: 'fsType is the filesystem type + of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' type: string initiatorName: - description: Custom iSCSI Initiator Name. - If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for - the connection. + description: initiatorName is the custom iSCSI + Initiator Name. If initiatorName is specified + with iscsiInterface simultaneously, new + iSCSI interface : will be created for the connection. type: string iqn: - description: Target iSCSI Qualified Name. + description: iqn is the target iSCSI Qualified + Name. type: string iscsiInterface: - description: iSCSI Interface Name that uses - an iSCSI transport. Defaults to 'default' - (tcp). + description: iscsiInterface is the interface + Name that uses an iSCSI transport. Defaults + to 'default' (tcp). type: string lun: - description: iSCSI Target Lun number. + description: lun represents iSCSI Target Lun + number. format: int32 type: integer portals: - description: iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if - the port is other than default (typically + description: portals is the iSCSI Target Portal + List. The portal is either an IP or ip_addr:port + if the port is other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: ReadOnly here will force the + description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: CHAP Secret for iSCSI target - and initiator authentication + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication properties: name: description: 'Name of the referent. More @@ -6077,10 +6997,10 @@ spec: type: string type: object targetPortal: - description: iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port - is other than default (typically TCP ports - 860 and 3260). + description: targetPortal is iSCSI Target + Portal. The Portal is either an IP or ip_addr:port + if the port is other than default (typically + TCP ports 860 and 3260). type: string required: - iqn @@ -6088,26 +7008,26 @@ spec: - targetPortal type: object name: - description: 'Volume''s name. Must be a DNS_LABEL + description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'NFS represents an NFS mount on the + description: 'nfs represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'Path that is exported by the + description: 'path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'Server is the hostname or IP + description: 'server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: @@ -6115,99 +7035,101 @@ spec: - server type: object persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource + description: 'persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim + description: 'claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: Will force the ReadOnly setting - in VolumeMounts. Default false. + description: readOnly Will force the ReadOnly + setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: PhotonPersistentDisk represents a + description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string pdID: - description: ID that identifies Photon Controller - persistent disk + description: pdID is the ID that identifies + Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: PortworxVolume represents a portworx + description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine properties: fsType: - description: FSType represents the filesystem + description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). + description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: VolumeID uniquely identifies + description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: Items for all in one resources secrets, - configmaps, and downward API + description: projected items for all in one resources + secrets, configmaps, and downward API properties: defaultMode: - description: Mode bits used to set permissions - on created files by default. Must be an - octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both - octal and decimal values, JSON requires - decimal values for mode bits. Directories - within the path are not affected by this - setting. This might be in conflict with - other options that affect the file mode, - like fsGroup, and the result can be other - mode bits set. + description: defaultMode are the mode bits + used to set permissions on created files + by default. Must be an octal value between + 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. Directories within the path are + not affected by this setting. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set. format: int32 type: integer sources: - description: list of volume projections + description: sources is the list of volume + projections items: description: Projection that may be projected along with other supported volume types properties: configMap: - description: information about the configMap - data to project + description: configMap information about + the configMap data to project properties: items: - description: If unspecified, each - key-value pair in the Data field - of the referenced ConfigMap will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, + description: items if unspecified, + each key-value pair in the Data + field of the referenced ConfigMap + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. @@ -6222,11 +7144,12 @@ spec: to a path within a volume. properties: key: - description: The key to project. + description: key is the key + to project. type: string mode: - description: 'Optional: mode - bits used to set permissions + description: 'mode is Optional: + mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value @@ -6244,7 +7167,7 @@ spec: format: int32 type: integer path: - description: The relative + description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain @@ -6264,14 +7187,14 @@ spec: apiVersion, kind, uid?' type: string optional: - description: Specify whether the - ConfigMap or its keys must be - defined + description: optional specify whether + the ConfigMap or its keys must + be defined type: boolean type: object downwardAPI: - description: information about the downwardAPI - data to project + description: downwardAPI information + about the downwardAPI data to project properties: items: description: Items is a list of @@ -6368,16 +7291,16 @@ spec: type: array type: object secret: - description: information about the secret - data to project + description: secret information about + the secret data to project properties: items: - description: If unspecified, each - key-value pair in the Data field - of the referenced Secret will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, + description: items if unspecified, + each key-value pair in the Data + field of the referenced Secret + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. @@ -6392,11 +7315,12 @@ spec: to a path within a volume. properties: key: - description: The key to project. + description: key is the key + to project. type: string mode: - description: 'Optional: mode - bits used to set permissions + description: 'mode is Optional: + mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value @@ -6414,7 +7338,7 @@ spec: format: int32 type: integer path: - description: The relative + description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain @@ -6434,16 +7358,18 @@ spec: apiVersion, kind, uid?' type: string optional: - description: Specify whether the - Secret or its key must be defined + description: optional field specify + whether the Secret or its key + must be defined type: boolean type: object serviceAccountToken: - description: information about the serviceAccountToken + description: serviceAccountToken is + information about the serviceAccountToken data to project properties: audience: - description: Audience is the intended + description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in @@ -6453,7 +7379,7 @@ spec: of the apiserver. type: string expirationSeconds: - description: ExpirationSeconds is + description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, @@ -6469,7 +7395,7 @@ spec: format: int64 type: integer path: - description: Path is the path relative + description: path is the path relative to the mount point of the file to project the token into. type: string @@ -6478,41 +7404,39 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: - description: Quobyte represents a Quobyte mount + description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: - description: Group to map volume access to + description: group to map volume access to Default is no group type: string readOnly: - description: ReadOnly here will force the + description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. type: boolean registry: - description: Registry represents a single + description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes type: string tenant: - description: Tenant owning the given Quobyte + description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin type: string user: - description: User to map volume access to + description: user to map volume access to Defaults to serivceaccount user type: string volume: - description: Volume is a string that references + description: volume is a string that references an already created Quobyte volume by name. type: string required: @@ -6520,46 +7444,47 @@ spec: - volume type: object rbd: - description: 'RBD represents a Rados Block Device + description: 'rbd represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + description: 'fsType is the filesystem type + of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' type: string image: - description: 'The rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'Keyring is the path to key ring + description: 'keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'A collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'monitors is a collection of + Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'The rados pool name. Default - is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'pool is the rados pool name. + Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'SecretRef is name of the authentication + description: 'secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: @@ -6571,38 +7496,39 @@ spec: type: string type: object user: - description: 'The rados user name. Default - is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'user is the rados user name. + Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: ScaleIO represents a ScaleIO persistent + description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". type: string gateway: - description: The host address of the ScaleIO - API Gateway. + description: gateway is the host address of + the ScaleIO API Gateway. type: string protectionDomain: - description: The name of the ScaleIO Protection - Domain for the configured storage. + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. type: string readOnly: - description: Defaults to false (read/write). + description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef references to the secret + description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. @@ -6615,26 +7541,27 @@ spec: type: string type: object sslEnabled: - description: Flag to enable/disable SSL communication - with Gateway, default false + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false type: boolean storageMode: - description: Indicates whether the storage - for a volume should be ThickProvisioned + description: storageMode indicates whether + the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: The ScaleIO Storage Pool associated - with the protection domain. + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. type: string system: - description: The name of the storage system - as configured in ScaleIO. + description: system is the name of the storage + system as configured in ScaleIO. type: string volumeName: - description: The name of a volume already - created in the ScaleIO system that is associated - with this volume source. + description: volumeName is the name of a volume + already created in the ScaleIO system that + is associated with this volume source. type: string required: - gateway @@ -6642,25 +7569,26 @@ spec: - system type: object secret: - description: 'Secret represents a secret that + description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'Optional: mode bits used to - set permissions on created files by default. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the - path are not affected by this setting. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits set.' + description: 'defaultMode is Optional: mode + bits used to set permissions on created + files by default. Must be an octal value + between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. + Directories within the path are not affected + by this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value + description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content @@ -6677,27 +7605,27 @@ spec: within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used - to set permissions on this file. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' + description: 'mode is Optional: mode + bits used to set permissions on this + file. Must be an octal value between + 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. If not + specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the + file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain + description: path is the relative path + of the file to map the key to. May + not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string @@ -6707,31 +7635,33 @@ spec: type: object type: array optional: - description: Specify whether the Secret or - its keys must be defined + description: optional field specify whether + the Secret or its keys must be defined type: boolean secretName: - description: 'Name of the secret in the pod''s - namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'secretName is the name of the + secret in the pod''s namespace to use. More + info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: StorageOS represents a StorageOS + description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). + description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef specifies the secret + description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. properties: @@ -6743,12 +7673,12 @@ spec: type: string type: object volumeName: - description: VolumeName is the human-readable + description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. type: string volumeNamespace: - description: VolumeNamespace specifies the + description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the @@ -6761,27 +7691,29 @@ spec: type: string type: object vsphereVolume: - description: VsphereVolume represents a vSphere + description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is filesystem type to + mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string storagePolicyID: - description: Storage Policy Based Management - (SPBM) profile ID associated with the StoragePolicyName. + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. type: string storagePolicyName: - description: Storage Policy Based Management - (SPBM) profile name. + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. type: string volumePath: - description: Path that identifies vSphere - volume vmdk + description: volumePath is the path that identifies + vSphere volume vmdk type: string required: - volumePath @@ -6795,10 +7727,10 @@ spec: type: object type: object type: object - description: 'MXReplicaSpecs is map of common.ReplicaType and common.ReplicaSpec + description: 'MXReplicaSpecs is map of commonv1.ReplicaType and commonv1.ReplicaSpec specifies the MX replicas to run. For example, { "Scheduler": - common.ReplicaSpec, "Server": common.ReplicaSpec, "Worker": - common.ReplicaSpec, }' + commonv1.ReplicaSpec, "Server": commonv1.ReplicaSpec, "Worker": + commonv1.ReplicaSpec, }' type: object runPolicy: description: RunPolicy encapsulates various runtime policies of the diff --git a/apps/training-operator/upstream/base/crds/kubeflow.org_pytorchjobs.yaml b/apps/training-operator/upstream/base/crds/kubeflow.org_pytorchjobs.yaml index daedf9b93b..61578ac5af 100644 --- a/apps/training-operator/upstream/base/crds/kubeflow.org_pytorchjobs.yaml +++ b/apps/training-operator/upstream/base/crds/kubeflow.org_pytorchjobs.yaml @@ -69,6 +69,65 @@ spec: metric (only `type` and one other matching field should be set at once). properties: + containerResource: + description: container resource refers to a resource metric + (such as those specified in requests and limits) known + to Kubernetes describing a single container in each pod + of the current scale target (e.g. CPU or memory). Such + metrics are built in to Kubernetes, and have special scaling + options on top of those available to normal per-pod metrics + using the "pods" source. This is an alpha feature and + can be enabled by the HPAContainerMetrics feature flag. + properties: + container: + description: container is the name of the container + in the pods of the scaling target + type: string + name: + description: name is the name of the resource in question. + type: string + target: + description: target specifies the target value for the + given metric + properties: + averageUtilization: + description: averageUtilization is the target value + of the average of the resource metric across all + relevant pods, represented as a percentage of + the requested value of the resource for the pods. + Currently only valid for Resource metric source + type + format: int32 + type: integer + averageValue: + anyOf: + - type: integer + - type: string + description: averageValue is the target value of + the average of the metric across all relevant + pods (as a quantity) + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: + description: type represents whether the metric + type is Utilization, Value, or AverageValue + type: string + value: + anyOf: + - type: integer + - type: string + description: value is the target value of the metric + (as a quantity). + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + required: + - type + type: object + required: + - container + - name + - target + type: object external: description: external refers to a global metric that is not associated with any Kubernetes object. It allows autoscaling @@ -476,9 +535,11 @@ spec: - target type: object type: - description: type is the type of metric source. It should - be one of "Object", "Pods" or "Resource", each mapping - to a matching field in the object. + description: 'type is the type of metric source. It should + be one of "ContainerResource", "External", "Object", "Pods" + or "Resource", each mapping to a matching field in the + object. Note: "ContainerResource" type is available on + when the feature-gate HPAContainerMetrics is enabled' type: string required: - type @@ -898,12 +959,85 @@ spec: are ANDed. type: object type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object namespaces: description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); null - or empty list means "this pod's - namespace" + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -1013,11 +1147,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies - to (matches against); null or empty - list means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -1129,12 +1330,85 @@ spec: are ANDed. type: object type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object namespaces: description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); null - or empty list means "this pod's - namespace" + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -1244,11 +1518,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies - to (matches against); null or empty - list means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -1285,12 +1626,14 @@ spec: properties: args: description: 'Arguments to the entrypoint. The - docker image''s CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). + container image''s CMD is used if this is not + provided. Variable references $(VAR_NAME) are + expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for + escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' @@ -1299,16 +1642,17 @@ spec: type: array command: description: 'Entrypoint array. Not executed within - a shell. The docker image''s ENTRYPOINT is used - if this is not provided. Variable references + a shell. The container image''s ENTRYPOINT is + used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array @@ -1325,13 +1669,15 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) - are expanded using the previous defined + are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can - be escaped with a double $$, ie: $$(VAR_NAME). + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' @@ -1485,7 +1831,8 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments @@ -1511,9 +1858,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -1584,10 +1930,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -1614,21 +1962,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -1699,10 +2045,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -1729,9 +2077,8 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -1756,6 +2103,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1824,10 +2191,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -1845,6 +2210,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -1916,9 +2303,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -1943,6 +2329,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2011,10 +2417,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2032,6 +2436,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -2041,7 +2467,7 @@ spec: type: object resources: description: 'Compute Resources required by this - container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: limits: additionalProperties: @@ -2052,7 +2478,7 @@ spec: x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2066,12 +2492,14 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + description: 'SecurityContext defines the security + options the container should be run with. If + set, the fields of SecurityContext override + the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: @@ -2081,13 +2509,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -2108,7 +2539,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -2117,10 +2549,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -2128,7 +2564,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -2150,7 +2587,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -2160,7 +2598,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -2183,7 +2623,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -2214,7 +2656,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -2228,6 +2672,22 @@ spec: the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if + a container should be run as a 'Host + Process' container. This field is alpha-level + and will only be honored by components + that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed + to have a mix of HostProcess containers + and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container @@ -2250,14 +2710,11 @@ spec: parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. - This cannot be updated. This is a beta feature - enabled by the StartupProbe feature flag. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -2282,6 +2739,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2350,10 +2827,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2371,6 +2846,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -2568,33 +3065,35 @@ spec: and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - This field is alpha-level and is only honored by servers - that enable the EphemeralContainers feature. + This field is beta-level and available on clusters + that haven't disabled the EphemeralContainers feature + gate. items: - description: An EphemeralContainer is a container - that may be added temporarily to an existing pod - for user-initiated activities such as debugging. - Ephemeral containers have no resource or scheduling - guarantees, and they will not be restarted when - they exit or when a pod is removed or restarted. - If an ephemeral container causes a pod to exceed - its resource allocation, the pod may be evicted. - Ephemeral containers may not be added by directly - updating the pod spec. They must be added via the - pod's ephemeralcontainers subresource, and they - will appear in the pod spec once added. This is - an alpha feature enabled by the EphemeralContainers - feature flag. + description: "An EphemeralContainer is a temporary + container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral + containers have no resource or scheduling guarantees, + and they will not be restarted when they exit or + when a Pod is removed or restarted. The kubelet + may evict a Pod if an ephemeral container causes + the Pod to exceed its resource allocation. \n To + add an ephemeral container, use the ephemeralcontainers + subresource of an existing Pod. Ephemeral containers + may not be removed or restarted. \n This is a beta + feature available on clusters that haven't disabled + the EphemeralContainers feature gate." properties: args: description: 'Arguments to the entrypoint. The - docker image''s CMD is used if this is not provided. + image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, regardless + string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: @@ -2602,16 +3101,17 @@ spec: type: array command: description: 'Entrypoint array. Not executed within - a shell. The docker image''s ENTRYPOINT is used - if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, - the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + a shell. The image''s ENTRYPOINT is used if + this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for + escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array @@ -2628,13 +3128,15 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) - are expanded using the previous defined + are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can - be escaped with a double $$, ie: $$(VAR_NAME). + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' @@ -2788,7 +3290,8 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images' + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images' type: string imagePullPolicy: description: 'Image pull policy. One of Always, @@ -2809,9 +3312,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -2882,10 +3384,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -2912,21 +3416,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -2997,10 +3499,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -3026,9 +3530,8 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -3053,6 +3556,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3121,10 +3644,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3142,6 +3663,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -3196,14 +3739,17 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -3228,6 +3774,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3296,10 +3862,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3317,6 +3881,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -3338,7 +3924,7 @@ spec: x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -3352,12 +3938,14 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: SecurityContext is not allowed for - ephemeral containers. + description: 'Optional: SecurityContext defines + the security options the ephemeral container + should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext.' properties: allowPrivilegeEscalation: description: 'AllowPrivilegeEscalation controls @@ -3366,13 +3954,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -3393,7 +3984,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -3402,10 +3994,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -3413,7 +4009,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -3435,7 +4032,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -3445,7 +4043,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -3468,7 +4068,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -3499,7 +4101,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -3513,6 +4117,22 @@ spec: the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if + a container should be run as a 'Host + Process' container. This field is alpha-level + and will only be honored by components + that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed + to have a mix of HostProcess containers + and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container @@ -3530,9 +4150,8 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -3557,6 +4176,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3625,10 +4264,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3646,6 +4283,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -3676,13 +4335,15 @@ spec: EOF. Default is false type: boolean targetContainerName: - description: If set, the name of the container + description: "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set - then the ephemeral container is run in whatever - namespaces are shared for the pod. Note that - the container runtime must support this feature. + then the ephemeral container uses the namespaces + configured in the Pod spec. \n The container + runtime must implement support for this feature. + If the runtime does not support namespace targeting + then the result of setting this field is undefined." type: string terminationMessagePath: description: 'Optional: Path at which the file @@ -3735,7 +4396,8 @@ spec: type: array volumeMounts: description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + filesystem. Subpath mounts are not allowed for + ephemeral containers. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -3834,9 +4496,8 @@ spec: references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual - puller implementations for them to use. For example, - in the case of docker, only DockerConfig type secrets - are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + puller implementations for them to use. More info: + https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: description: LocalObjectReference contains enough information to let you locate the referenced object @@ -3873,12 +4534,14 @@ spec: properties: args: description: 'Arguments to the entrypoint. The - docker image''s CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). + container image''s CMD is used if this is not + provided. Variable references $(VAR_NAME) are + expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for + escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' @@ -3887,16 +4550,17 @@ spec: type: array command: description: 'Entrypoint array. Not executed within - a shell. The docker image''s ENTRYPOINT is used - if this is not provided. Variable references + a shell. The container image''s ENTRYPOINT is + used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array @@ -3913,13 +4577,15 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) - are expanded using the previous defined + are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can - be escaped with a double $$, ie: $$(VAR_NAME). + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' @@ -4073,7 +4739,8 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments @@ -4099,9 +4766,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -4172,10 +4838,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -4202,21 +4870,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -4287,10 +4953,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -4317,9 +4985,8 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -4344,6 +5011,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4412,10 +5099,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4433,6 +5118,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -4504,9 +5211,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -4531,6 +5237,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4599,10 +5325,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4620,6 +5344,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -4629,7 +5375,7 @@ spec: type: object resources: description: 'Compute Resources required by this - container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: limits: additionalProperties: @@ -4640,7 +5386,7 @@ spec: x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -4654,12 +5400,14 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + description: 'SecurityContext defines the security + options the container should be run with. If + set, the fields of SecurityContext override + the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: @@ -4669,13 +5417,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -4696,7 +5447,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -4705,10 +5457,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -4716,7 +5472,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -4738,7 +5495,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -4748,7 +5506,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -4771,7 +5531,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -4802,7 +5564,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -4816,6 +5580,22 @@ spec: the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if + a container should be run as a 'Host + Process' container. This field is alpha-level + and will only be honored by components + that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed + to have a mix of HostProcess containers + and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container @@ -4838,14 +5618,11 @@ spec: parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. - This cannot be updated. This is a beta feature - enabled by the StartupProbe feature flag. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -4870,6 +5647,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4938,10 +5735,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4959,6 +5754,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -5108,6 +5925,40 @@ spec: must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object + x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in + the pod. Some pod and container fields are restricted + if this is set. \n If the OS field is set to linux, + the following fields must be unset: -securityContext.windowsOptions + \n If the OS field is set to windows, following fields + must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions + - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities + - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - + spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup This + is a beta field and requires the IdentifyPodOS feature" + properties: + name: + description: 'Name is the name of the operating + system. The currently supported values are linux + and windows. Additional value may be defined in + future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values + and treat unrecognized values in this field as + os: null' + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -5126,17 +5977,12 @@ spec: and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. - More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md - This field is alpha-level as of Kubernetes v1.16, - and is only honored by servers that enable the PodOverhead - feature.' + More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' type: object preemptionPolicy: description: PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. - Defaults to PreemptLowerPriority if unset. This field - is beta-level, gated by the NonPreemptingPriority - feature-gate. + Defaults to PreemptLowerPriority if unset. type: string priority: description: The priority value. Various system components @@ -5161,7 +6007,7 @@ spec: be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" - More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' items: description: PodReadinessGate contains the reference to a pod condition @@ -5187,8 +6033,7 @@ spec: or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: - https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is a beta feature as of Kubernetes v1.14.' + https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' type: string schedulerName: description: If specified, the pod will be dispatched @@ -5210,7 +6055,9 @@ spec: is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not - modify the ownership and permissions of any volume." + modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name + is windows." format: int64 type: integer fsGroupChangePolicy: @@ -5221,7 +6068,9 @@ spec: based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' + and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name + is windows.' type: string runAsGroup: description: The GID to run the entrypoint of the @@ -5229,7 +6078,8 @@ spec: May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -5250,6 +6100,8 @@ spec: set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: @@ -5259,7 +6111,8 @@ spec: for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot + be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that @@ -5280,7 +6133,8 @@ spec: type: object seccompProfile: description: The seccomp options to use by the containers - in this pod. + in this pod. Note that this field cannot be set + when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -5306,7 +6160,9 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, - no groups will be added to any container. + no groups will be added to any container. Note + that this field cannot be set when spec.os.name + is windows. items: format: int64 type: integer @@ -5315,6 +6171,8 @@ spec: description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name + is windows. items: description: Sysctl defines a kernel parameter to be set @@ -5336,6 +6194,8 @@ spec: within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -5347,6 +6207,20 @@ spec: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be + honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. Defaults @@ -5398,10 +6272,11 @@ spec: description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value - zero indicates delete immediately. If this value is - nil, the default grace period will be used instead. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination + zero indicates stop immediately via the kill signal + (no opportunity to shut down). If this value is nil, + the default grace period will be used instead. The + grace period is the duration in seconds after the + processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults @@ -5521,28 +6396,69 @@ spec: `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and - the global minimum. For example, in a 3-zone + the global minimum. The global minimum is the + minimum number of matching pods in an eligible + domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with - the same labelSelector spread as 1/1/0: | zone1 - | zone2 | zone3 | | P | P | | - - if MaxSkew is 1, incoming pod can only be - scheduled to zone3 to become 1/1/1; scheduling - it onto zone1(zone2) would make the ActualSkew(2-0) - on zone1(zone2) violate MaxSkew(1). - if MaxSkew - is 2, incoming pod can be scheduled onto any - zone. When `whenUnsatisfiable=ScheduleAnyway`, + the same labelSelector spread as 2/2/1: In this + case, the global minimum is 1. | zone1 | zone2 + | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to + zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It''s a required field. Default value is 1 and 0 is not allowed.' format: int32 type: integer + minDomains: + description: "MinDomains indicates a minimum number + of eligible domains. When the number of eligible + domains with matching topology keys is less + than minDomains, Pod Topology Spread treats + \"global minimum\" as 0, and then the calculation + of Skew is performed. And when the number of + eligible domains with matching topology keys + equals or greater than minDomains, this value + has no effect on scheduling. As a result, when + the number of eligible domains is less than + minDomains, scheduler won't schedule more than + maxSkew Pods to those domains. If value is nil, + the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than + 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a + 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector + spread as 2/2/2: | zone1 | zone2 | zone3 | | + \ P P | P P | P P | The number of domains + is less than 5(MinDomains), so \"global minimum\" + is treated as 0. In this situation, new pod + with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new + Pod is scheduled to any of the three zones, + it will violate MaxSkew. \n This is an alpha + field and requires enabling MinDomainsInPodTopologySpread + feature gate." + format: int32 + type: integer topologyKey: description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into - each bucket. It's a required field. + each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible + domain as a domain whose nodes match the node + selector. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, + if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. It's + a required field. type: string whenUnsatisfiable: description: 'WhenUnsatisfiable indicates how @@ -5554,7 +6470,7 @@ spec: topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible - node assigment for that pod would violate "MaxSkew" + node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 @@ -5585,77 +6501,78 @@ spec: pod. properties: awsElasticBlockStore: - description: 'AWSElasticBlockStore represents + description: 'awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + description: 'fsType is the filesystem type + of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume - that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the - property empty).' + description: 'partition is the partition in + the volume that you want to mount. If omitted, + the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can + leave the property empty).' format: int32 type: integer readOnly: - description: 'Specify "true" to force and - set the ReadOnly property in VolumeMounts - to "true". If omitted, the default is "false". - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'readOnly value true will force + the readOnly setting in VolumeMounts. More + info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'Unique ID of the persistent - disk resource in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'volumeID is unique ID of the + persistent disk resource in AWS (Amazon + EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: AzureDisk represents an Azure Data + description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. properties: cachingMode: - description: 'Host Caching mode: None, Read - Only, Read Write.' + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' type: string diskName: - description: The Name of the data disk in - the blob storage + description: diskName is the Name of the data + disk in the blob storage type: string diskURI: - description: The URI the data disk in the - blob storage + description: diskURI is the URI of data disk + in the blob storage type: string fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is Filesystem type to + mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string kind: - description: 'Expected values Shared: multiple - blob disks per storage account Dedicated: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' type: string readOnly: - description: Defaults to false (read/write). + description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean @@ -5664,56 +6581,59 @@ spec: - diskURI type: object azureFile: - description: AzureFile represents an Azure File + description: azureFile represents an Azure File Service mount on the host and bind mount to the pod. properties: readOnly: - description: Defaults to false (read/write). + description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: the name of secret that contains - Azure Storage Account Name and Key + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key type: string shareName: - description: Share Name + description: shareName is the azure share + Name type: string required: - secretName - shareName type: object cephfs: - description: CephFS represents a Ceph FS mount + description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: monitors: - description: 'Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'monitors is Required: Monitors + is a collection of Ceph monitors More info: + https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'Optional: Used as the mounted - root, rather than the full Ceph tree, default - is /' + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' type: string readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'readOnly is Optional: Defaults + to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretFile is Optional: SecretFile + is the path to key ring for User, default + is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'Optional: SecretRef is reference - to the authentication secret for User, default - is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretRef is Optional: SecretRef + is reference to the authentication secret + for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: description: 'Name of the referent. More @@ -5723,34 +6643,35 @@ spec: type: string type: object user: - description: 'Optional: User is the rados - user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'user is optional: User is the + rados user name, default is admin More info: + https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'Cinder represents a cinder volume + description: 'cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'Optional: points to a secret - object containing parameters used to connect - to OpenStack.' + description: 'secretRef is optional: points + to a secret object containing parameters + used to connect to OpenStack.' properties: name: description: 'Name of the referent. More @@ -5760,32 +6681,33 @@ spec: type: string type: object volumeID: - description: 'volume id used to identify the + description: 'volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: ConfigMap represents a configMap + description: configMap represents a configMap that should populate this volume properties: defaultMode: - description: 'Optional: mode bits used to - set permissions on created files by default. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the - path are not affected by this setting. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits set.' + description: 'defaultMode is optional: mode + bits used to set permissions on created + files by default. Must be an octal value + between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. + Directories within the path are not affected + by this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value + description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content @@ -5802,27 +6724,27 @@ spec: within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used - to set permissions on this file. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' + description: 'mode is Optional: mode + bits used to set permissions on this + file. Must be an octal value between + 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. If not + specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the + file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain + description: path is the relative path + of the file to map the key to. May + not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string @@ -5838,30 +6760,30 @@ spec: kind, uid?' type: string optional: - description: Specify whether the ConfigMap - or its keys must be defined + description: optional specify whether the + ConfigMap or its keys must be defined type: boolean type: object csi: - description: CSI (Container Storage Interface) + description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). properties: driver: - description: Driver is the name of the CSI + description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. type: string fsType: - description: Filesystem type to mount. Ex. - "ext4", "xfs", "ntfs". If not provided, - the empty value is passed to the associated - CSI driver which will determine the default - filesystem to apply. + description: fsType to mount. Ex. "ext4", + "xfs", "ntfs". If not provided, the empty + value is passed to the associated CSI driver + which will determine the default filesystem + to apply. type: string nodePublishSecretRef: - description: NodePublishSecretRef is a reference + description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume @@ -5878,13 +6800,14 @@ spec: type: string type: object readOnly: - description: Specifies a read-only configuration - for the volume. Defaults to false (read/write). + description: readOnly specifies a read-only + configuration for the volume. Defaults to + false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: VolumeAttributes stores driver-specific + description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. @@ -5893,7 +6816,7 @@ spec: - driver type: object downwardAPI: - description: DownwardAPI represents downward API + description: downwardAPI represents downward API about the pod that should populate this volume properties: defaultMode: @@ -5994,62 +6917,59 @@ spec: type: array type: object emptyDir: - description: 'EmptyDir represents a temporary + description: 'emptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'What type of storage medium - should back this directory. The default - is "" which means to use the node''s default - medium. Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'medium represents what type + of storage medium should back this directory. + The default is "" which means to use the + node''s default medium. Must be an empty + string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'Total amount of local storage - required for this EmptyDir volume. The size - limit is also applicable for memory medium. - The maximum usage on memory medium EmptyDir - would be the minimum value between the SizeLimit - specified here and the sum of memory limits - of all containers in a pod. The default - is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'sizeLimit is the total amount + of local storage required for this EmptyDir + volume. The size limit is also applicable + for memory medium. The maximum usage on + memory medium EmptyDir would be the minimum + value between the SizeLimit specified here + and the sum of memory limits of all containers + in a pod. The default is nil which means + that the limit is undefined. More info: + http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "Ephemeral represents a volume that - is handled by a cluster storage driver (Alpha - feature). The volume's lifecycle is tied to - the pod that defines it - it will be created - before the pod starts, and deleted when the - pod is removed. \n Use this if: a) the volume - is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot - or capacity tracking are needed, c) the storage - driver is specified through a storage class, - and d) the storage driver supports dynamic volume - provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information - on the connection between this volume type and - PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes - that persist for longer than the lifecycle of - an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver is - meant to be used that way - see the documentation - of the driver for more information. \n A pod - can use both types of ephemeral volumes and - persistent volumes at the same time." + description: "ephemeral represents a volume that + is handled by a cluster storage driver. The + volume's lifecycle is tied to the pod that defines + it - it will be created before the pod starts, + and deleted when the pod is removed. \n Use + this if: a) the volume is only needed while + the pod runs, b) features of normal volumes + like restoring from snapshot or capacity tracking + are needed, c) the storage driver is specified + through a storage class, and d) the storage + driver supports dynamic volume provisioning + through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between + this volume type and PersistentVolumeClaim). + \n Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than + the lifecycle of an individual pod. \n Use CSI + for light-weight local ephemeral volumes if + the CSI driver is meant to be used that way + - see the documentation of the driver for more + information. \n A pod can use both types of + ephemeral volumes and persistent volumes at + the same time." properties: - readOnly: - description: Specifies a read-only configuration - for the volume. Defaults to false (read/write). - type: boolean volumeClaimTemplate: description: "Will be used to create a stand-alone PVC to provision the volume. The pod in @@ -6109,34 +7029,82 @@ spec: are also valid here. properties: accessModes: - description: 'AccessModes contains + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used - to specify either: * An existing - VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - - Beta) * An existing PVC (PersistentVolumeClaim) - * An existing custom resource/object - that implements data population - (Alpha) In order to use VolumeSnapshot - object types, the appropriate feature - gate must be enabled (VolumeSnapshotDataSource - or AnyVolumeDataSource) If the provisioner - or an external controller can support - the specified data source, it will - create a new volume based on the - contents of the specified data source. - If the specified data source is - not supported, the volume will not - be created and the failure will - be reported as an event. In the - future, we plan to support more - data source types and the behavior - of the provisioner may change.' + description: 'dataSource field can + be used to specify either: * An + existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external + controller can support the specified + data source, it will create a new + volume based on the contents of + the specified data source. If the + AnyVolumeDataSource feature gate + is enabled, this field will always + have the same contents as the DataSourceRef + field.' + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any + other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'dataSourceRef specifies + the object from which to populate + the volume with data, if a non-empty + volume is desired. This may be any + local object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, + volume binding will only succeed + if the type of the specified object + matches some installed volume populator + or dynamic provisioner. This field + will replace the functionality of + the DataSource field and as such + if both fields are non-empty, they + must have the same value. For backwards + compatibility, both fields (DataSource + and DataSourceRef) will be set to + the same value automatically if + one of them is empty and the other + is non-empty. There are two important + differences between DataSource and + DataSourceRef: * While DataSource + only allows two specific types of + objects, DataSourceRef allows + any non-core object, as well as + PersistentVolumeClaim objects. * + While DataSource ignores disallowed + values (dropping them), DataSourceRef preserves + all values, and generates an error + if a disallowed value is specified. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -6160,9 +7128,15 @@ spec: - name type: object resources: - description: 'Resources represents + description: 'resources represents the minimum resources the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed + to specify resource requirements + that are lower than previous value + but must still be higher than capacity + recorded in the status field of + the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -6174,7 +7148,7 @@ spec: description: 'Limits describes the maximum amount of compute resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -6190,12 +7164,12 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: A label query over volumes - to consider for binding. + description: selector is a label query + over volumes to consider for binding. properties: matchExpressions: description: matchExpressions @@ -6255,9 +7229,9 @@ spec: type: object type: object storageClassName: - description: 'Name of the StorageClass - required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is + the name of the StorageClass required + by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what @@ -6266,7 +7240,7 @@ spec: when not included in claim spec. type: string volumeName: - description: VolumeName is the binding + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string @@ -6276,77 +7250,79 @@ spec: type: object type: object fc: - description: FC represents a Fibre Channel resource + description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. properties: fsType: - description: 'Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem - from compromising the machine' + description: 'fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. TODO: how do we prevent + errors in the filesystem from compromising + the machine' type: string lun: - description: 'Optional: FC target lun number' + description: 'lun is Optional: FC target lun + number' format: int32 type: integer readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts.' + description: 'readOnly is Optional: Defaults + to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'Optional: FC target worldwide - names (WWNs)' + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' items: type: string type: array wwids: - description: 'Optional: FC volume world wide - identifiers (wwids) Either wwids or combination - of targetWWNs and lun must be set, but not - both simultaneously.' + description: 'wwids Optional: FC volume world + wide identifiers (wwids) Either wwids or + combination of targetWWNs and lun must be + set, but not both simultaneously.' items: type: string type: array type: object flexVolume: - description: FlexVolume represents a generic volume + description: flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. properties: driver: - description: Driver is the name of the driver + description: driver is the name of the driver to use for this volume. type: string fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends on FlexVolume - script. + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends + on FlexVolume script. type: string options: additionalProperties: type: string - description: 'Optional: Extra command options - if any.' + description: 'options is Optional: this field + holds extra command options if any.' type: object readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts.' + description: 'readOnly is Optional: defaults + to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'Optional: SecretRef is reference - to the secret object containing sensitive - information to pass to the plugin scripts. - This may be empty if no secret object is - specified. If the secret object contains - more than one secret, all secrets are passed - to the plugin scripts.' + description: 'secretRef is Optional: secretRef + is reference to the secret object containing + sensitive information to pass to the plugin + scripts. This may be empty if no secret + object is specified. If the secret object + contains more than one secret, all secrets + are passed to the plugin scripts.' properties: name: description: 'Name of the referent. More @@ -6359,53 +7335,55 @@ spec: - driver type: object flocker: - description: Flocker represents a Flocker volume + description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running properties: datasetName: - description: Name of the dataset stored as - metadata -> name on the dataset for Flocker - should be considered as deprecated + description: datasetName is Name of the dataset + stored as metadata -> name on the dataset + for Flocker should be considered as deprecated type: string datasetUUID: - description: UUID of the dataset. This is - unique identifier of a Flocker dataset + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset type: string type: object gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE + description: 'gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + description: 'fsType is filesystem type of + the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume - that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the - property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'partition is the partition in + the volume that you want to mount. If omitted, + the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can + leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'Unique name of the PD resource - in GCE. Used to identify the disk in GCE. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'pdName is unique name of the + PD resource in GCE. Used to identify the + disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean @@ -6413,7 +7391,7 @@ spec: - pdName type: object gitRepo: - description: 'GitRepo represents a git repository + description: 'gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer @@ -6421,39 +7399,39 @@ spec: EmptyDir into the Pod''s container.' properties: directory: - description: Target directory name. Must not - contain or start with '..'. If '.' is supplied, - the volume directory will be the git repository. Otherwise, - if specified, the volume will contain the - git repository in the subdirectory with - the given name. + description: directory is the target directory + name. Must not contain or start with '..'. If + '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, + the volume will contain the git repository + in the subdirectory with the given name. type: string repository: - description: Repository URL + description: repository is the URL type: string revision: - description: Commit hash for the specified - revision. + description: revision is the commit hash for + the specified revision. type: string required: - repository type: object glusterfs: - description: 'Glusterfs represents a Glusterfs + description: 'glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'EndpointsName is the endpoint - name that details Glusterfs topology. More - info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'endpoints is the endpoint name + that details Glusterfs topology. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'Path is the Glusterfs volume + description: 'path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' @@ -6463,7 +7441,7 @@ spec: - path type: object hostPath: - description: 'HostPath represents a pre-existing + description: 'hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things @@ -6474,76 +7452,79 @@ spec: mount host directories as read/write.' properties: path: - description: 'Path of the directory on the + description: 'path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'Type for HostPath Volume Defaults + description: 'type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'ISCSI represents an ISCSI Disk resource + description: 'iscsi represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: whether support iSCSI Discovery - CHAP authentication + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: whether support iSCSI Session - CHAP authentication + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication type: boolean fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + description: 'fsType is the filesystem type + of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' type: string initiatorName: - description: Custom iSCSI Initiator Name. - If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for - the connection. + description: initiatorName is the custom iSCSI + Initiator Name. If initiatorName is specified + with iscsiInterface simultaneously, new + iSCSI interface : will be created for the connection. type: string iqn: - description: Target iSCSI Qualified Name. + description: iqn is the target iSCSI Qualified + Name. type: string iscsiInterface: - description: iSCSI Interface Name that uses - an iSCSI transport. Defaults to 'default' - (tcp). + description: iscsiInterface is the interface + Name that uses an iSCSI transport. Defaults + to 'default' (tcp). type: string lun: - description: iSCSI Target Lun number. + description: lun represents iSCSI Target Lun + number. format: int32 type: integer portals: - description: iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if - the port is other than default (typically + description: portals is the iSCSI Target Portal + List. The portal is either an IP or ip_addr:port + if the port is other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: ReadOnly here will force the + description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: CHAP Secret for iSCSI target - and initiator authentication + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication properties: name: description: 'Name of the referent. More @@ -6553,10 +7534,10 @@ spec: type: string type: object targetPortal: - description: iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port - is other than default (typically TCP ports - 860 and 3260). + description: targetPortal is iSCSI Target + Portal. The Portal is either an IP or ip_addr:port + if the port is other than default (typically + TCP ports 860 and 3260). type: string required: - iqn @@ -6564,26 +7545,26 @@ spec: - targetPortal type: object name: - description: 'Volume''s name. Must be a DNS_LABEL + description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'NFS represents an NFS mount on the + description: 'nfs represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'Path that is exported by the + description: 'path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'Server is the hostname or IP + description: 'server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: @@ -6591,99 +7572,101 @@ spec: - server type: object persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource + description: 'persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim + description: 'claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: Will force the ReadOnly setting - in VolumeMounts. Default false. + description: readOnly Will force the ReadOnly + setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: PhotonPersistentDisk represents a + description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string pdID: - description: ID that identifies Photon Controller - persistent disk + description: pdID is the ID that identifies + Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: PortworxVolume represents a portworx + description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine properties: fsType: - description: FSType represents the filesystem + description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). + description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: VolumeID uniquely identifies + description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: Items for all in one resources secrets, - configmaps, and downward API + description: projected items for all in one resources + secrets, configmaps, and downward API properties: defaultMode: - description: Mode bits used to set permissions - on created files by default. Must be an - octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both - octal and decimal values, JSON requires - decimal values for mode bits. Directories - within the path are not affected by this - setting. This might be in conflict with - other options that affect the file mode, - like fsGroup, and the result can be other - mode bits set. + description: defaultMode are the mode bits + used to set permissions on created files + by default. Must be an octal value between + 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. Directories within the path are + not affected by this setting. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set. format: int32 type: integer sources: - description: list of volume projections + description: sources is the list of volume + projections items: description: Projection that may be projected along with other supported volume types properties: configMap: - description: information about the configMap - data to project + description: configMap information about + the configMap data to project properties: items: - description: If unspecified, each - key-value pair in the Data field - of the referenced ConfigMap will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, + description: items if unspecified, + each key-value pair in the Data + field of the referenced ConfigMap + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. @@ -6698,11 +7681,12 @@ spec: to a path within a volume. properties: key: - description: The key to project. + description: key is the key + to project. type: string mode: - description: 'Optional: mode - bits used to set permissions + description: 'mode is Optional: + mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value @@ -6720,7 +7704,7 @@ spec: format: int32 type: integer path: - description: The relative + description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain @@ -6740,14 +7724,14 @@ spec: apiVersion, kind, uid?' type: string optional: - description: Specify whether the - ConfigMap or its keys must be - defined + description: optional specify whether + the ConfigMap or its keys must + be defined type: boolean type: object downwardAPI: - description: information about the downwardAPI - data to project + description: downwardAPI information + about the downwardAPI data to project properties: items: description: Items is a list of @@ -6844,16 +7828,16 @@ spec: type: array type: object secret: - description: information about the secret - data to project + description: secret information about + the secret data to project properties: items: - description: If unspecified, each - key-value pair in the Data field - of the referenced Secret will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, + description: items if unspecified, + each key-value pair in the Data + field of the referenced Secret + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. @@ -6868,11 +7852,12 @@ spec: to a path within a volume. properties: key: - description: The key to project. + description: key is the key + to project. type: string mode: - description: 'Optional: mode - bits used to set permissions + description: 'mode is Optional: + mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value @@ -6890,7 +7875,7 @@ spec: format: int32 type: integer path: - description: The relative + description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain @@ -6910,16 +7895,18 @@ spec: apiVersion, kind, uid?' type: string optional: - description: Specify whether the - Secret or its key must be defined + description: optional field specify + whether the Secret or its key + must be defined type: boolean type: object serviceAccountToken: - description: information about the serviceAccountToken + description: serviceAccountToken is + information about the serviceAccountToken data to project properties: audience: - description: Audience is the intended + description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in @@ -6929,7 +7916,7 @@ spec: of the apiserver. type: string expirationSeconds: - description: ExpirationSeconds is + description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, @@ -6945,7 +7932,7 @@ spec: format: int64 type: integer path: - description: Path is the path relative + description: path is the path relative to the mount point of the file to project the token into. type: string @@ -6954,41 +7941,39 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: - description: Quobyte represents a Quobyte mount + description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: - description: Group to map volume access to + description: group to map volume access to Default is no group type: string readOnly: - description: ReadOnly here will force the + description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. type: boolean registry: - description: Registry represents a single + description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes type: string tenant: - description: Tenant owning the given Quobyte + description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin type: string user: - description: User to map volume access to + description: user to map volume access to Defaults to serivceaccount user type: string volume: - description: Volume is a string that references + description: volume is a string that references an already created Quobyte volume by name. type: string required: @@ -6996,46 +7981,47 @@ spec: - volume type: object rbd: - description: 'RBD represents a Rados Block Device + description: 'rbd represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + description: 'fsType is the filesystem type + of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' type: string image: - description: 'The rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'Keyring is the path to key ring + description: 'keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'A collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'monitors is a collection of + Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'The rados pool name. Default - is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'pool is the rados pool name. + Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'SecretRef is name of the authentication + description: 'secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: @@ -7047,38 +8033,39 @@ spec: type: string type: object user: - description: 'The rados user name. Default - is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'user is the rados user name. + Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: ScaleIO represents a ScaleIO persistent + description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". type: string gateway: - description: The host address of the ScaleIO - API Gateway. + description: gateway is the host address of + the ScaleIO API Gateway. type: string protectionDomain: - description: The name of the ScaleIO Protection - Domain for the configured storage. + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. type: string readOnly: - description: Defaults to false (read/write). + description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef references to the secret + description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. @@ -7091,26 +8078,27 @@ spec: type: string type: object sslEnabled: - description: Flag to enable/disable SSL communication - with Gateway, default false + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false type: boolean storageMode: - description: Indicates whether the storage - for a volume should be ThickProvisioned + description: storageMode indicates whether + the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: The ScaleIO Storage Pool associated - with the protection domain. + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. type: string system: - description: The name of the storage system - as configured in ScaleIO. + description: system is the name of the storage + system as configured in ScaleIO. type: string volumeName: - description: The name of a volume already - created in the ScaleIO system that is associated - with this volume source. + description: volumeName is the name of a volume + already created in the ScaleIO system that + is associated with this volume source. type: string required: - gateway @@ -7118,25 +8106,26 @@ spec: - system type: object secret: - description: 'Secret represents a secret that + description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'Optional: mode bits used to - set permissions on created files by default. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the - path are not affected by this setting. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits set.' + description: 'defaultMode is Optional: mode + bits used to set permissions on created + files by default. Must be an octal value + between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. + Directories within the path are not affected + by this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value + description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content @@ -7153,27 +8142,27 @@ spec: within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used - to set permissions on this file. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' + description: 'mode is Optional: mode + bits used to set permissions on this + file. Must be an octal value between + 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. If not + specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the + file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain + description: path is the relative path + of the file to map the key to. May + not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string @@ -7183,31 +8172,33 @@ spec: type: object type: array optional: - description: Specify whether the Secret or - its keys must be defined + description: optional field specify whether + the Secret or its keys must be defined type: boolean secretName: - description: 'Name of the secret in the pod''s - namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'secretName is the name of the + secret in the pod''s namespace to use. More + info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: StorageOS represents a StorageOS + description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). + description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef specifies the secret + description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. properties: @@ -7219,12 +8210,12 @@ spec: type: string type: object volumeName: - description: VolumeName is the human-readable + description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. type: string volumeNamespace: - description: VolumeNamespace specifies the + description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the @@ -7237,27 +8228,29 @@ spec: type: string type: object vsphereVolume: - description: VsphereVolume represents a vSphere + description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is filesystem type to + mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string storagePolicyID: - description: Storage Policy Based Management - (SPBM) profile ID associated with the StoragePolicyName. + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. type: string storagePolicyName: - description: Storage Policy Based Management - (SPBM) profile name. + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. type: string volumePath: - description: Path that identifies vSphere - volume vmdk + description: volumePath is the path that identifies + vSphere volume vmdk type: string required: - volumePath diff --git a/apps/training-operator/upstream/base/crds/kubeflow.org_tfjobs.yaml b/apps/training-operator/upstream/base/crds/kubeflow.org_tfjobs.yaml index d1419d6ee1..6485609163 100644 --- a/apps/training-operator/upstream/base/crds/kubeflow.org_tfjobs.yaml +++ b/apps/training-operator/upstream/base/crds/kubeflow.org_tfjobs.yaml @@ -474,12 +474,85 @@ spec: are ANDed. type: object type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object namespaces: description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); null - or empty list means "this pod's - namespace" + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -589,11 +662,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies - to (matches against); null or empty - list means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -705,12 +845,85 @@ spec: are ANDed. type: object type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object namespaces: description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); null - or empty list means "this pod's - namespace" + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -820,11 +1033,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies - to (matches against); null or empty - list means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -861,12 +1141,14 @@ spec: properties: args: description: 'Arguments to the entrypoint. The - docker image''s CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). + container image''s CMD is used if this is not + provided. Variable references $(VAR_NAME) are + expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for + escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' @@ -875,16 +1157,17 @@ spec: type: array command: description: 'Entrypoint array. Not executed within - a shell. The docker image''s ENTRYPOINT is used - if this is not provided. Variable references + a shell. The container image''s ENTRYPOINT is + used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array @@ -901,13 +1184,15 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) - are expanded using the previous defined + are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can - be escaped with a double $$, ie: $$(VAR_NAME). + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' @@ -1061,7 +1346,8 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments @@ -1087,9 +1373,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -1160,10 +1445,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -1190,21 +1477,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -1275,10 +1560,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -1305,9 +1592,8 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -1332,6 +1618,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1400,10 +1706,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -1421,6 +1725,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -1492,9 +1818,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -1519,6 +1844,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1587,10 +1932,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -1608,6 +1951,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -1617,7 +1982,7 @@ spec: type: object resources: description: 'Compute Resources required by this - container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: limits: additionalProperties: @@ -1628,7 +1993,7 @@ spec: x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1642,12 +2007,14 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + description: 'SecurityContext defines the security + options the container should be run with. If + set, the fields of SecurityContext override + the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: @@ -1657,13 +2024,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -1684,7 +2054,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -1693,10 +2064,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -1704,7 +2079,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -1726,7 +2102,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -1736,7 +2113,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -1759,7 +2138,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -1790,7 +2171,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -1804,6 +2187,22 @@ spec: the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if + a container should be run as a 'Host + Process' container. This field is alpha-level + and will only be honored by components + that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed + to have a mix of HostProcess containers + and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container @@ -1826,14 +2225,11 @@ spec: parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. - This cannot be updated. This is a beta feature - enabled by the StartupProbe feature flag. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -1858,6 +2254,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1926,10 +2342,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -1947,6 +2361,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -2144,33 +2580,35 @@ spec: and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - This field is alpha-level and is only honored by servers - that enable the EphemeralContainers feature. + This field is beta-level and available on clusters + that haven't disabled the EphemeralContainers feature + gate. items: - description: An EphemeralContainer is a container - that may be added temporarily to an existing pod - for user-initiated activities such as debugging. - Ephemeral containers have no resource or scheduling - guarantees, and they will not be restarted when - they exit or when a pod is removed or restarted. - If an ephemeral container causes a pod to exceed - its resource allocation, the pod may be evicted. - Ephemeral containers may not be added by directly - updating the pod spec. They must be added via the - pod's ephemeralcontainers subresource, and they - will appear in the pod spec once added. This is - an alpha feature enabled by the EphemeralContainers - feature flag. + description: "An EphemeralContainer is a temporary + container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral + containers have no resource or scheduling guarantees, + and they will not be restarted when they exit or + when a Pod is removed or restarted. The kubelet + may evict a Pod if an ephemeral container causes + the Pod to exceed its resource allocation. \n To + add an ephemeral container, use the ephemeralcontainers + subresource of an existing Pod. Ephemeral containers + may not be removed or restarted. \n This is a beta + feature available on clusters that haven't disabled + the EphemeralContainers feature gate." properties: args: description: 'Arguments to the entrypoint. The - docker image''s CMD is used if this is not provided. + image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, regardless + string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: @@ -2178,16 +2616,17 @@ spec: type: array command: description: 'Entrypoint array. Not executed within - a shell. The docker image''s ENTRYPOINT is used - if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, - the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + a shell. The image''s ENTRYPOINT is used if + this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for + escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array @@ -2204,13 +2643,15 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) - are expanded using the previous defined + are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can - be escaped with a double $$, ie: $$(VAR_NAME). + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' @@ -2364,7 +2805,8 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images' + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images' type: string imagePullPolicy: description: 'Image pull policy. One of Always, @@ -2385,9 +2827,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -2458,10 +2899,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -2488,21 +2931,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -2573,10 +3014,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -2602,9 +3045,8 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -2629,6 +3071,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2697,10 +3159,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2718,6 +3178,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -2772,14 +3254,17 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -2804,6 +3289,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2872,10 +3377,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2893,6 +3396,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -2914,7 +3439,7 @@ spec: x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2928,12 +3453,14 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: SecurityContext is not allowed for - ephemeral containers. + description: 'Optional: SecurityContext defines + the security options the ephemeral container + should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext.' properties: allowPrivilegeEscalation: description: 'AllowPrivilegeEscalation controls @@ -2942,13 +3469,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -2969,7 +3499,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -2978,10 +3509,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -2989,7 +3524,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -3011,7 +3547,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -3021,7 +3558,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -3044,7 +3583,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -3075,7 +3616,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -3089,6 +3632,22 @@ spec: the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if + a container should be run as a 'Host + Process' container. This field is alpha-level + and will only be honored by components + that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed + to have a mix of HostProcess containers + and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container @@ -3106,9 +3665,8 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -3133,6 +3691,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3201,10 +3779,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3222,6 +3798,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -3252,13 +3850,15 @@ spec: EOF. Default is false type: boolean targetContainerName: - description: If set, the name of the container + description: "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set - then the ephemeral container is run in whatever - namespaces are shared for the pod. Note that - the container runtime must support this feature. + then the ephemeral container uses the namespaces + configured in the Pod spec. \n The container + runtime must implement support for this feature. + If the runtime does not support namespace targeting + then the result of setting this field is undefined." type: string terminationMessagePath: description: 'Optional: Path at which the file @@ -3311,7 +3911,8 @@ spec: type: array volumeMounts: description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + filesystem. Subpath mounts are not allowed for + ephemeral containers. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -3410,9 +4011,8 @@ spec: references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual - puller implementations for them to use. For example, - in the case of docker, only DockerConfig type secrets - are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + puller implementations for them to use. More info: + https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: description: LocalObjectReference contains enough information to let you locate the referenced object @@ -3449,12 +4049,14 @@ spec: properties: args: description: 'Arguments to the entrypoint. The - docker image''s CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). + container image''s CMD is used if this is not + provided. Variable references $(VAR_NAME) are + expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for + escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' @@ -3463,16 +4065,17 @@ spec: type: array command: description: 'Entrypoint array. Not executed within - a shell. The docker image''s ENTRYPOINT is used - if this is not provided. Variable references + a shell. The container image''s ENTRYPOINT is + used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array @@ -3489,13 +4092,15 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) - are expanded using the previous defined + are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can - be escaped with a double $$, ie: $$(VAR_NAME). + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' @@ -3649,7 +4254,8 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments @@ -3675,9 +4281,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -3748,10 +4353,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -3778,21 +4385,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -3863,10 +4468,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -3893,9 +4500,8 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -3920,6 +4526,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3988,10 +4614,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4009,6 +4633,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -4080,9 +4726,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -4107,6 +4752,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4175,10 +4840,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4196,6 +4859,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -4205,7 +4890,7 @@ spec: type: object resources: description: 'Compute Resources required by this - container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: limits: additionalProperties: @@ -4216,7 +4901,7 @@ spec: x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -4230,12 +4915,14 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + description: 'SecurityContext defines the security + options the container should be run with. If + set, the fields of SecurityContext override + the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: @@ -4245,13 +4932,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -4272,7 +4962,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -4281,10 +4972,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -4292,7 +4987,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -4314,7 +5010,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -4324,7 +5021,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -4347,7 +5046,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -4378,7 +5079,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -4392,6 +5095,22 @@ spec: the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if + a container should be run as a 'Host + Process' container. This field is alpha-level + and will only be honored by components + that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed + to have a mix of HostProcess containers + and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container @@ -4414,14 +5133,11 @@ spec: parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. - This cannot be updated. This is a beta feature - enabled by the StartupProbe feature flag. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -4446,6 +5162,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4514,10 +5250,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4535,6 +5269,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -4684,6 +5440,40 @@ spec: must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object + x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in + the pod. Some pod and container fields are restricted + if this is set. \n If the OS field is set to linux, + the following fields must be unset: -securityContext.windowsOptions + \n If the OS field is set to windows, following fields + must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions + - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities + - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - + spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup This + is a beta field and requires the IdentifyPodOS feature" + properties: + name: + description: 'Name is the name of the operating + system. The currently supported values are linux + and windows. Additional value may be defined in + future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values + and treat unrecognized values in this field as + os: null' + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -4702,17 +5492,12 @@ spec: and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. - More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md - This field is alpha-level as of Kubernetes v1.16, - and is only honored by servers that enable the PodOverhead - feature.' + More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' type: object preemptionPolicy: description: PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. - Defaults to PreemptLowerPriority if unset. This field - is beta-level, gated by the NonPreemptingPriority - feature-gate. + Defaults to PreemptLowerPriority if unset. type: string priority: description: The priority value. Various system components @@ -4737,7 +5522,7 @@ spec: be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" - More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' items: description: PodReadinessGate contains the reference to a pod condition @@ -4763,8 +5548,7 @@ spec: or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: - https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is a beta feature as of Kubernetes v1.14.' + https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' type: string schedulerName: description: If specified, the pod will be dispatched @@ -4786,7 +5570,9 @@ spec: is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not - modify the ownership and permissions of any volume." + modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name + is windows." format: int64 type: integer fsGroupChangePolicy: @@ -4797,7 +5583,9 @@ spec: based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' + and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name + is windows.' type: string runAsGroup: description: The GID to run the entrypoint of the @@ -4805,7 +5593,8 @@ spec: May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -4826,6 +5615,8 @@ spec: set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: @@ -4835,7 +5626,8 @@ spec: for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot + be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that @@ -4856,7 +5648,8 @@ spec: type: object seccompProfile: description: The seccomp options to use by the containers - in this pod. + in this pod. Note that this field cannot be set + when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -4882,7 +5675,9 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, - no groups will be added to any container. + no groups will be added to any container. Note + that this field cannot be set when spec.os.name + is windows. items: format: int64 type: integer @@ -4891,6 +5686,8 @@ spec: description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name + is windows. items: description: Sysctl defines a kernel parameter to be set @@ -4912,6 +5709,8 @@ spec: within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -4923,6 +5722,20 @@ spec: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be + honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. Defaults @@ -4974,10 +5787,11 @@ spec: description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value - zero indicates delete immediately. If this value is - nil, the default grace period will be used instead. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination + zero indicates stop immediately via the kill signal + (no opportunity to shut down). If this value is nil, + the default grace period will be used instead. The + grace period is the duration in seconds after the + processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults @@ -5097,28 +5911,69 @@ spec: `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and - the global minimum. For example, in a 3-zone + the global minimum. The global minimum is the + minimum number of matching pods in an eligible + domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with - the same labelSelector spread as 1/1/0: | zone1 - | zone2 | zone3 | | P | P | | - - if MaxSkew is 1, incoming pod can only be - scheduled to zone3 to become 1/1/1; scheduling - it onto zone1(zone2) would make the ActualSkew(2-0) - on zone1(zone2) violate MaxSkew(1). - if MaxSkew - is 2, incoming pod can be scheduled onto any - zone. When `whenUnsatisfiable=ScheduleAnyway`, + the same labelSelector spread as 2/2/1: In this + case, the global minimum is 1. | zone1 | zone2 + | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to + zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It''s a required field. Default value is 1 and 0 is not allowed.' format: int32 type: integer + minDomains: + description: "MinDomains indicates a minimum number + of eligible domains. When the number of eligible + domains with matching topology keys is less + than minDomains, Pod Topology Spread treats + \"global minimum\" as 0, and then the calculation + of Skew is performed. And when the number of + eligible domains with matching topology keys + equals or greater than minDomains, this value + has no effect on scheduling. As a result, when + the number of eligible domains is less than + minDomains, scheduler won't schedule more than + maxSkew Pods to those domains. If value is nil, + the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than + 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a + 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector + spread as 2/2/2: | zone1 | zone2 | zone3 | | + \ P P | P P | P P | The number of domains + is less than 5(MinDomains), so \"global minimum\" + is treated as 0. In this situation, new pod + with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new + Pod is scheduled to any of the three zones, + it will violate MaxSkew. \n This is an alpha + field and requires enabling MinDomainsInPodTopologySpread + feature gate." + format: int32 + type: integer topologyKey: description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into - each bucket. It's a required field. + each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible + domain as a domain whose nodes match the node + selector. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, + if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. It's + a required field. type: string whenUnsatisfiable: description: 'WhenUnsatisfiable indicates how @@ -5130,7 +5985,7 @@ spec: topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible - node assigment for that pod would violate "MaxSkew" + node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 @@ -5161,77 +6016,78 @@ spec: pod. properties: awsElasticBlockStore: - description: 'AWSElasticBlockStore represents + description: 'awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + description: 'fsType is the filesystem type + of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume - that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the - property empty).' + description: 'partition is the partition in + the volume that you want to mount. If omitted, + the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can + leave the property empty).' format: int32 type: integer readOnly: - description: 'Specify "true" to force and - set the ReadOnly property in VolumeMounts - to "true". If omitted, the default is "false". - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'readOnly value true will force + the readOnly setting in VolumeMounts. More + info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'Unique ID of the persistent - disk resource in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'volumeID is unique ID of the + persistent disk resource in AWS (Amazon + EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: AzureDisk represents an Azure Data + description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. properties: cachingMode: - description: 'Host Caching mode: None, Read - Only, Read Write.' + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' type: string diskName: - description: The Name of the data disk in - the blob storage + description: diskName is the Name of the data + disk in the blob storage type: string diskURI: - description: The URI the data disk in the - blob storage + description: diskURI is the URI of data disk + in the blob storage type: string fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is Filesystem type to + mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string kind: - description: 'Expected values Shared: multiple - blob disks per storage account Dedicated: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' type: string readOnly: - description: Defaults to false (read/write). + description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean @@ -5240,56 +6096,59 @@ spec: - diskURI type: object azureFile: - description: AzureFile represents an Azure File + description: azureFile represents an Azure File Service mount on the host and bind mount to the pod. properties: readOnly: - description: Defaults to false (read/write). + description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: the name of secret that contains - Azure Storage Account Name and Key + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key type: string shareName: - description: Share Name + description: shareName is the azure share + Name type: string required: - secretName - shareName type: object cephfs: - description: CephFS represents a Ceph FS mount + description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: monitors: - description: 'Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'monitors is Required: Monitors + is a collection of Ceph monitors More info: + https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'Optional: Used as the mounted - root, rather than the full Ceph tree, default - is /' + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' type: string readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'readOnly is Optional: Defaults + to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretFile is Optional: SecretFile + is the path to key ring for User, default + is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'Optional: SecretRef is reference - to the authentication secret for User, default - is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretRef is Optional: SecretRef + is reference to the authentication secret + for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: description: 'Name of the referent. More @@ -5299,34 +6158,35 @@ spec: type: string type: object user: - description: 'Optional: User is the rados - user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'user is optional: User is the + rados user name, default is admin More info: + https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'Cinder represents a cinder volume + description: 'cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'Optional: points to a secret - object containing parameters used to connect - to OpenStack.' + description: 'secretRef is optional: points + to a secret object containing parameters + used to connect to OpenStack.' properties: name: description: 'Name of the referent. More @@ -5336,32 +6196,33 @@ spec: type: string type: object volumeID: - description: 'volume id used to identify the + description: 'volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: ConfigMap represents a configMap + description: configMap represents a configMap that should populate this volume properties: defaultMode: - description: 'Optional: mode bits used to - set permissions on created files by default. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the - path are not affected by this setting. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits set.' + description: 'defaultMode is optional: mode + bits used to set permissions on created + files by default. Must be an octal value + between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. + Directories within the path are not affected + by this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value + description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content @@ -5378,27 +6239,27 @@ spec: within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used - to set permissions on this file. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' + description: 'mode is Optional: mode + bits used to set permissions on this + file. Must be an octal value between + 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. If not + specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the + file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain + description: path is the relative path + of the file to map the key to. May + not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string @@ -5414,30 +6275,30 @@ spec: kind, uid?' type: string optional: - description: Specify whether the ConfigMap - or its keys must be defined + description: optional specify whether the + ConfigMap or its keys must be defined type: boolean type: object csi: - description: CSI (Container Storage Interface) + description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). properties: driver: - description: Driver is the name of the CSI + description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. type: string fsType: - description: Filesystem type to mount. Ex. - "ext4", "xfs", "ntfs". If not provided, - the empty value is passed to the associated - CSI driver which will determine the default - filesystem to apply. + description: fsType to mount. Ex. "ext4", + "xfs", "ntfs". If not provided, the empty + value is passed to the associated CSI driver + which will determine the default filesystem + to apply. type: string nodePublishSecretRef: - description: NodePublishSecretRef is a reference + description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume @@ -5454,13 +6315,14 @@ spec: type: string type: object readOnly: - description: Specifies a read-only configuration - for the volume. Defaults to false (read/write). + description: readOnly specifies a read-only + configuration for the volume. Defaults to + false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: VolumeAttributes stores driver-specific + description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. @@ -5469,7 +6331,7 @@ spec: - driver type: object downwardAPI: - description: DownwardAPI represents downward API + description: downwardAPI represents downward API about the pod that should populate this volume properties: defaultMode: @@ -5570,62 +6432,59 @@ spec: type: array type: object emptyDir: - description: 'EmptyDir represents a temporary + description: 'emptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'What type of storage medium - should back this directory. The default - is "" which means to use the node''s default - medium. Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'medium represents what type + of storage medium should back this directory. + The default is "" which means to use the + node''s default medium. Must be an empty + string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'Total amount of local storage - required for this EmptyDir volume. The size - limit is also applicable for memory medium. - The maximum usage on memory medium EmptyDir - would be the minimum value between the SizeLimit - specified here and the sum of memory limits - of all containers in a pod. The default - is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'sizeLimit is the total amount + of local storage required for this EmptyDir + volume. The size limit is also applicable + for memory medium. The maximum usage on + memory medium EmptyDir would be the minimum + value between the SizeLimit specified here + and the sum of memory limits of all containers + in a pod. The default is nil which means + that the limit is undefined. More info: + http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "Ephemeral represents a volume that - is handled by a cluster storage driver (Alpha - feature). The volume's lifecycle is tied to - the pod that defines it - it will be created - before the pod starts, and deleted when the - pod is removed. \n Use this if: a) the volume - is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot - or capacity tracking are needed, c) the storage - driver is specified through a storage class, - and d) the storage driver supports dynamic volume - provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information - on the connection between this volume type and - PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes - that persist for longer than the lifecycle of - an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver is - meant to be used that way - see the documentation - of the driver for more information. \n A pod - can use both types of ephemeral volumes and - persistent volumes at the same time." + description: "ephemeral represents a volume that + is handled by a cluster storage driver. The + volume's lifecycle is tied to the pod that defines + it - it will be created before the pod starts, + and deleted when the pod is removed. \n Use + this if: a) the volume is only needed while + the pod runs, b) features of normal volumes + like restoring from snapshot or capacity tracking + are needed, c) the storage driver is specified + through a storage class, and d) the storage + driver supports dynamic volume provisioning + through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between + this volume type and PersistentVolumeClaim). + \n Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than + the lifecycle of an individual pod. \n Use CSI + for light-weight local ephemeral volumes if + the CSI driver is meant to be used that way + - see the documentation of the driver for more + information. \n A pod can use both types of + ephemeral volumes and persistent volumes at + the same time." properties: - readOnly: - description: Specifies a read-only configuration - for the volume. Defaults to false (read/write). - type: boolean volumeClaimTemplate: description: "Will be used to create a stand-alone PVC to provision the volume. The pod in @@ -5685,34 +6544,82 @@ spec: are also valid here. properties: accessModes: - description: 'AccessModes contains + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used - to specify either: * An existing - VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - - Beta) * An existing PVC (PersistentVolumeClaim) - * An existing custom resource/object - that implements data population - (Alpha) In order to use VolumeSnapshot - object types, the appropriate feature - gate must be enabled (VolumeSnapshotDataSource - or AnyVolumeDataSource) If the provisioner - or an external controller can support - the specified data source, it will - create a new volume based on the - contents of the specified data source. - If the specified data source is - not supported, the volume will not - be created and the failure will - be reported as an event. In the - future, we plan to support more - data source types and the behavior - of the provisioner may change.' + description: 'dataSource field can + be used to specify either: * An + existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external + controller can support the specified + data source, it will create a new + volume based on the contents of + the specified data source. If the + AnyVolumeDataSource feature gate + is enabled, this field will always + have the same contents as the DataSourceRef + field.' + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any + other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'dataSourceRef specifies + the object from which to populate + the volume with data, if a non-empty + volume is desired. This may be any + local object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, + volume binding will only succeed + if the type of the specified object + matches some installed volume populator + or dynamic provisioner. This field + will replace the functionality of + the DataSource field and as such + if both fields are non-empty, they + must have the same value. For backwards + compatibility, both fields (DataSource + and DataSourceRef) will be set to + the same value automatically if + one of them is empty and the other + is non-empty. There are two important + differences between DataSource and + DataSourceRef: * While DataSource + only allows two specific types of + objects, DataSourceRef allows + any non-core object, as well as + PersistentVolumeClaim objects. * + While DataSource ignores disallowed + values (dropping them), DataSourceRef preserves + all values, and generates an error + if a disallowed value is specified. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -5736,9 +6643,15 @@ spec: - name type: object resources: - description: 'Resources represents + description: 'resources represents the minimum resources the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed + to specify resource requirements + that are lower than previous value + but must still be higher than capacity + recorded in the status field of + the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -5750,7 +6663,7 @@ spec: description: 'Limits describes the maximum amount of compute resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5766,12 +6679,12 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: A label query over volumes - to consider for binding. + description: selector is a label query + over volumes to consider for binding. properties: matchExpressions: description: matchExpressions @@ -5831,9 +6744,9 @@ spec: type: object type: object storageClassName: - description: 'Name of the StorageClass - required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is + the name of the StorageClass required + by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what @@ -5842,7 +6755,7 @@ spec: when not included in claim spec. type: string volumeName: - description: VolumeName is the binding + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string @@ -5852,77 +6765,79 @@ spec: type: object type: object fc: - description: FC represents a Fibre Channel resource + description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. properties: fsType: - description: 'Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem - from compromising the machine' + description: 'fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. TODO: how do we prevent + errors in the filesystem from compromising + the machine' type: string lun: - description: 'Optional: FC target lun number' + description: 'lun is Optional: FC target lun + number' format: int32 type: integer readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts.' + description: 'readOnly is Optional: Defaults + to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'Optional: FC target worldwide - names (WWNs)' + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' items: type: string type: array wwids: - description: 'Optional: FC volume world wide - identifiers (wwids) Either wwids or combination - of targetWWNs and lun must be set, but not - both simultaneously.' + description: 'wwids Optional: FC volume world + wide identifiers (wwids) Either wwids or + combination of targetWWNs and lun must be + set, but not both simultaneously.' items: type: string type: array type: object flexVolume: - description: FlexVolume represents a generic volume + description: flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. properties: driver: - description: Driver is the name of the driver + description: driver is the name of the driver to use for this volume. type: string fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends on FlexVolume - script. + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends + on FlexVolume script. type: string options: additionalProperties: type: string - description: 'Optional: Extra command options - if any.' + description: 'options is Optional: this field + holds extra command options if any.' type: object readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts.' + description: 'readOnly is Optional: defaults + to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'Optional: SecretRef is reference - to the secret object containing sensitive - information to pass to the plugin scripts. - This may be empty if no secret object is - specified. If the secret object contains - more than one secret, all secrets are passed - to the plugin scripts.' + description: 'secretRef is Optional: secretRef + is reference to the secret object containing + sensitive information to pass to the plugin + scripts. This may be empty if no secret + object is specified. If the secret object + contains more than one secret, all secrets + are passed to the plugin scripts.' properties: name: description: 'Name of the referent. More @@ -5935,53 +6850,55 @@ spec: - driver type: object flocker: - description: Flocker represents a Flocker volume + description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running properties: datasetName: - description: Name of the dataset stored as - metadata -> name on the dataset for Flocker - should be considered as deprecated + description: datasetName is Name of the dataset + stored as metadata -> name on the dataset + for Flocker should be considered as deprecated type: string datasetUUID: - description: UUID of the dataset. This is - unique identifier of a Flocker dataset + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset type: string type: object gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE + description: 'gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + description: 'fsType is filesystem type of + the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume - that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the - property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'partition is the partition in + the volume that you want to mount. If omitted, + the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can + leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'Unique name of the PD resource - in GCE. Used to identify the disk in GCE. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'pdName is unique name of the + PD resource in GCE. Used to identify the + disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean @@ -5989,7 +6906,7 @@ spec: - pdName type: object gitRepo: - description: 'GitRepo represents a git repository + description: 'gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer @@ -5997,39 +6914,39 @@ spec: EmptyDir into the Pod''s container.' properties: directory: - description: Target directory name. Must not - contain or start with '..'. If '.' is supplied, - the volume directory will be the git repository. Otherwise, - if specified, the volume will contain the - git repository in the subdirectory with - the given name. + description: directory is the target directory + name. Must not contain or start with '..'. If + '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, + the volume will contain the git repository + in the subdirectory with the given name. type: string repository: - description: Repository URL + description: repository is the URL type: string revision: - description: Commit hash for the specified - revision. + description: revision is the commit hash for + the specified revision. type: string required: - repository type: object glusterfs: - description: 'Glusterfs represents a Glusterfs + description: 'glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'EndpointsName is the endpoint - name that details Glusterfs topology. More - info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'endpoints is the endpoint name + that details Glusterfs topology. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'Path is the Glusterfs volume + description: 'path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' @@ -6039,7 +6956,7 @@ spec: - path type: object hostPath: - description: 'HostPath represents a pre-existing + description: 'hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things @@ -6050,76 +6967,79 @@ spec: mount host directories as read/write.' properties: path: - description: 'Path of the directory on the + description: 'path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'Type for HostPath Volume Defaults + description: 'type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'ISCSI represents an ISCSI Disk resource + description: 'iscsi represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: whether support iSCSI Discovery - CHAP authentication + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: whether support iSCSI Session - CHAP authentication + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication type: boolean fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + description: 'fsType is the filesystem type + of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' type: string initiatorName: - description: Custom iSCSI Initiator Name. - If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for - the connection. + description: initiatorName is the custom iSCSI + Initiator Name. If initiatorName is specified + with iscsiInterface simultaneously, new + iSCSI interface : will be created for the connection. type: string iqn: - description: Target iSCSI Qualified Name. + description: iqn is the target iSCSI Qualified + Name. type: string iscsiInterface: - description: iSCSI Interface Name that uses - an iSCSI transport. Defaults to 'default' - (tcp). + description: iscsiInterface is the interface + Name that uses an iSCSI transport. Defaults + to 'default' (tcp). type: string lun: - description: iSCSI Target Lun number. + description: lun represents iSCSI Target Lun + number. format: int32 type: integer portals: - description: iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if - the port is other than default (typically + description: portals is the iSCSI Target Portal + List. The portal is either an IP or ip_addr:port + if the port is other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: ReadOnly here will force the + description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: CHAP Secret for iSCSI target - and initiator authentication + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication properties: name: description: 'Name of the referent. More @@ -6129,10 +7049,10 @@ spec: type: string type: object targetPortal: - description: iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port - is other than default (typically TCP ports - 860 and 3260). + description: targetPortal is iSCSI Target + Portal. The Portal is either an IP or ip_addr:port + if the port is other than default (typically + TCP ports 860 and 3260). type: string required: - iqn @@ -6140,26 +7060,26 @@ spec: - targetPortal type: object name: - description: 'Volume''s name. Must be a DNS_LABEL + description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'NFS represents an NFS mount on the + description: 'nfs represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'Path that is exported by the + description: 'path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'Server is the hostname or IP + description: 'server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: @@ -6167,99 +7087,101 @@ spec: - server type: object persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource + description: 'persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim + description: 'claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: Will force the ReadOnly setting - in VolumeMounts. Default false. + description: readOnly Will force the ReadOnly + setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: PhotonPersistentDisk represents a + description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string pdID: - description: ID that identifies Photon Controller - persistent disk + description: pdID is the ID that identifies + Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: PortworxVolume represents a portworx + description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine properties: fsType: - description: FSType represents the filesystem + description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). + description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: VolumeID uniquely identifies + description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: Items for all in one resources secrets, - configmaps, and downward API + description: projected items for all in one resources + secrets, configmaps, and downward API properties: defaultMode: - description: Mode bits used to set permissions - on created files by default. Must be an - octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both - octal and decimal values, JSON requires - decimal values for mode bits. Directories - within the path are not affected by this - setting. This might be in conflict with - other options that affect the file mode, - like fsGroup, and the result can be other - mode bits set. + description: defaultMode are the mode bits + used to set permissions on created files + by default. Must be an octal value between + 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. Directories within the path are + not affected by this setting. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set. format: int32 type: integer sources: - description: list of volume projections + description: sources is the list of volume + projections items: description: Projection that may be projected along with other supported volume types properties: configMap: - description: information about the configMap - data to project + description: configMap information about + the configMap data to project properties: items: - description: If unspecified, each - key-value pair in the Data field - of the referenced ConfigMap will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, + description: items if unspecified, + each key-value pair in the Data + field of the referenced ConfigMap + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. @@ -6274,11 +7196,12 @@ spec: to a path within a volume. properties: key: - description: The key to project. + description: key is the key + to project. type: string mode: - description: 'Optional: mode - bits used to set permissions + description: 'mode is Optional: + mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value @@ -6296,7 +7219,7 @@ spec: format: int32 type: integer path: - description: The relative + description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain @@ -6316,14 +7239,14 @@ spec: apiVersion, kind, uid?' type: string optional: - description: Specify whether the - ConfigMap or its keys must be - defined + description: optional specify whether + the ConfigMap or its keys must + be defined type: boolean type: object downwardAPI: - description: information about the downwardAPI - data to project + description: downwardAPI information + about the downwardAPI data to project properties: items: description: Items is a list of @@ -6420,16 +7343,16 @@ spec: type: array type: object secret: - description: information about the secret - data to project + description: secret information about + the secret data to project properties: items: - description: If unspecified, each - key-value pair in the Data field - of the referenced Secret will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, + description: items if unspecified, + each key-value pair in the Data + field of the referenced Secret + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. @@ -6444,11 +7367,12 @@ spec: to a path within a volume. properties: key: - description: The key to project. + description: key is the key + to project. type: string mode: - description: 'Optional: mode - bits used to set permissions + description: 'mode is Optional: + mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value @@ -6466,7 +7390,7 @@ spec: format: int32 type: integer path: - description: The relative + description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain @@ -6486,16 +7410,18 @@ spec: apiVersion, kind, uid?' type: string optional: - description: Specify whether the - Secret or its key must be defined + description: optional field specify + whether the Secret or its key + must be defined type: boolean type: object serviceAccountToken: - description: information about the serviceAccountToken + description: serviceAccountToken is + information about the serviceAccountToken data to project properties: audience: - description: Audience is the intended + description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in @@ -6505,7 +7431,7 @@ spec: of the apiserver. type: string expirationSeconds: - description: ExpirationSeconds is + description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, @@ -6521,7 +7447,7 @@ spec: format: int64 type: integer path: - description: Path is the path relative + description: path is the path relative to the mount point of the file to project the token into. type: string @@ -6530,41 +7456,39 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: - description: Quobyte represents a Quobyte mount + description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: - description: Group to map volume access to + description: group to map volume access to Default is no group type: string readOnly: - description: ReadOnly here will force the + description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. type: boolean registry: - description: Registry represents a single + description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes type: string tenant: - description: Tenant owning the given Quobyte + description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin type: string user: - description: User to map volume access to + description: user to map volume access to Defaults to serivceaccount user type: string volume: - description: Volume is a string that references + description: volume is a string that references an already created Quobyte volume by name. type: string required: @@ -6572,46 +7496,47 @@ spec: - volume type: object rbd: - description: 'RBD represents a Rados Block Device + description: 'rbd represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + description: 'fsType is the filesystem type + of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' type: string image: - description: 'The rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'Keyring is the path to key ring + description: 'keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'A collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'monitors is a collection of + Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'The rados pool name. Default - is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'pool is the rados pool name. + Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'SecretRef is name of the authentication + description: 'secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: @@ -6623,38 +7548,39 @@ spec: type: string type: object user: - description: 'The rados user name. Default - is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'user is the rados user name. + Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: ScaleIO represents a ScaleIO persistent + description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". type: string gateway: - description: The host address of the ScaleIO - API Gateway. + description: gateway is the host address of + the ScaleIO API Gateway. type: string protectionDomain: - description: The name of the ScaleIO Protection - Domain for the configured storage. + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. type: string readOnly: - description: Defaults to false (read/write). + description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef references to the secret + description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. @@ -6667,26 +7593,27 @@ spec: type: string type: object sslEnabled: - description: Flag to enable/disable SSL communication - with Gateway, default false + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false type: boolean storageMode: - description: Indicates whether the storage - for a volume should be ThickProvisioned + description: storageMode indicates whether + the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: The ScaleIO Storage Pool associated - with the protection domain. + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. type: string system: - description: The name of the storage system - as configured in ScaleIO. + description: system is the name of the storage + system as configured in ScaleIO. type: string volumeName: - description: The name of a volume already - created in the ScaleIO system that is associated - with this volume source. + description: volumeName is the name of a volume + already created in the ScaleIO system that + is associated with this volume source. type: string required: - gateway @@ -6694,25 +7621,26 @@ spec: - system type: object secret: - description: 'Secret represents a secret that + description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'Optional: mode bits used to - set permissions on created files by default. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the - path are not affected by this setting. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits set.' + description: 'defaultMode is Optional: mode + bits used to set permissions on created + files by default. Must be an octal value + between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. + Directories within the path are not affected + by this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value + description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content @@ -6729,27 +7657,27 @@ spec: within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used - to set permissions on this file. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' + description: 'mode is Optional: mode + bits used to set permissions on this + file. Must be an octal value between + 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. If not + specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the + file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain + description: path is the relative path + of the file to map the key to. May + not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string @@ -6759,31 +7687,33 @@ spec: type: object type: array optional: - description: Specify whether the Secret or - its keys must be defined + description: optional field specify whether + the Secret or its keys must be defined type: boolean secretName: - description: 'Name of the secret in the pod''s - namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'secretName is the name of the + secret in the pod''s namespace to use. More + info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: StorageOS represents a StorageOS + description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). + description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef specifies the secret + description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. properties: @@ -6795,12 +7725,12 @@ spec: type: string type: object volumeName: - description: VolumeName is the human-readable + description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. type: string volumeNamespace: - description: VolumeNamespace specifies the + description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the @@ -6813,27 +7743,29 @@ spec: type: string type: object vsphereVolume: - description: VsphereVolume represents a vSphere + description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is filesystem type to + mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string storagePolicyID: - description: Storage Policy Based Management - (SPBM) profile ID associated with the StoragePolicyName. + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. type: string storagePolicyName: - description: Storage Policy Based Management - (SPBM) profile name. + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. type: string volumePath: - description: Path that identifies vSphere - volume vmdk + description: volumePath is the path that identifies + vSphere volume vmdk type: string required: - volumePath diff --git a/apps/training-operator/upstream/base/crds/kubeflow.org_xgboostjobs.yaml b/apps/training-operator/upstream/base/crds/kubeflow.org_xgboostjobs.yaml index 83ee077ea4..2a09adddef 100644 --- a/apps/training-operator/upstream/base/crds/kubeflow.org_xgboostjobs.yaml +++ b/apps/training-operator/upstream/base/crds/kubeflow.org_xgboostjobs.yaml @@ -466,12 +466,85 @@ spec: are ANDed. type: object type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object namespaces: description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); null - or empty list means "this pod's - namespace" + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -581,11 +654,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies - to (matches against); null or empty - list means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -697,12 +837,85 @@ spec: are ANDed. type: object type: object + namespaceSelector: + description: A label query over the + set of namespaces that the term + applies to. The term is applied + to the union of the namespaces selected + by this field and the ones listed + in the namespaces field. null selector + and null or empty namespaces list + means "this pod's namespace". An + empty selector ({}) matches all + namespaces. + properties: + matchExpressions: + description: matchExpressions + is a list of label selector + requirements. The requirements + are ANDed. + items: + description: A label selector + requirement is a selector + that contains values, a key, + and an operator that relates + the key and values. + properties: + key: + description: key is the + label key that the selector + applies to. + type: string + operator: + description: operator represents + a key's relationship to + a set of values. Valid + operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an + array of string values. + If the operator is In + or NotIn, the values array + must be non-empty. If + the operator is Exists + or DoesNotExist, the values + array must be empty. This + array is replaced during + a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a + map of {key,value} pairs. A + single {key,value} in the matchLabels + map is equivalent to an element + of matchExpressions, whose key + field is "key", the operator + is "In", and the values array + contains only "value". The requirements + are ANDed. + type: object + type: object namespaces: description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); null - or empty list means "this pod's - namespace" + a static list of namespace names + that the term applies to. The term + is applied to the union of the namespaces + listed in this field and the ones + selected by namespaceSelector. null + or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -812,11 +1025,78 @@ spec: ANDed. type: object type: object + namespaceSelector: + description: A label query over the set + of namespaces that the term applies + to. The term is applied to the union + of the namespaces selected by this field + and the ones listed in the namespaces + field. null selector and null or empty + namespaces list means "this pod's namespace". + An empty selector ({}) matches all namespaces. + properties: + matchExpressions: + description: matchExpressions is a + list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement + is a selector that contains values, + a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label + key that the selector applies + to. + type: string + operator: + description: operator represents + a key's relationship to a + set of values. Valid operators + are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array + of string values. If the operator + is In or NotIn, the values + array must be non-empty. If + the operator is Exists or + DoesNotExist, the values array + must be empty. This array + is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map + of {key,value} pairs. A single {key,value} + in the matchLabels map is equivalent + to an element of matchExpressions, + whose key field is "key", the operator + is "In", and the values array contains + only "value". The requirements are + ANDed. + type: object + type: object namespaces: - description: namespaces specifies which - namespaces the labelSelector applies - to (matches against); null or empty - list means "this pod's namespace" + description: namespaces specifies a static + list of namespace names that the term + applies to. The term is applied to the + union of the namespaces listed in this + field and the ones selected by namespaceSelector. + null or empty namespaces list and null + namespaceSelector means "this pod's + namespace". items: type: string type: array @@ -853,12 +1133,14 @@ spec: properties: args: description: 'Arguments to the entrypoint. The - docker image''s CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). + container image''s CMD is used if this is not + provided. Variable references $(VAR_NAME) are + expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for + escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' @@ -867,16 +1149,17 @@ spec: type: array command: description: 'Entrypoint array. Not executed within - a shell. The docker image''s ENTRYPOINT is used - if this is not provided. Variable references + a shell. The container image''s ENTRYPOINT is + used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array @@ -893,13 +1176,15 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) - are expanded using the previous defined + are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can - be escaped with a double $$, ie: $$(VAR_NAME). + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' @@ -1053,7 +1338,8 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments @@ -1079,9 +1365,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -1152,10 +1437,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -1182,21 +1469,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -1267,10 +1552,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -1297,9 +1584,8 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -1324,6 +1610,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1392,10 +1698,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -1413,6 +1717,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -1484,9 +1810,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -1511,6 +1836,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1579,10 +1924,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -1600,6 +1943,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -1609,7 +1974,7 @@ spec: type: object resources: description: 'Compute Resources required by this - container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: limits: additionalProperties: @@ -1620,7 +1985,7 @@ spec: x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -1634,12 +1999,14 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + description: 'SecurityContext defines the security + options the container should be run with. If + set, the fields of SecurityContext override + the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: @@ -1649,13 +2016,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -1676,7 +2046,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -1685,10 +2056,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -1696,7 +2071,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -1718,7 +2094,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -1728,7 +2105,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -1751,7 +2130,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -1782,7 +2163,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -1796,6 +2179,22 @@ spec: the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if + a container should be run as a 'Host + Process' container. This field is alpha-level + and will only be honored by components + that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed + to have a mix of HostProcess containers + and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container @@ -1818,14 +2217,11 @@ spec: parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. - This cannot be updated. This is a beta feature - enabled by the StartupProbe feature flag. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -1850,6 +2246,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -1918,10 +2334,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -1939,6 +2353,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -2136,33 +2572,35 @@ spec: and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. - This field is alpha-level and is only honored by servers - that enable the EphemeralContainers feature. + This field is beta-level and available on clusters + that haven't disabled the EphemeralContainers feature + gate. items: - description: An EphemeralContainer is a container - that may be added temporarily to an existing pod - for user-initiated activities such as debugging. - Ephemeral containers have no resource or scheduling - guarantees, and they will not be restarted when - they exit or when a pod is removed or restarted. - If an ephemeral container causes a pod to exceed - its resource allocation, the pod may be evicted. - Ephemeral containers may not be added by directly - updating the pod spec. They must be added via the - pod's ephemeralcontainers subresource, and they - will appear in the pod spec once added. This is - an alpha feature enabled by the EphemeralContainers - feature flag. + description: "An EphemeralContainer is a temporary + container that you may add to an existing Pod for + user-initiated activities such as debugging. Ephemeral + containers have no resource or scheduling guarantees, + and they will not be restarted when they exit or + when a Pod is removed or restarted. The kubelet + may evict a Pod if an ephemeral container causes + the Pod to exceed its resource allocation. \n To + add an ephemeral container, use the ephemeralcontainers + subresource of an existing Pod. Ephemeral containers + may not be removed or restarted. \n This is a beta + feature available on clusters that haven't disabled + the EphemeralContainers feature gate." properties: args: description: 'Arguments to the entrypoint. The - docker image''s CMD is used if this is not provided. + image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, regardless + string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will + produce the string literal "$(VAR_NAME)". Escaped + references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: @@ -2170,16 +2608,17 @@ spec: type: array command: description: 'Entrypoint array. Not executed within - a shell. The docker image''s ENTRYPOINT is used - if this is not provided. Variable references - $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, - the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + a shell. The image''s ENTRYPOINT is used if + this is not provided. Variable references $(VAR_NAME) + are expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for + escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array @@ -2196,13 +2635,15 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) - are expanded using the previous defined + are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can - be escaped with a double $$, ie: $$(VAR_NAME). + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' @@ -2356,7 +2797,8 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images' + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images' type: string imagePullPolicy: description: 'Image pull policy. One of Always, @@ -2377,9 +2819,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -2450,10 +2891,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -2480,21 +2923,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -2565,10 +3006,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -2594,9 +3037,8 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -2621,6 +3063,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2689,10 +3151,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2710,6 +3170,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -2764,14 +3246,17 @@ spec: - containerPort type: object type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map readinessProbe: description: Probes are not allowed for ephemeral containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -2796,6 +3281,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -2864,10 +3369,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -2885,6 +3388,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -2906,7 +3431,7 @@ spec: x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -2920,12 +3445,14 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: SecurityContext is not allowed for - ephemeral containers. + description: 'Optional: SecurityContext defines + the security options the ephemeral container + should be run with. If set, the fields of SecurityContext + override the equivalent fields of PodSecurityContext.' properties: allowPrivilegeEscalation: description: 'AllowPrivilegeEscalation controls @@ -2934,13 +3461,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -2961,7 +3491,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -2970,10 +3501,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -2981,7 +3516,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -3003,7 +3539,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -3013,7 +3550,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -3036,7 +3575,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -3067,7 +3608,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -3081,6 +3624,22 @@ spec: the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if + a container should be run as a 'Host + Process' container. This field is alpha-level + and will only be honored by components + that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed + to have a mix of HostProcess containers + and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container @@ -3098,9 +3657,8 @@ spec: containers. properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -3125,6 +3683,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3193,10 +3771,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -3214,6 +3790,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -3244,13 +3842,15 @@ spec: EOF. Default is false type: boolean targetContainerName: - description: If set, the name of the container + description: "If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set - then the ephemeral container is run in whatever - namespaces are shared for the pod. Note that - the container runtime must support this feature. + then the ephemeral container uses the namespaces + configured in the Pod spec. \n The container + runtime must implement support for this feature. + If the runtime does not support namespace targeting + then the result of setting this field is undefined." type: string terminationMessagePath: description: 'Optional: Path at which the file @@ -3303,7 +3903,8 @@ spec: type: array volumeMounts: description: Pod volumes to mount into the container's - filesystem. Cannot be updated. + filesystem. Subpath mounts are not allowed for + ephemeral containers. Cannot be updated. items: description: VolumeMount describes a mounting of a Volume within a container. @@ -3402,9 +4003,8 @@ spec: references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual - puller implementations for them to use. For example, - in the case of docker, only DockerConfig type secrets - are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + puller implementations for them to use. More info: + https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' items: description: LocalObjectReference contains enough information to let you locate the referenced object @@ -3441,12 +4041,14 @@ spec: properties: args: description: 'Arguments to the entrypoint. The - docker image''s CMD is used if this is not provided. - Variable references $(VAR_NAME) are expanded - using the container''s environment. If a variable - cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). + container image''s CMD is used if this is not + provided. Variable references $(VAR_NAME) are + expanded using the container''s environment. + If a variable cannot be resolved, the reference + in the input string will be unchanged. Double + $$ are reduced to a single $, which allows for + escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' @@ -3455,16 +4057,17 @@ spec: type: array command: description: 'Entrypoint array. Not executed within - a shell. The docker image''s ENTRYPOINT is used - if this is not provided. Variable references + a shell. The container image''s ENTRYPOINT is + used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped with a - double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether - the variable exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + Double $$ are reduced to a single $, which allows + for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless + of whether the variable exists or not. Cannot + be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' items: type: string type: array @@ -3481,13 +4084,15 @@ spec: type: string value: description: 'Variable references $(VAR_NAME) - are expanded using the previous defined + are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can - be escaped with a double $$, ie: $$(VAR_NAME). + unchanged. Double $$ are reduced to a + single $, which allows for escaping the + $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" + will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' @@ -3641,7 +4246,8 @@ spec: type: object type: array image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images + description: 'Container image name. More info: + https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments @@ -3667,9 +4273,8 @@ spec: More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -3740,10 +4345,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -3770,21 +4377,19 @@ spec: as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. - The reason for termination is passed to - the handler. The Pod''s termination grace - period countdown begins before the PreStop - hooked is executed. Regardless of the outcome - of the handler, the container will eventually - terminate within the Pod''s termination - grace period. Other management of the container - blocks until the hook completes or until - the termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' + The Pod''s termination grace period countdown + begins before the PreStop hook is executed. + Regardless of the outcome of the handler, + the container will eventually terminate + within the Pod''s termination grace period + (unless delayed by finalizers). Other management + of the container blocks until the hook completes + or until the termination grace period is + reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' properties: exec: - description: One and only one of the following - should be specified. Exec specifies - the action to take. + description: Exec specifies the action + to take. properties: command: description: Command is the command @@ -3855,10 +4460,12 @@ spec: - port type: object tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not - yet supported TODO: implement a realistic - TCP lifecycle hook' + description: Deprecated. TCPSocket is + NOT supported as a LifecycleHandler + and kept for the backward compatibility. + There are no validation of this field + and lifecycle hooks will fail in runtime + when tcp handler is specified. properties: host: description: 'Optional: Host name @@ -3885,9 +4492,8 @@ spec: Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -3912,6 +4518,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -3980,10 +4606,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4001,6 +4625,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -4072,9 +4718,8 @@ spec: More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -4099,6 +4744,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4167,10 +4832,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4188,6 +4851,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -4197,7 +4882,7 @@ spec: type: object resources: description: 'Compute Resources required by this - container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' properties: limits: additionalProperties: @@ -4208,7 +4893,7 @@ spec: x-kubernetes-int-or-string: true description: 'Limits describes the maximum amount of compute resources allowed. More - info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -4222,12 +4907,14 @@ spec: Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object securityContext: - description: 'Security options the pod should - run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ + description: 'SecurityContext defines the security + options the container should be run with. If + set, the fields of SecurityContext override + the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' properties: allowPrivilegeEscalation: @@ -4237,13 +4924,16 @@ spec: controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) - run as Privileged 2) has CAP_SYS_ADMIN' + run as Privileged 2) has CAP_SYS_ADMIN Note + that this field cannot be set when spec.os.name + is windows.' type: boolean capabilities: description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the - container runtime. + container runtime. Note that this field + cannot be set when spec.os.name is windows. properties: add: description: Added capabilities @@ -4264,7 +4954,8 @@ spec: description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults - to false. + to false. Note that this field cannot be + set when spec.os.name is windows. type: boolean procMount: description: procMount denotes the type of @@ -4273,10 +4964,14 @@ spec: container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. + Note that this field cannot be set when + spec.os.name is windows. type: string readOnlyRootFilesystem: description: Whether this container has a read-only root filesystem. Default is false. + Note that this field cannot be set when + spec.os.name is windows. type: boolean runAsGroup: description: The GID to run the entrypoint @@ -4284,7 +4979,8 @@ spec: if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -4306,7 +5002,8 @@ spec: May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes - precedence. + precedence. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer seLinuxOptions: @@ -4316,7 +5013,9 @@ spec: for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is windows. properties: level: description: Level is SELinux level label @@ -4339,7 +5038,9 @@ spec: description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container - options override the pod options. + options override the pod options. Note that + this field cannot be set when spec.os.name + is windows. properties: localhostProfile: description: localhostProfile indicates @@ -4370,7 +5071,9 @@ spec: the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. + in SecurityContext takes precedence. Note + that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where @@ -4384,6 +5087,22 @@ spec: the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if + a container should be run as a 'Host + Process' container. This field is alpha-level + and will only be honored by components + that enable the WindowsHostProcessContainers + feature flag. Setting this field without + the feature flag will result in errors + when validating the Pod. All of a Pod's + containers must have the same effective + HostProcess value (it is not allowed + to have a mix of HostProcess containers + and non-HostProcess containers). In + addition, if HostProcess is true then + HostNetwork must also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container @@ -4406,14 +5125,11 @@ spec: parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. - This cannot be updated. This is a beta feature - enabled by the StartupProbe feature flag. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' properties: exec: - description: One and only one of the following - should be specified. Exec specifies the - action to take. + description: Exec specifies the action to + take. properties: command: description: Command is the command line @@ -4438,6 +5154,26 @@ spec: value is 1. format: int32 type: integer + grpc: + description: GRPC specifies an action involving + a GRPC port. This is a beta field and requires + enabling GRPCContainerProbe feature gate. + properties: + port: + description: Port number of the gRPC service. + Number must be in the range 1 to 65535. + format: int32 + type: integer + service: + description: "Service is the name of the + service to place in the gRPC HealthCheckRequest + (see https://github.com/grpc/grpc/blob/master/doc/health-checking.md). + \n If this is not specified, the default + behavior is defined by gRPC." + type: string + required: + - port + type: object httpGet: description: HTTPGet specifies the http request to perform. @@ -4506,10 +5242,8 @@ spec: format: int32 type: integer tcpSocket: - description: 'TCPSocket specifies an action - involving a TCP port. TCP hooks not yet - supported TODO: implement a realistic TCP - lifecycle hook' + description: TCPSocket specifies an action + involving a TCP port. properties: host: description: 'Optional: Host name to connect @@ -4527,6 +5261,28 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + description: Optional duration in seconds + the pod needs to terminate gracefully upon + probe failure. The grace period is the duration + in seconds after the processes running in + the pod are sent a termination signal and + the time when the processes are forcibly + halted with a kill signal. Set this value + longer than the expected cleanup time for + your process. If this value is nil, the + pod's terminationGracePeriodSeconds will + be used. Otherwise, this value overrides + the value provided by the pod spec. Value + must be non-negative integer. The value + zero indicates stop immediately via the + kill signal (no opportunity to shut down). + This is a beta field and requires enabling + ProbeTerminationGracePeriod feature gate. + Minimum value is 1. spec.terminationGracePeriodSeconds + is used if unset. + format: int64 + type: integer timeoutSeconds: description: 'Number of seconds after which the probe times out. Defaults to 1 second. @@ -4676,6 +5432,40 @@ spec: must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' type: object + x-kubernetes-map-type: atomic + os: + description: "Specifies the OS of the containers in + the pod. Some pod and container fields are restricted + if this is set. \n If the OS field is set to linux, + the following fields must be unset: -securityContext.windowsOptions + \n If the OS field is set to windows, following fields + must be unset: - spec.hostPID - spec.hostIPC - spec.securityContext.seLinuxOptions + - spec.securityContext.seccompProfile - spec.securityContext.fsGroup + - spec.securityContext.fsGroupChangePolicy - spec.securityContext.sysctls + - spec.shareProcessNamespace - spec.securityContext.runAsUser + - spec.securityContext.runAsGroup - spec.securityContext.supplementalGroups + - spec.containers[*].securityContext.seLinuxOptions + - spec.containers[*].securityContext.seccompProfile + - spec.containers[*].securityContext.capabilities + - spec.containers[*].securityContext.readOnlyRootFilesystem + - spec.containers[*].securityContext.privileged - + spec.containers[*].securityContext.allowPrivilegeEscalation + - spec.containers[*].securityContext.procMount - spec.containers[*].securityContext.runAsUser + - spec.containers[*].securityContext.runAsGroup This + is a beta field and requires the IdentifyPodOS feature" + properties: + name: + description: 'Name is the name of the operating + system. The currently supported values are linux + and windows. Additional value may be defined in + future and can be one of: https://github.com/opencontainers/runtime-spec/blob/master/config.md#platform-specific-configuration + Clients should expect to handle additional values + and treat unrecognized values in this field as + os: null' + type: string + required: + - name + type: object overhead: additionalProperties: anyOf: @@ -4694,17 +5484,12 @@ spec: and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. - More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md - This field is alpha-level as of Kubernetes v1.16, - and is only honored by servers that enable the PodOverhead - feature.' + More info: https://git.k8s.io/enhancements/keps/sig-node/688-pod-overhead/README.md' type: object preemptionPolicy: description: PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. - Defaults to PreemptLowerPriority if unset. This field - is beta-level, gated by the NonPreemptingPriority - feature-gate. + Defaults to PreemptLowerPriority if unset. type: string priority: description: The priority value. Various system components @@ -4729,7 +5514,7 @@ spec: be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" - More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' + More info: https://git.k8s.io/enhancements/keps/sig-network/580-pod-readiness-gates' items: description: PodReadinessGate contains the reference to a pod condition @@ -4755,8 +5540,7 @@ spec: or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: - https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is a beta feature as of Kubernetes v1.14.' + https://git.k8s.io/enhancements/keps/sig-node/585-runtime-class' type: string schedulerName: description: If specified, the pod will be dispatched @@ -4778,7 +5562,9 @@ spec: is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not - modify the ownership and permissions of any volume." + modify the ownership and permissions of any volume. + Note that this field cannot be set when spec.os.name + is windows." format: int64 type: integer fsGroupChangePolicy: @@ -4789,7 +5575,9 @@ spec: based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults to "Always".' + and "Always". If not specified, "Always" is used. + Note that this field cannot be set when spec.os.name + is windows.' type: string runAsGroup: description: The GID to run the entrypoint of the @@ -4797,7 +5585,8 @@ spec: May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot + be set when spec.os.name is windows. format: int64 type: integer runAsNonRoot: @@ -4818,6 +5607,8 @@ spec: set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. + Note that this field cannot be set when spec.os.name + is windows. format: int64 type: integer seLinuxOptions: @@ -4827,7 +5618,8 @@ spec: for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence - for that container. + for that container. Note that this field cannot + be set when spec.os.name is windows. properties: level: description: Level is SELinux level label that @@ -4848,7 +5640,8 @@ spec: type: object seccompProfile: description: The seccomp options to use by the containers - in this pod. + in this pod. Note that this field cannot be set + when spec.os.name is windows. properties: localhostProfile: description: localhostProfile indicates a profile @@ -4874,7 +5667,9 @@ spec: description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, - no groups will be added to any container. + no groups will be added to any container. Note + that this field cannot be set when spec.os.name + is windows. items: format: int64 type: integer @@ -4883,6 +5678,8 @@ spec: description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. + Note that this field cannot be set when spec.os.name + is windows. items: description: Sysctl defines a kernel parameter to be set @@ -4904,6 +5701,8 @@ spec: within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + Note that this field cannot be set when spec.os.name + is linux. properties: gmsaCredentialSpec: description: GMSACredentialSpec is where the @@ -4915,6 +5714,20 @@ spec: description: GMSACredentialSpecName is the name of the GMSA credential spec to use. type: string + hostProcess: + description: HostProcess determines if a container + should be run as a 'Host Process' container. + This field is alpha-level and will only be + honored by components that enable the WindowsHostProcessContainers + feature flag. Setting this field without the + feature flag will result in errors when validating + the Pod. All of a Pod's containers must have + the same effective HostProcess value (it is + not allowed to have a mix of HostProcess containers + and non-HostProcess containers). In addition, + if HostProcess is true then HostNetwork must + also be set to true. + type: boolean runAsUserName: description: The UserName in Windows to run the entrypoint of the container process. Defaults @@ -4966,10 +5779,11 @@ spec: description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value - zero indicates delete immediately. If this value is - nil, the default grace period will be used instead. - The grace period is the duration in seconds after - the processes running in the pod are sent a termination + zero indicates stop immediately via the kill signal + (no opportunity to shut down). If this value is nil, + the default grace period will be used instead. The + grace period is the duration in seconds after the + processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults @@ -5089,28 +5903,69 @@ spec: `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and - the global minimum. For example, in a 3-zone + the global minimum. The global minimum is the + minimum number of matching pods in an eligible + domain or zero if the number of eligible domains + is less than MinDomains. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with - the same labelSelector spread as 1/1/0: | zone1 - | zone2 | zone3 | | P | P | | - - if MaxSkew is 1, incoming pod can only be - scheduled to zone3 to become 1/1/1; scheduling - it onto zone1(zone2) would make the ActualSkew(2-0) - on zone1(zone2) violate MaxSkew(1). - if MaxSkew - is 2, incoming pod can be scheduled onto any - zone. When `whenUnsatisfiable=ScheduleAnyway`, + the same labelSelector spread as 2/2/1: In this + case, the global minimum is 1. | zone1 | zone2 + | zone3 | | P P | P P | P | - if MaxSkew + is 1, incoming pod can only be scheduled to + zone3 to become 2/2/2; scheduling it onto zone1(zone2) + would make the ActualSkew(3-1) on zone1(zone2) + violate MaxSkew(1). - if MaxSkew is 2, incoming + pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It''s a required field. Default value is 1 and 0 is not allowed.' format: int32 type: integer + minDomains: + description: "MinDomains indicates a minimum number + of eligible domains. When the number of eligible + domains with matching topology keys is less + than minDomains, Pod Topology Spread treats + \"global minimum\" as 0, and then the calculation + of Skew is performed. And when the number of + eligible domains with matching topology keys + equals or greater than minDomains, this value + has no effect on scheduling. As a result, when + the number of eligible domains is less than + minDomains, scheduler won't schedule more than + maxSkew Pods to those domains. If value is nil, + the constraint behaves as if MinDomains is equal + to 1. Valid values are integers greater than + 0. When value is not nil, WhenUnsatisfiable + must be DoNotSchedule. \n For example, in a + 3-zone cluster, MaxSkew is set to 2, MinDomains + is set to 5 and pods with the same labelSelector + spread as 2/2/2: | zone1 | zone2 | zone3 | | + \ P P | P P | P P | The number of domains + is less than 5(MinDomains), so \"global minimum\" + is treated as 0. In this situation, new pod + with the same labelSelector cannot be scheduled, + because computed skew will be 3(3 - 0) if new + Pod is scheduled to any of the three zones, + it will violate MaxSkew. \n This is an alpha + field and requires enabling MinDomainsInPodTopologySpread + feature gate." + format: int32 + type: integer topologyKey: description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into - each bucket. It's a required field. + each bucket. We define a domain as a particular + instance of a topology. Also, we define an eligible + domain as a domain whose nodes match the node + selector. e.g. If TopologyKey is "kubernetes.io/hostname", + each Node is a domain of that topology. And, + if TopologyKey is "topology.kubernetes.io/zone", + each zone is a domain of that topology. It's + a required field. type: string whenUnsatisfiable: description: 'WhenUnsatisfiable indicates how @@ -5122,7 +5977,7 @@ spec: topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible - node assigment for that pod would violate "MaxSkew" + node assignment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 @@ -5153,77 +6008,78 @@ spec: pod. properties: awsElasticBlockStore: - description: 'AWSElasticBlockStore represents + description: 'awsElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' properties: fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore + description: 'fsType is the filesystem type + of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume - that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the - property empty).' + description: 'partition is the partition in + the volume that you want to mount. If omitted, + the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can + leave the property empty).' format: int32 type: integer readOnly: - description: 'Specify "true" to force and - set the ReadOnly property in VolumeMounts - to "true". If omitted, the default is "false". - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'readOnly value true will force + the readOnly setting in VolumeMounts. More + info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: boolean volumeID: - description: 'Unique ID of the persistent - disk resource in AWS (Amazon EBS volume). - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' + description: 'volumeID is unique ID of the + persistent disk resource in AWS (Amazon + EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' type: string required: - volumeID type: object azureDisk: - description: AzureDisk represents an Azure Data + description: azureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. properties: cachingMode: - description: 'Host Caching mode: None, Read - Only, Read Write.' + description: 'cachingMode is the Host Caching + mode: None, Read Only, Read Write.' type: string diskName: - description: The Name of the data disk in - the blob storage + description: diskName is the Name of the data + disk in the blob storage type: string diskURI: - description: The URI the data disk in the - blob storage + description: diskURI is the URI of data disk + in the blob storage type: string fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is Filesystem type to + mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string kind: - description: 'Expected values Shared: multiple - blob disks per storage account Dedicated: + description: 'kind expected values are Shared: + multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' type: string readOnly: - description: Defaults to false (read/write). + description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean @@ -5232,56 +6088,59 @@ spec: - diskURI type: object azureFile: - description: AzureFile represents an Azure File + description: azureFile represents an Azure File Service mount on the host and bind mount to the pod. properties: readOnly: - description: Defaults to false (read/write). + description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretName: - description: the name of secret that contains - Azure Storage Account Name and Key + description: secretName is the name of secret + that contains Azure Storage Account Name + and Key type: string shareName: - description: Share Name + description: shareName is the azure share + Name type: string required: - secretName - shareName type: object cephfs: - description: CephFS represents a Ceph FS mount + description: cephFS represents a Ceph FS mount on the host that shares a pod's lifetime properties: monitors: - description: 'Required: Monitors is a collection - of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'monitors is Required: Monitors + is a collection of Ceph monitors More info: + https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' items: type: string type: array path: - description: 'Optional: Used as the mounted - root, rather than the full Ceph tree, default - is /' + description: 'path is Optional: Used as the + mounted root, rather than the full Ceph + tree, default is /' type: string readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts. More info: - https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'readOnly is Optional: Defaults + to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts. + More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: boolean secretFile: - description: 'Optional: SecretFile is the - path to key ring for User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretFile is Optional: SecretFile + is the path to key ring for User, default + is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string secretRef: - description: 'Optional: SecretRef is reference - to the authentication secret for User, default - is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'secretRef is Optional: SecretRef + is reference to the authentication secret + for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' properties: name: description: 'Name of the referent. More @@ -5291,34 +6150,35 @@ spec: type: string type: object user: - description: 'Optional: User is the rados - user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' + description: 'user is optional: User is the + rados user name, default is admin More info: + https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' type: string required: - monitors type: object cinder: - description: 'Cinder represents a cinder volume + description: 'cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' properties: fsType: - description: 'Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://examples.k8s.io/mysql-cinder-pd/README.md' type: string readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' + description: 'readOnly defaults to false (read/write). + ReadOnly here will force the ReadOnly setting + in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: boolean secretRef: - description: 'Optional: points to a secret - object containing parameters used to connect - to OpenStack.' + description: 'secretRef is optional: points + to a secret object containing parameters + used to connect to OpenStack.' properties: name: description: 'Name of the referent. More @@ -5328,32 +6188,33 @@ spec: type: string type: object volumeID: - description: 'volume id used to identify the + description: 'volumeID used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' type: string required: - volumeID type: object configMap: - description: ConfigMap represents a configMap + description: configMap represents a configMap that should populate this volume properties: defaultMode: - description: 'Optional: mode bits used to - set permissions on created files by default. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the - path are not affected by this setting. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits set.' + description: 'defaultMode is optional: mode + bits used to set permissions on created + files by default. Must be an octal value + between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. + Directories within the path are not affected + by this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value + description: items if unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content @@ -5370,27 +6231,27 @@ spec: within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used - to set permissions on this file. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' + description: 'mode is Optional: mode + bits used to set permissions on this + file. Must be an octal value between + 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. If not + specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the + file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain + description: path is the relative path + of the file to map the key to. May + not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string @@ -5406,30 +6267,30 @@ spec: kind, uid?' type: string optional: - description: Specify whether the ConfigMap - or its keys must be defined + description: optional specify whether the + ConfigMap or its keys must be defined type: boolean type: object csi: - description: CSI (Container Storage Interface) + description: csi (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). properties: driver: - description: Driver is the name of the CSI + description: driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. type: string fsType: - description: Filesystem type to mount. Ex. - "ext4", "xfs", "ntfs". If not provided, - the empty value is passed to the associated - CSI driver which will determine the default - filesystem to apply. + description: fsType to mount. Ex. "ext4", + "xfs", "ntfs". If not provided, the empty + value is passed to the associated CSI driver + which will determine the default filesystem + to apply. type: string nodePublishSecretRef: - description: NodePublishSecretRef is a reference + description: nodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume @@ -5446,13 +6307,14 @@ spec: type: string type: object readOnly: - description: Specifies a read-only configuration - for the volume. Defaults to false (read/write). + description: readOnly specifies a read-only + configuration for the volume. Defaults to + false (read/write). type: boolean volumeAttributes: additionalProperties: type: string - description: VolumeAttributes stores driver-specific + description: volumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. @@ -5461,7 +6323,7 @@ spec: - driver type: object downwardAPI: - description: DownwardAPI represents downward API + description: downwardAPI represents downward API about the pod that should populate this volume properties: defaultMode: @@ -5562,62 +6424,59 @@ spec: type: array type: object emptyDir: - description: 'EmptyDir represents a temporary + description: 'emptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' properties: medium: - description: 'What type of storage medium - should back this directory. The default - is "" which means to use the node''s default - medium. Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' + description: 'medium represents what type + of storage medium should back this directory. + The default is "" which means to use the + node''s default medium. Must be an empty + string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' type: string sizeLimit: anyOf: - type: integer - type: string - description: 'Total amount of local storage - required for this EmptyDir volume. The size - limit is also applicable for memory medium. - The maximum usage on memory medium EmptyDir - would be the minimum value between the SizeLimit - specified here and the sum of memory limits - of all containers in a pod. The default - is nil which means that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' + description: 'sizeLimit is the total amount + of local storage required for this EmptyDir + volume. The size limit is also applicable + for memory medium. The maximum usage on + memory medium EmptyDir would be the minimum + value between the SizeLimit specified here + and the sum of memory limits of all containers + in a pod. The default is nil which means + that the limit is undefined. More info: + http://kubernetes.io/docs/user-guide/volumes#emptydir' pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object ephemeral: - description: "Ephemeral represents a volume that - is handled by a cluster storage driver (Alpha - feature). The volume's lifecycle is tied to - the pod that defines it - it will be created - before the pod starts, and deleted when the - pod is removed. \n Use this if: a) the volume - is only needed while the pod runs, b) features - of normal volumes like restoring from snapshot - or capacity tracking are needed, c) the storage - driver is specified through a storage class, - and d) the storage driver supports dynamic volume - provisioning through a PersistentVolumeClaim - (see EphemeralVolumeSource for more information - on the connection between this volume type and - PersistentVolumeClaim). \n Use PersistentVolumeClaim - or one of the vendor-specific APIs for volumes - that persist for longer than the lifecycle of - an individual pod. \n Use CSI for light-weight - local ephemeral volumes if the CSI driver is - meant to be used that way - see the documentation - of the driver for more information. \n A pod - can use both types of ephemeral volumes and - persistent volumes at the same time." + description: "ephemeral represents a volume that + is handled by a cluster storage driver. The + volume's lifecycle is tied to the pod that defines + it - it will be created before the pod starts, + and deleted when the pod is removed. \n Use + this if: a) the volume is only needed while + the pod runs, b) features of normal volumes + like restoring from snapshot or capacity tracking + are needed, c) the storage driver is specified + through a storage class, and d) the storage + driver supports dynamic volume provisioning + through a PersistentVolumeClaim (see EphemeralVolumeSource + for more information on the connection between + this volume type and PersistentVolumeClaim). + \n Use PersistentVolumeClaim or one of the vendor-specific + APIs for volumes that persist for longer than + the lifecycle of an individual pod. \n Use CSI + for light-weight local ephemeral volumes if + the CSI driver is meant to be used that way + - see the documentation of the driver for more + information. \n A pod can use both types of + ephemeral volumes and persistent volumes at + the same time." properties: - readOnly: - description: Specifies a read-only configuration - for the volume. Defaults to false (read/write). - type: boolean volumeClaimTemplate: description: "Will be used to create a stand-alone PVC to provision the volume. The pod in @@ -5677,34 +6536,82 @@ spec: are also valid here. properties: accessModes: - description: 'AccessModes contains + description: 'accessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' items: type: string type: array dataSource: - description: 'This field can be used - to specify either: * An existing - VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot - - Beta) * An existing PVC (PersistentVolumeClaim) - * An existing custom resource/object - that implements data population - (Alpha) In order to use VolumeSnapshot - object types, the appropriate feature - gate must be enabled (VolumeSnapshotDataSource - or AnyVolumeDataSource) If the provisioner - or an external controller can support - the specified data source, it will - create a new volume based on the - contents of the specified data source. - If the specified data source is - not supported, the volume will not - be created and the failure will - be reported as an event. In the - future, we plan to support more - data source types and the behavior - of the provisioner may change.' + description: 'dataSource field can + be used to specify either: * An + existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) + * An existing PVC (PersistentVolumeClaim) + If the provisioner or an external + controller can support the specified + data source, it will create a new + volume based on the contents of + the specified data source. If the + AnyVolumeDataSource feature gate + is enabled, this field will always + have the same contents as the DataSourceRef + field.' + properties: + apiGroup: + description: APIGroup is the group + for the resource being referenced. + If APIGroup is not specified, + the specified Kind must be in + the core API group. For any + other third-party types, APIGroup + is required. + type: string + kind: + description: Kind is the type + of resource being referenced + type: string + name: + description: Name is the name + of resource being referenced + type: string + required: + - kind + - name + type: object + dataSourceRef: + description: 'dataSourceRef specifies + the object from which to populate + the volume with data, if a non-empty + volume is desired. This may be any + local object from a non-empty API + group (non core object) or a PersistentVolumeClaim + object. When this field is specified, + volume binding will only succeed + if the type of the specified object + matches some installed volume populator + or dynamic provisioner. This field + will replace the functionality of + the DataSource field and as such + if both fields are non-empty, they + must have the same value. For backwards + compatibility, both fields (DataSource + and DataSourceRef) will be set to + the same value automatically if + one of them is empty and the other + is non-empty. There are two important + differences between DataSource and + DataSourceRef: * While DataSource + only allows two specific types of + objects, DataSourceRef allows + any non-core object, as well as + PersistentVolumeClaim objects. * + While DataSource ignores disallowed + values (dropping them), DataSourceRef preserves + all values, and generates an error + if a disallowed value is specified. + (Beta) Using this field requires + the AnyVolumeDataSource feature + gate to be enabled.' properties: apiGroup: description: APIGroup is the group @@ -5728,9 +6635,15 @@ spec: - name type: object resources: - description: 'Resources represents + description: 'resources represents the minimum resources the volume - should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' + should have. If RecoverVolumeExpansionFailure + feature is enabled users are allowed + to specify resource requirements + that are lower than previous value + but must still be higher than capacity + recorded in the status field of + the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' properties: limits: additionalProperties: @@ -5742,7 +6655,7 @@ spec: description: 'Limits describes the maximum amount of compute resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object requests: additionalProperties: @@ -5758,12 +6671,12 @@ spec: it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' type: object type: object selector: - description: A label query over volumes - to consider for binding. + description: selector is a label query + over volumes to consider for binding. properties: matchExpressions: description: matchExpressions @@ -5823,9 +6736,9 @@ spec: type: object type: object storageClassName: - description: 'Name of the StorageClass - required by the claim. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' + description: 'storageClassName is + the name of the StorageClass required + by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' type: string volumeMode: description: volumeMode defines what @@ -5834,7 +6747,7 @@ spec: when not included in claim spec. type: string volumeName: - description: VolumeName is the binding + description: volumeName is the binding reference to the PersistentVolume backing this claim. type: string @@ -5844,77 +6757,79 @@ spec: type: object type: object fc: - description: FC represents a Fibre Channel resource + description: fc represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. properties: fsType: - description: 'Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem - from compromising the machine' + description: 'fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. TODO: how do we prevent + errors in the filesystem from compromising + the machine' type: string lun: - description: 'Optional: FC target lun number' + description: 'lun is Optional: FC target lun + number' format: int32 type: integer readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts.' + description: 'readOnly is Optional: Defaults + to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' type: boolean targetWWNs: - description: 'Optional: FC target worldwide - names (WWNs)' + description: 'targetWWNs is Optional: FC target + worldwide names (WWNs)' items: type: string type: array wwids: - description: 'Optional: FC volume world wide - identifiers (wwids) Either wwids or combination - of targetWWNs and lun must be set, but not - both simultaneously.' + description: 'wwids Optional: FC volume world + wide identifiers (wwids) Either wwids or + combination of targetWWNs and lun must be + set, but not both simultaneously.' items: type: string type: array type: object flexVolume: - description: FlexVolume represents a generic volume + description: flexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. properties: driver: - description: Driver is the name of the driver + description: driver is the name of the driver to use for this volume. type: string fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends on FlexVolume - script. + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". The default filesystem depends + on FlexVolume script. type: string options: additionalProperties: type: string - description: 'Optional: Extra command options - if any.' + description: 'options is Optional: this field + holds extra command options if any.' type: object readOnly: - description: 'Optional: Defaults to false - (read/write). ReadOnly here will force the - ReadOnly setting in VolumeMounts.' + description: 'readOnly is Optional: defaults + to false (read/write). ReadOnly here will + force the ReadOnly setting in VolumeMounts.' type: boolean secretRef: - description: 'Optional: SecretRef is reference - to the secret object containing sensitive - information to pass to the plugin scripts. - This may be empty if no secret object is - specified. If the secret object contains - more than one secret, all secrets are passed - to the plugin scripts.' + description: 'secretRef is Optional: secretRef + is reference to the secret object containing + sensitive information to pass to the plugin + scripts. This may be empty if no secret + object is specified. If the secret object + contains more than one secret, all secrets + are passed to the plugin scripts.' properties: name: description: 'Name of the referent. More @@ -5927,53 +6842,55 @@ spec: - driver type: object flocker: - description: Flocker represents a Flocker volume + description: flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running properties: datasetName: - description: Name of the dataset stored as - metadata -> name on the dataset for Flocker - should be considered as deprecated + description: datasetName is Name of the dataset + stored as metadata -> name on the dataset + for Flocker should be considered as deprecated type: string datasetUUID: - description: UUID of the dataset. This is - unique identifier of a Flocker dataset + description: datasetUUID is the UUID of the + dataset. This is unique identifier of a + Flocker dataset type: string type: object gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE + description: 'gcePersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' properties: fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk + description: 'fsType is filesystem type of + the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' type: string partition: - description: 'The partition in the volume - that you want to mount. If omitted, the - default is to mount by volume name. Examples: - For volume /dev/sda1, you specify the partition - as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the - property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'partition is the partition in + the volume that you want to mount. If omitted, + the default is to mount by volume name. + Examples: For volume /dev/sda1, you specify + the partition as "1". Similarly, the volume + partition for /dev/sda is "0" (or you can + leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' format: int32 type: integer pdName: - description: 'Unique name of the PD resource - in GCE. Used to identify the disk in GCE. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' + description: 'pdName is unique name of the + PD resource in GCE. Used to identify the + disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' type: boolean @@ -5981,7 +6898,7 @@ spec: - pdName type: object gitRepo: - description: 'GitRepo represents a git repository + description: 'gitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer @@ -5989,39 +6906,39 @@ spec: EmptyDir into the Pod''s container.' properties: directory: - description: Target directory name. Must not - contain or start with '..'. If '.' is supplied, - the volume directory will be the git repository. Otherwise, - if specified, the volume will contain the - git repository in the subdirectory with - the given name. + description: directory is the target directory + name. Must not contain or start with '..'. If + '.' is supplied, the volume directory will + be the git repository. Otherwise, if specified, + the volume will contain the git repository + in the subdirectory with the given name. type: string repository: - description: Repository URL + description: repository is the URL type: string revision: - description: Commit hash for the specified - revision. + description: revision is the commit hash for + the specified revision. type: string required: - repository type: object glusterfs: - description: 'Glusterfs represents a Glusterfs + description: 'glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' properties: endpoints: - description: 'EndpointsName is the endpoint - name that details Glusterfs topology. More - info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' + description: 'endpoints is the endpoint name + that details Glusterfs topology. More info: + https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string path: - description: 'Path is the Glusterfs volume + description: 'path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' @@ -6031,7 +6948,7 @@ spec: - path type: object hostPath: - description: 'HostPath represents a pre-existing + description: 'hostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things @@ -6042,76 +6959,79 @@ spec: mount host directories as read/write.' properties: path: - description: 'Path of the directory on the + description: 'path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string type: - description: 'Type for HostPath Volume Defaults + description: 'type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' type: string required: - path type: object iscsi: - description: 'ISCSI represents an ISCSI Disk resource + description: 'iscsi represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' properties: chapAuthDiscovery: - description: whether support iSCSI Discovery - CHAP authentication + description: chapAuthDiscovery defines whether + support iSCSI Discovery CHAP authentication type: boolean chapAuthSession: - description: whether support iSCSI Session - CHAP authentication + description: chapAuthSession defines whether + support iSCSI Session CHAP authentication type: boolean fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi + description: 'fsType is the filesystem type + of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' type: string initiatorName: - description: Custom iSCSI Initiator Name. - If initiatorName is specified with iscsiInterface - simultaneously, new iSCSI interface : will be created for - the connection. + description: initiatorName is the custom iSCSI + Initiator Name. If initiatorName is specified + with iscsiInterface simultaneously, new + iSCSI interface : will be created for the connection. type: string iqn: - description: Target iSCSI Qualified Name. + description: iqn is the target iSCSI Qualified + Name. type: string iscsiInterface: - description: iSCSI Interface Name that uses - an iSCSI transport. Defaults to 'default' - (tcp). + description: iscsiInterface is the interface + Name that uses an iSCSI transport. Defaults + to 'default' (tcp). type: string lun: - description: iSCSI Target Lun number. + description: lun represents iSCSI Target Lun + number. format: int32 type: integer portals: - description: iSCSI Target Portal List. The - portal is either an IP or ip_addr:port if - the port is other than default (typically + description: portals is the iSCSI Target Portal + List. The portal is either an IP or ip_addr:port + if the port is other than default (typically TCP ports 860 and 3260). items: type: string type: array readOnly: - description: ReadOnly here will force the + description: readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. type: boolean secretRef: - description: CHAP Secret for iSCSI target - and initiator authentication + description: secretRef is the CHAP Secret + for iSCSI target and initiator authentication properties: name: description: 'Name of the referent. More @@ -6121,10 +7041,10 @@ spec: type: string type: object targetPortal: - description: iSCSI Target Portal. The Portal - is either an IP or ip_addr:port if the port - is other than default (typically TCP ports - 860 and 3260). + description: targetPortal is iSCSI Target + Portal. The Portal is either an IP or ip_addr:port + if the port is other than default (typically + TCP ports 860 and 3260). type: string required: - iqn @@ -6132,26 +7052,26 @@ spec: - targetPortal type: object name: - description: 'Volume''s name. Must be a DNS_LABEL + description: 'name of the volume. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string nfs: - description: 'NFS represents an NFS mount on the + description: 'nfs represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' properties: path: - description: 'Path that is exported by the + description: 'path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: boolean server: - description: 'Server is the hostname or IP + description: 'server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' type: string required: @@ -6159,99 +7079,101 @@ spec: - server type: object persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource + description: 'persistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' properties: claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim + description: 'claimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' type: string readOnly: - description: Will force the ReadOnly setting - in VolumeMounts. Default false. + description: readOnly Will force the ReadOnly + setting in VolumeMounts. Default false. type: boolean required: - claimName type: object photonPersistentDisk: - description: PhotonPersistentDisk represents a + description: photonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string pdID: - description: ID that identifies Photon Controller - persistent disk + description: pdID is the ID that identifies + Photon Controller persistent disk type: string required: - pdID type: object portworxVolume: - description: PortworxVolume represents a portworx + description: portworxVolume represents a portworx volume attached and mounted on kubelets host machine properties: fsType: - description: FSType represents the filesystem + description: fSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). + description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean volumeID: - description: VolumeID uniquely identifies + description: volumeID uniquely identifies a Portworx volume type: string required: - volumeID type: object projected: - description: Items for all in one resources secrets, - configmaps, and downward API + description: projected items for all in one resources + secrets, configmaps, and downward API properties: defaultMode: - description: Mode bits used to set permissions - on created files by default. Must be an - octal value between 0000 and 0777 or a decimal - value between 0 and 511. YAML accepts both - octal and decimal values, JSON requires - decimal values for mode bits. Directories - within the path are not affected by this - setting. This might be in conflict with - other options that affect the file mode, - like fsGroup, and the result can be other - mode bits set. + description: defaultMode are the mode bits + used to set permissions on created files + by default. Must be an octal value between + 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal and decimal + values, JSON requires decimal values for + mode bits. Directories within the path are + not affected by this setting. This might + be in conflict with other options that affect + the file mode, like fsGroup, and the result + can be other mode bits set. format: int32 type: integer sources: - description: list of volume projections + description: sources is the list of volume + projections items: description: Projection that may be projected along with other supported volume types properties: configMap: - description: information about the configMap - data to project + description: configMap information about + the configMap data to project properties: items: - description: If unspecified, each - key-value pair in the Data field - of the referenced ConfigMap will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, + description: items if unspecified, + each key-value pair in the Data + field of the referenced ConfigMap + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. @@ -6266,11 +7188,12 @@ spec: to a path within a volume. properties: key: - description: The key to project. + description: key is the key + to project. type: string mode: - description: 'Optional: mode - bits used to set permissions + description: 'mode is Optional: + mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value @@ -6288,7 +7211,7 @@ spec: format: int32 type: integer path: - description: The relative + description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain @@ -6308,14 +7231,14 @@ spec: apiVersion, kind, uid?' type: string optional: - description: Specify whether the - ConfigMap or its keys must be - defined + description: optional specify whether + the ConfigMap or its keys must + be defined type: boolean type: object downwardAPI: - description: information about the downwardAPI - data to project + description: downwardAPI information + about the downwardAPI data to project properties: items: description: Items is a list of @@ -6412,16 +7335,16 @@ spec: type: array type: object secret: - description: information about the secret - data to project + description: secret information about + the secret data to project properties: items: - description: If unspecified, each - key-value pair in the Data field - of the referenced Secret will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, + description: items if unspecified, + each key-value pair in the Data + field of the referenced Secret + will be projected into the volume + as a file whose name is the key + and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. @@ -6436,11 +7359,12 @@ spec: to a path within a volume. properties: key: - description: The key to project. + description: key is the key + to project. type: string mode: - description: 'Optional: mode - bits used to set permissions + description: 'mode is Optional: + mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value @@ -6458,7 +7382,7 @@ spec: format: int32 type: integer path: - description: The relative + description: path is the relative path of the file to map the key to. May not be an absolute path. May not contain @@ -6478,16 +7402,18 @@ spec: apiVersion, kind, uid?' type: string optional: - description: Specify whether the - Secret or its key must be defined + description: optional field specify + whether the Secret or its key + must be defined type: boolean type: object serviceAccountToken: - description: information about the serviceAccountToken + description: serviceAccountToken is + information about the serviceAccountToken data to project properties: audience: - description: Audience is the intended + description: audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in @@ -6497,7 +7423,7 @@ spec: of the apiserver. type: string expirationSeconds: - description: ExpirationSeconds is + description: expirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, @@ -6513,7 +7439,7 @@ spec: format: int64 type: integer path: - description: Path is the path relative + description: path is the path relative to the mount point of the file to project the token into. type: string @@ -6522,41 +7448,39 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: - description: Quobyte represents a Quobyte mount + description: quobyte represents a Quobyte mount on the host that shares a pod's lifetime properties: group: - description: Group to map volume access to + description: group to map volume access to Default is no group type: string readOnly: - description: ReadOnly here will force the + description: readOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. type: boolean registry: - description: Registry represents a single + description: registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes type: string tenant: - description: Tenant owning the given Quobyte + description: tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin type: string user: - description: User to map volume access to + description: user to map volume access to Defaults to serivceaccount user type: string volume: - description: Volume is a string that references + description: volume is a string that references an already created Quobyte volume by name. type: string required: @@ -6564,46 +7488,47 @@ spec: - volume type: object rbd: - description: 'RBD represents a Rados Block Device + description: 'rbd represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' properties: fsType: - description: 'Filesystem type of the volume - that you want to mount. Tip: Ensure that - the filesystem type is supported by the - host operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred to be - "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd + description: 'fsType is the filesystem type + of the volume that you want to mount. Tip: + Ensure that the filesystem type is supported + by the host operating system. Examples: + "ext4", "xfs", "ntfs". Implicitly inferred + to be "ext4" if unspecified. More info: + https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' type: string image: - description: 'The rados image name. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'image is the rados image name. + More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string keyring: - description: 'Keyring is the path to key ring + description: 'keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string monitors: - description: 'A collection of Ceph monitors. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'monitors is a collection of + Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' items: type: string type: array pool: - description: 'The rados pool name. Default - is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'pool is the rados pool name. + Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string readOnly: - description: 'ReadOnly here will force the + description: 'readOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: boolean secretRef: - description: 'SecretRef is name of the authentication + description: 'secretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' properties: @@ -6615,38 +7540,39 @@ spec: type: string type: object user: - description: 'The rados user name. Default - is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' + description: 'user is the rados user name. + Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' type: string required: - image - monitors type: object scaleIO: - description: ScaleIO represents a ScaleIO persistent + description: scaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Default is "xfs". type: string gateway: - description: The host address of the ScaleIO - API Gateway. + description: gateway is the host address of + the ScaleIO API Gateway. type: string protectionDomain: - description: The name of the ScaleIO Protection - Domain for the configured storage. + description: protectionDomain is the name + of the ScaleIO Protection Domain for the + configured storage. type: string readOnly: - description: Defaults to false (read/write). + description: readOnly Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef references to the secret + description: secretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. @@ -6659,26 +7585,27 @@ spec: type: string type: object sslEnabled: - description: Flag to enable/disable SSL communication - with Gateway, default false + description: sslEnabled Flag enable/disable + SSL communication with Gateway, default + false type: boolean storageMode: - description: Indicates whether the storage - for a volume should be ThickProvisioned + description: storageMode indicates whether + the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. type: string storagePool: - description: The ScaleIO Storage Pool associated - with the protection domain. + description: storagePool is the ScaleIO Storage + Pool associated with the protection domain. type: string system: - description: The name of the storage system - as configured in ScaleIO. + description: system is the name of the storage + system as configured in ScaleIO. type: string volumeName: - description: The name of a volume already - created in the ScaleIO system that is associated - with this volume source. + description: volumeName is the name of a volume + already created in the ScaleIO system that + is associated with this volume source. type: string required: - gateway @@ -6686,25 +7613,26 @@ spec: - system type: object secret: - description: 'Secret represents a secret that + description: 'secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' properties: defaultMode: - description: 'Optional: mode bits used to - set permissions on created files by default. - Must be an octal value between 0000 and - 0777 or a decimal value between 0 and 511. - YAML accepts both octal and decimal values, - JSON requires decimal values for mode bits. - Defaults to 0644. Directories within the - path are not affected by this setting. This - might be in conflict with other options - that affect the file mode, like fsGroup, - and the result can be other mode bits set.' + description: 'defaultMode is Optional: mode + bits used to set permissions on created + files by default. Must be an octal value + between 0000 and 0777 or a decimal value + between 0 and 511. YAML accepts both octal + and decimal values, JSON requires decimal + values for mode bits. Defaults to 0644. + Directories within the path are not affected + by this setting. This might be in conflict + with other options that affect the file + mode, like fsGroup, and the result can be + other mode bits set.' format: int32 type: integer items: - description: If unspecified, each key-value + description: items If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content @@ -6721,27 +7649,27 @@ spec: within a volume. properties: key: - description: The key to project. + description: key is the key to project. type: string mode: - description: 'Optional: mode bits used - to set permissions on this file. Must - be an octal value between 0000 and - 0777 or a decimal value between 0 - and 511. YAML accepts both octal and - decimal values, JSON requires decimal - values for mode bits. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' + description: 'mode is Optional: mode + bits used to set permissions on this + file. Must be an octal value between + 0000 and 0777 or a decimal value between + 0 and 511. YAML accepts both octal + and decimal values, JSON requires + decimal values for mode bits. If not + specified, the volume defaultMode + will be used. This might be in conflict + with other options that affect the + file mode, like fsGroup, and the result + can be other mode bits set.' format: int32 type: integer path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain + description: path is the relative path + of the file to map the key to. May + not be an absolute path. May not contain the path element '..'. May not start with the string '..'. type: string @@ -6751,31 +7679,33 @@ spec: type: object type: array optional: - description: Specify whether the Secret or - its keys must be defined + description: optional field specify whether + the Secret or its keys must be defined type: boolean secretName: - description: 'Name of the secret in the pod''s - namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + description: 'secretName is the name of the + secret in the pod''s namespace to use. More + info: https://kubernetes.io/docs/concepts/storage/volumes#secret' type: string type: object storageos: - description: StorageOS represents a StorageOS + description: storageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is the filesystem type + to mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string readOnly: - description: Defaults to false (read/write). + description: readOnly defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. type: boolean secretRef: - description: SecretRef specifies the secret + description: secretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. properties: @@ -6787,12 +7717,12 @@ spec: type: string type: object volumeName: - description: VolumeName is the human-readable + description: volumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. type: string volumeNamespace: - description: VolumeNamespace specifies the + description: volumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the @@ -6805,27 +7735,29 @@ spec: type: string type: object vsphereVolume: - description: VsphereVolume represents a vSphere + description: vsphereVolume represents a vSphere volume attached and mounted on kubelets host machine properties: fsType: - description: Filesystem type to mount. Must - be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" if unspecified. + description: fsType is filesystem type to + mount. Must be a filesystem type supported + by the host operating system. Ex. "ext4", + "xfs", "ntfs". Implicitly inferred to be + "ext4" if unspecified. type: string storagePolicyID: - description: Storage Policy Based Management - (SPBM) profile ID associated with the StoragePolicyName. + description: storagePolicyID is the storage + Policy Based Management (SPBM) profile ID + associated with the StoragePolicyName. type: string storagePolicyName: - description: Storage Policy Based Management - (SPBM) profile name. + description: storagePolicyName is the storage + Policy Based Management (SPBM) profile name. type: string volumePath: - description: Path that identifies vSphere - volume vmdk + description: volumePath is the path that identifies + vSphere volume vmdk type: string required: - volumePath diff --git a/apps/training-operator/upstream/base/deployment.yaml b/apps/training-operator/upstream/base/deployment.yaml index 536b782dea..fc6c8d2cfc 100644 --- a/apps/training-operator/upstream/base/deployment.yaml +++ b/apps/training-operator/upstream/base/deployment.yaml @@ -40,12 +40,14 @@ spec: port: 8081 initialDelaySeconds: 15 periodSeconds: 20 + timeoutSeconds: 3 readinessProbe: httpGet: path: /readyz port: 8081 - initialDelaySeconds: 5 - periodSeconds: 10 + initialDelaySeconds: 10 + periodSeconds: 15 + timeoutSeconds: 3 resources: limits: cpu: 100m diff --git a/apps/training-operator/upstream/overlays/kubeflow/kubeflow-training-roles.yaml b/apps/training-operator/upstream/overlays/kubeflow/kubeflow-training-roles.yaml index cb287d7a0d..50f186720c 100644 --- a/apps/training-operator/upstream/overlays/kubeflow/kubeflow-training-roles.yaml +++ b/apps/training-operator/upstream/overlays/kubeflow/kubeflow-training-roles.yaml @@ -22,6 +22,7 @@ rules: - apiGroups: - kubeflow.org resources: + - mpijobs - tfjobs - pytorchjobs - mxjobs @@ -37,6 +38,7 @@ rules: - apiGroups: - kubeflow.org resources: + - mpijobs/status - tfjobs/status - pytorchjobs/status - mxjobs/status @@ -55,6 +57,7 @@ rules: - apiGroups: - kubeflow.org resources: + - mpijobs - tfjobs - pytorchjobs - mxjobs @@ -66,6 +69,7 @@ rules: - apiGroups: - kubeflow.org resources: + - mpijobs/status - tfjobs/status - pytorchjobs/status - mxjobs/status diff --git a/apps/training-operator/upstream/overlays/kubeflow/kustomization.yaml b/apps/training-operator/upstream/overlays/kubeflow/kustomization.yaml index 6367e70c1a..2fd5423a2b 100644 --- a/apps/training-operator/upstream/overlays/kubeflow/kustomization.yaml +++ b/apps/training-operator/upstream/overlays/kubeflow/kustomization.yaml @@ -6,5 +6,4 @@ resources: - kubeflow-training-roles.yaml images: - name: kubeflow/training-operator - newName: public.ecr.aws/j1r0q0g6/training/training-operator - newTag: "174e8813666951ded505daf334a37f60fd50c18d" + newTag: "v1-e1434f6" diff --git a/apps/training-operator/upstream/overlays/standalone/kustomization.yaml b/apps/training-operator/upstream/overlays/standalone/kustomization.yaml index f596a26045..0adcf53dd3 100644 --- a/apps/training-operator/upstream/overlays/standalone/kustomization.yaml +++ b/apps/training-operator/upstream/overlays/standalone/kustomization.yaml @@ -6,5 +6,4 @@ resources: - namespace.yaml images: - name: kubeflow/training-operator - newName: public.ecr.aws/j1r0q0g6/training/training-operator - newTag: "174e8813666951ded505daf334a37f60fd50c18d" + newTag: "v1-e1434f6" diff --git a/apps/volumes-web-app/upstream/base/deployment.yaml b/apps/volumes-web-app/upstream/base/deployment.yaml index 0c30cd31c4..ecd098cc91 100644 --- a/apps/volumes-web-app/upstream/base/deployment.yaml +++ b/apps/volumes-web-app/upstream/base/deployment.yaml @@ -11,7 +11,7 @@ spec: spec: containers: - name: volumes-web-app - image: public.ecr.aws/j1r0q0g6/notebooks/volumes-web-app + image: docker.io/kubeflownotebookswg/volumes-web-app ports: - containerPort: 5000 env: @@ -21,4 +21,6 @@ spec: value: $(VWA_USERID_HEADER) - name: USERID_PREFIX value: $(VWA_USERID_PREFIX) + - name: APP_SECURE_COOKIES + value: $(VWA_APP_SECURE_COOKIES) serviceAccountName: service-account diff --git a/apps/volumes-web-app/upstream/base/kustomization.yaml b/apps/volumes-web-app/upstream/base/kustomization.yaml index a5d42cff38..5e159ef82d 100644 --- a/apps/volumes-web-app/upstream/base/kustomization.yaml +++ b/apps/volumes-web-app/upstream/base/kustomization.yaml @@ -12,9 +12,8 @@ commonLabels: app: volumes-web-app kustomize.component: volumes-web-app images: -- name: public.ecr.aws/j1r0q0g6/notebooks/volumes-web-app - newName: public.ecr.aws/j1r0q0g6/notebooks/volumes-web-app - newTag: v1.5.0 +- name: docker.io/kubeflownotebookswg/volumes-web-app + newTag: v1.6.0-rc.1 # We need the name to be unique without the suffix because the original name is what # gets used with patches configMapGenerator: diff --git a/apps/volumes-web-app/upstream/base/params.env b/apps/volumes-web-app/upstream/base/params.env index fa5e5e5f0d..54ea61c120 100644 --- a/apps/volumes-web-app/upstream/base/params.env +++ b/apps/volumes-web-app/upstream/base/params.env @@ -2,3 +2,4 @@ VWA_CLUSTER_DOMAIN=cluster.local VWA_USERID_HEADER=kubeflow-userid VWA_USERID_PREFIX= VWA_PREFIX=/volumes +VWA_APP_SECURE_COOKIES=true diff --git a/common/dex/base/crds.yaml b/common/dex/base/crds.yaml index cd18744a85..edf3af58ab 100644 --- a/common/dex/base/crds.yaml +++ b/common/dex/base/crds.yaml @@ -1,5 +1,5 @@ --- -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: authcodes.dex.coreos.com @@ -11,9 +11,16 @@ spec: plural: authcodes singular: authcode scope: Namespaced - version: v1 + versions: + - name: v1 + served: true + storage: true + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: dex @@ -25,7 +32,7 @@ rules: resources: ["customresourcedefinitions"] verbs: ["create"] # To manage its own resources identity must be able to create customresourcedefinitions. --- -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: dex diff --git a/common/dex/base/deployment.yaml b/common/dex/base/deployment.yaml index a0972dc3f8..ed7e3dfa39 100644 --- a/common/dex/base/deployment.yaml +++ b/common/dex/base/deployment.yaml @@ -16,7 +16,7 @@ spec: spec: serviceAccountName: dex containers: - - image: quay.io/dexidp/dex:v2.22.0 + - image: ghcr.io/dexidp/dex:v2.31.2 name: dex command: ["dex", "serve", "/etc/dex/cfg/config.yaml"] ports: diff --git a/common/istio-1-11/cluster-local-gateway/base/cluster-local-gateway.yaml b/common/istio-1-11/cluster-local-gateway/base/cluster-local-gateway.yaml deleted file mode 100644 index b104170296..0000000000 --- a/common/istio-1-11/cluster-local-gateway/base/cluster-local-gateway.yaml +++ /dev/null @@ -1,322 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: cluster-local-gateway-service-account - namespace: istio-system - labels: - app: cluster-local-gateway - istio: cluster-local-gateway - release: istio - istio.io/rev: default - install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: IngressGateways ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: cluster-local-gateway - install.operator.istio.io/owning-resource: unknown - istio: cluster-local-gateway - istio.io/rev: default - operator.istio.io/component: IngressGateways - release: istio - name: cluster-local-gateway - namespace: istio-system -spec: - selector: - matchLabels: - app: cluster-local-gateway - istio: cluster-local-gateway - strategy: - rollingUpdate: - maxSurge: 100% - maxUnavailable: 25% - template: - metadata: - annotations: - prometheus.io/path: /stats/prometheus - prometheus.io/port: '15020' - prometheus.io/scrape: 'true' - sidecar.istio.io/inject: 'false' - labels: - app: cluster-local-gateway - chart: gateways - heritage: Tiller - install.operator.istio.io/owning-resource: unknown - istio: cluster-local-gateway - istio.io/rev: default - operator.istio.io/component: IngressGateways - release: istio - service.istio.io/canonical-name: cluster-local-gateway - service.istio.io/canonical-revision: latest - sidecar.istio.io/inject: 'false' - spec: - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - weight: 2 - - preference: - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - ppc64le - weight: 2 - - preference: - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - s390x - weight: 2 - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - ppc64le - - s390x - containers: - - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.cluster.local - - --proxyLogLevel=warning - - --proxyComponentLogLevel=misc:error - - --log_output_level=default:info - env: - - name: JWT_POLICY - value: third-party-jwt - - name: PILOT_CERT_PROVIDER - value: istiod - - name: CA_ADDR - value: istiod.istio-system.svc:15012 - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: ISTIO_META_WORKLOAD_NAME - value: cluster-local-gateway - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/istio-system/deployments/cluster-local-gateway - - name: ISTIO_META_MESH_ID - value: cluster.local - - name: TRUST_DOMAIN - value: cluster.local - - name: ISTIO_META_UNPRIVILEGED_POD - value: 'true' - - name: ISTIO_META_ROUTER_MODE - value: sni-dnat - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - image: docker.io/istio/proxyv2:1.11.4 - name: istio-proxy - ports: - - containerPort: 15020 - protocol: TCP - - containerPort: 8080 - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 100m - memory: 128Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /etc/istio/config - name: config-volume - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/run/secrets/tokens - name: istio-token - readOnly: true - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/pod - name: podinfo - - mountPath: /etc/istio/ingressgateway-certs - name: ingressgateway-certs - readOnly: true - - mountPath: /etc/istio/ingressgateway-ca-certs - name: ingressgateway-ca-certs - readOnly: true - securityContext: - fsGroup: 1337 - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - serviceAccountName: cluster-local-gateway-service-account - volumes: - - configMap: - name: istio-ca-root-cert - name: istiod-ca-cert - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - name: podinfo - - emptyDir: {} - name: istio-envoy - - emptyDir: {} - name: istio-data - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: istio-ca - expirationSeconds: 43200 - path: istio-token - - configMap: - name: istio - optional: true - name: config-volume - - name: ingressgateway-certs - secret: - optional: true - secretName: istio-ingressgateway-certs - - name: ingressgateway-ca-certs - secret: - optional: true - secretName: istio-ingressgateway-ca-certs ---- -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: cluster-local-gateway - namespace: istio-system - labels: - app: cluster-local-gateway - istio: cluster-local-gateway - release: istio - istio.io/rev: default - install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: IngressGateways -spec: - minAvailable: 1 - selector: - matchLabels: - app: cluster-local-gateway - istio: cluster-local-gateway ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: cluster-local-gateway-sds - namespace: istio-system - labels: - release: istio - istio.io/rev: default - install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: IngressGateways -rules: -- apiGroups: [''] - resources: [secrets] - verbs: [get, watch, list] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: cluster-local-gateway-sds - namespace: istio-system - labels: - release: istio - istio.io/rev: default - install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: IngressGateways -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: cluster-local-gateway-sds -subjects: -- kind: ServiceAccount - name: cluster-local-gateway-service-account ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - labels: - app: cluster-local-gateway - install.operator.istio.io/owning-resource: unknown - istio: cluster-local-gateway - istio.io/rev: default - operator.istio.io/component: IngressGateways - release: istio - name: cluster-local-gateway - namespace: istio-system -spec: - ports: - - name: status-port - port: 15020 - protocol: TCP - targetPort: 15020 - - name: http2 - port: 80 - protocol: TCP - targetPort: 8080 - selector: - app: cluster-local-gateway - istio: cluster-local-gateway - type: ClusterIP diff --git a/common/istio-1-11/cluster-local-gateway/base/kustomization.yaml b/common/istio-1-11/cluster-local-gateway/base/kustomization.yaml deleted file mode 100644 index 964dd20151..0000000000 --- a/common/istio-1-11/cluster-local-gateway/base/kustomization.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -namespace: istio-system - -resources: -- cluster-local-gateway.yaml -- gateway-authorizationpolicy.yaml -- gateway.yaml - -patchesStrategicMerge: -- patches/remove-pdb.yaml diff --git a/common/istio-1-11/istio-install/base/kustomization.yaml b/common/istio-1-11/istio-install/base/kustomization.yaml deleted file mode 100644 index e686907bf1..0000000000 --- a/common/istio-1-11/istio-install/base/kustomization.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- install.yaml -- gateway_authorizationpolicy.yaml -- deny_all_authorizationpolicy.yaml -- gateway.yaml -- x-forwarded-host.yaml - -namespace: istio-system - -patchesStrategicMerge: -- patches/service.yaml -- patches/remove-pdb.yaml -- patches/istio-configmap-disable-tracing.yaml diff --git a/common/istio-1-11/istio-namespace/base/kustomization.yaml b/common/istio-1-11/istio-namespace/base/kustomization.yaml deleted file mode 100644 index 6e0028159b..0000000000 --- a/common/istio-1-11/istio-namespace/base/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: -- namespace.yaml -namespace: istio-system diff --git a/common/istio-1-11/profile.yaml b/common/istio-1-11/profile.yaml deleted file mode 100644 index af2be012a9..0000000000 --- a/common/istio-1-11/profile.yaml +++ /dev/null @@ -1,197 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - components: - base: - enabled: true - cni: - enabled: false - egressGateways: - - enabled: true - k8s: - resources: - requests: - cpu: 10m - memory: 40Mi - name: istio-egressgateway - ingressGateways: - - enabled: true - k8s: - resources: - requests: - cpu: 10m - memory: 40Mi - service: - ports: - - name: status-port - port: 15021 - targetPort: 15021 - - name: http2 - port: 80 - targetPort: 8080 - - name: https - port: 443 - targetPort: 8443 - - name: tcp - port: 31400 - targetPort: 31400 - - name: tls - port: 15443 - targetPort: 15443 - name: istio-ingressgateway - istiodRemote: - enabled: false - pilot: - enabled: true - k8s: - env: - - name: PILOT_TRACE_SAMPLING - value: "100" - resources: - requests: - cpu: 10m - memory: 100Mi - hub: docker.io/istio - meshConfig: - accessLogFile: /dev/stdout - defaultConfig: - proxyMetadata: {} - enablePrometheusMerge: true - profile: demo - tag: 1.11.4 - values: - base: - enableCRDTemplates: false - validationURL: "" - gateways: - istio-egressgateway: - autoscaleEnabled: false - env: {} - name: istio-egressgateway - secretVolumes: - - mountPath: /etc/istio/egressgateway-certs - name: egressgateway-certs - secretName: istio-egressgateway-certs - - mountPath: /etc/istio/egressgateway-ca-certs - name: egressgateway-ca-certs - secretName: istio-egressgateway-ca-certs - type: ClusterIP - zvpn: {} - istio-ingressgateway: - autoscaleEnabled: false - env: {} - name: istio-ingressgateway - secretVolumes: - - mountPath: /etc/istio/ingressgateway-certs - name: ingressgateway-certs - secretName: istio-ingressgateway-certs - - mountPath: /etc/istio/ingressgateway-ca-certs - name: ingressgateway-ca-certs - secretName: istio-ingressgateway-ca-certs - type: LoadBalancer - zvpn: {} - global: - configValidation: true - defaultNodeSelector: {} - defaultPodDisruptionBudget: - enabled: true - defaultResources: - requests: - cpu: 10m - imagePullPolicy: "" - imagePullSecrets: [] - istioNamespace: istio-system - istiod: - enableAnalysis: false - jwtPolicy: third-party-jwt - logAsJson: false - logging: - level: default:info - meshNetworks: {} - mountMtlsCerts: false - multiCluster: - clusterName: "" - enabled: false - network: "" - omitSidecarInjectorConfigMap: false - oneNamespace: false - operatorManageWebhooks: false - pilotCertProvider: istiod - priorityClassName: "" - proxy: - autoInject: enabled - clusterDomain: cluster.local - componentLogLevel: misc:error - enableCoreDump: false - excludeIPRanges: "" - excludeInboundPorts: "" - excludeOutboundPorts: "" - image: proxyv2 - includeIPRanges: '*' - logLevel: warning - privileged: false - readinessFailureThreshold: 30 - readinessInitialDelaySeconds: 1 - readinessPeriodSeconds: 2 - resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 10m - memory: 40Mi - statusPort: 15020 - tracer: zipkin - proxy_init: - image: proxyv2 - resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 10m - memory: 10Mi - sds: - token: - aud: istio-ca - sts: - servicePort: 0 - tracer: - datadog: {} - lightstep: {} - stackdriver: {} - zipkin: {} - useMCP: false - istiodRemote: - injectionURL: "" - pilot: - autoscaleEnabled: false - autoscaleMax: 5 - autoscaleMin: 1 - configMap: true - cpu: - targetAverageUtilization: 80 - enableProtocolSniffingForInbound: true - enableProtocolSniffingForOutbound: true - env: {} - image: pilot - keepaliveMaxServerConnectionAge: 30m - nodeSelector: {} - replicaCount: 1 - traceSampling: 1 - telemetry: - enabled: true - v2: - enabled: true - metadataExchange: - wasmEnabled: false - prometheus: - enabled: true - wasmEnabled: false - stackdriver: - configOverride: {} - enabled: false - logging: false - monitoring: false - topology: false - diff --git a/common/istio-1-11/README.md b/common/istio-1-14/README.md similarity index 100% rename from common/istio-1-11/README.md rename to common/istio-1-14/README.md diff --git a/common/istio-1-9/cluster-local-gateway/base/cluster-local-gateway.yaml b/common/istio-1-14/cluster-local-gateway/base/cluster-local-gateway.yaml similarity index 92% rename from common/istio-1-9/cluster-local-gateway/base/cluster-local-gateway.yaml rename to common/istio-1-14/cluster-local-gateway/base/cluster-local-gateway.yaml index f42ae349b5..c7f82d912f 100644 --- a/common/istio-1-9/cluster-local-gateway/base/cluster-local-gateway.yaml +++ b/common/istio-1-14/cluster-local-gateway/base/cluster-local-gateway.yaml @@ -62,6 +62,13 @@ spec: values: - amd64 weight: 2 + - preference: + matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - arm64 + weight: 2 - preference: matchExpressions: - key: kubernetes.io/arch @@ -83,6 +90,7 @@ spec: operator: In values: - amd64 + - arm64 - ppc64le - s390x containers: @@ -94,9 +102,9 @@ spec: - --proxyLogLevel=warning - --proxyComponentLogLevel=misc:error - --log_output_level=default:info - - --serviceCluster - - cluster-local-gateway env: + - name: ISTIO_META_ROUTER_MODE + value: sni-dnat - name: JWT_POLICY value: third-party-jwt - name: PILOT_CERT_PROVIDER @@ -132,25 +140,20 @@ spec: valueFrom: fieldRef: fieldPath: spec.serviceAccountName - - name: CANONICAL_SERVICE - valueFrom: - fieldRef: - fieldPath: metadata.labels['service.istio.io/canonical-name'] - - name: CANONICAL_REVISION - valueFrom: - fieldRef: - fieldPath: metadata.labels['service.istio.io/canonical-revision'] - name: ISTIO_META_WORKLOAD_NAME value: cluster-local-gateway - name: ISTIO_META_OWNER value: kubernetes://apis/apps/v1/namespaces/istio-system/deployments/cluster-local-gateway + - name: ISTIO_META_MESH_ID + value: cluster.local + - name: TRUST_DOMAIN + value: cluster.local - name: ISTIO_META_UNPRIVILEGED_POD value: "true" - - name: ISTIO_META_ROUTER_MODE - value: sni-dnat - name: ISTIO_META_CLUSTER_ID value: Kubernetes - image: docker.io/istio/proxyv2:1.9.6 + image: docker.io/istio/proxyv2:1.14.1 + imagePullPolicy: IfNotPresent name: istio-proxy ports: - containerPort: 15020 @@ -185,6 +188,10 @@ spec: privileged: false readOnlyRootFilesystem: true volumeMounts: + - mountPath: /var/run/secrets/workload-spiffe-uds + name: workload-socket + - mountPath: /var/run/secrets/workload-spiffe-credentials + name: workload-certs - mountPath: /etc/istio/proxy name: istio-envoy - mountPath: /etc/istio/config @@ -211,6 +218,10 @@ spec: runAsUser: 1337 serviceAccountName: cluster-local-gateway-service-account volumes: + - emptyDir: {} + name: workload-socket + - emptyDir: {} + name: workload-certs - configMap: name: istio-ca-root-cert name: istiod-ca-cert @@ -222,16 +233,6 @@ spec: - fieldRef: fieldPath: metadata.annotations path: annotations - - path: cpu-limit - resourceFieldRef: - containerName: istio-proxy - divisor: 1m - resource: limits.cpu - - path: cpu-request - resourceFieldRef: - containerName: istio-proxy - divisor: 1m - resource: requests.cpu name: podinfo - emptyDir: {} name: istio-envoy diff --git a/common/istio-1-11/cluster-local-gateway/base/gateway-authorizationpolicy.yaml b/common/istio-1-14/cluster-local-gateway/base/gateway-authorizationpolicy.yaml similarity index 100% rename from common/istio-1-11/cluster-local-gateway/base/gateway-authorizationpolicy.yaml rename to common/istio-1-14/cluster-local-gateway/base/gateway-authorizationpolicy.yaml diff --git a/common/istio-1-11/cluster-local-gateway/base/gateway.yaml b/common/istio-1-14/cluster-local-gateway/base/gateway.yaml similarity index 100% rename from common/istio-1-11/cluster-local-gateway/base/gateway.yaml rename to common/istio-1-14/cluster-local-gateway/base/gateway.yaml diff --git a/common/istio-1-9/cluster-local-gateway/base/kustomization.yaml b/common/istio-1-14/cluster-local-gateway/base/kustomization.yaml similarity index 79% rename from common/istio-1-9/cluster-local-gateway/base/kustomization.yaml rename to common/istio-1-14/cluster-local-gateway/base/kustomization.yaml index 964dd20151..00d9d84f0e 100644 --- a/common/istio-1-9/cluster-local-gateway/base/kustomization.yaml +++ b/common/istio-1-14/cluster-local-gateway/base/kustomization.yaml @@ -1,3 +1,7 @@ +# +# Copyright © 2020 Arrikto Inc. All Rights Reserved. +# + apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/common/istio-1-11/cluster-local-gateway/base/patches/remove-pdb.yaml b/common/istio-1-14/cluster-local-gateway/base/patches/remove-pdb.yaml similarity index 100% rename from common/istio-1-11/cluster-local-gateway/base/patches/remove-pdb.yaml rename to common/istio-1-14/cluster-local-gateway/base/patches/remove-pdb.yaml diff --git a/common/istio-1-11/istio-crds/base/crd.yaml b/common/istio-1-14/istio-crds/base/crd.yaml similarity index 88% rename from common/istio-1-11/istio-crds/base/crd.yaml rename to common/istio-1-14/istio-crds/base/crd.yaml index 8a5f086396..a7cfbbf49b 100644 --- a/common/istio-1-11/istio-crds/base/crd.yaml +++ b/common/istio-1-14/istio-crds/base/crd.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - helm.sh/resource-policy: keep + "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio @@ -209,7 +209,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - helm.sh/resource-policy: keep + "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio @@ -426,8 +426,8 @@ spec: localityLbSetting: properties: distribute: - description: 'Optional: only one of distribute or - failover can be set.' + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' items: properties: from: @@ -449,8 +449,8 @@ spec: nullable: true type: boolean failover: - description: 'Optional: only failover or distribute - can be set.' + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' items: properties: from: @@ -460,13 +460,25 @@ spec: type: string type: object type: array + failoverPriority: + description: failoverPriority is an ordered list + of labels used to sort endpoints to do priority + based load balancing. + items: + type: string + type: array type: object simple: enum: - - ROUND_ROBIN + - UNSPECIFIED - LEAST_CONN - RANDOM - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of Service. type: string type: object outlierDetection: @@ -666,8 +678,8 @@ spec: localityLbSetting: properties: distribute: - description: 'Optional: only one of distribute - or failover can be set.' + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' items: properties: from: @@ -689,8 +701,8 @@ spec: nullable: true type: boolean failover: - description: 'Optional: only failover or distribute - can be set.' + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' items: properties: from: @@ -700,13 +712,26 @@ spec: type: string type: object type: array + failoverPriority: + description: failoverPriority is an ordered + list of labels used to sort endpoints to + do priority based load balancing. + items: + type: string + type: array type: object simple: enum: - - ROUND_ROBIN + - UNSPECIFIED - LEAST_CONN - RANDOM - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of + Service. type: string type: object outlierDetection: @@ -761,6 +786,9 @@ spec: type: string credentialName: type: string + insecureSkipVerify: + nullable: true + type: boolean mode: enum: - DISABLE @@ -793,6 +821,9 @@ spec: type: string credentialName: type: string + insecureSkipVerify: + nullable: true + type: boolean mode: enum: - DISABLE @@ -812,6 +843,21 @@ spec: type: string type: array type: object + tunnel: + properties: + protocol: + description: Specifies which protocol to use for tunneling + the downstream connection. + type: string + targetHost: + description: Specifies a host to which the downstream + connection is tunneled. + type: string + targetPort: + description: Specifies a port to which the downstream + connection is tunneled. + type: integer + type: object type: object type: object type: array @@ -969,8 +1015,8 @@ spec: localityLbSetting: properties: distribute: - description: 'Optional: only one of distribute or failover - can be set.' + description: 'Optional: only one of distribute, failover + or failoverPriority can be set.' items: properties: from: @@ -991,8 +1037,8 @@ spec: nullable: true type: boolean failover: - description: 'Optional: only failover or distribute can - be set.' + description: 'Optional: only one of distribute, failover + or failoverPriority can be set.' items: properties: from: @@ -1002,13 +1048,24 @@ spec: type: string type: object type: array + failoverPriority: + description: failoverPriority is an ordered list of labels + used to sort endpoints to do priority based load balancing. + items: + type: string + type: array type: object simple: enum: - - ROUND_ROBIN + - UNSPECIFIED - LEAST_CONN - RANDOM - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of Service. type: string type: object outlierDetection: @@ -1203,8 +1260,8 @@ spec: localityLbSetting: properties: distribute: - description: 'Optional: only one of distribute or - failover can be set.' + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' items: properties: from: @@ -1226,8 +1283,8 @@ spec: nullable: true type: boolean failover: - description: 'Optional: only failover or distribute - can be set.' + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' items: properties: from: @@ -1237,13 +1294,25 @@ spec: type: string type: object type: array + failoverPriority: + description: failoverPriority is an ordered list + of labels used to sort endpoints to do priority + based load balancing. + items: + type: string + type: array type: object simple: enum: - - ROUND_ROBIN + - UNSPECIFIED - LEAST_CONN - RANDOM - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of Service. type: string type: object outlierDetection: @@ -1297,6 +1366,9 @@ spec: type: string credentialName: type: string + insecureSkipVerify: + nullable: true + type: boolean mode: enum: - DISABLE @@ -1329,6 +1401,9 @@ spec: type: string credentialName: type: string + insecureSkipVerify: + nullable: true + type: boolean mode: enum: - DISABLE @@ -1348,6 +1423,28 @@ spec: type: string type: array type: object + tunnel: + properties: + protocol: + description: Specifies which protocol to use for tunneling + the downstream connection. + type: string + targetHost: + description: Specifies a host to which the downstream connection + is tunneled. + type: string + targetPort: + description: Specifies a port to which the downstream connection + is tunneled. + type: integer + type: object + type: object + workloadSelector: + properties: + matchLabels: + additionalProperties: + type: string + type: object type: object type: object status: @@ -1554,8 +1651,8 @@ spec: localityLbSetting: properties: distribute: - description: 'Optional: only one of distribute or - failover can be set.' + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' items: properties: from: @@ -1577,8 +1674,8 @@ spec: nullable: true type: boolean failover: - description: 'Optional: only failover or distribute - can be set.' + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' items: properties: from: @@ -1588,13 +1685,25 @@ spec: type: string type: object type: array + failoverPriority: + description: failoverPriority is an ordered list + of labels used to sort endpoints to do priority + based load balancing. + items: + type: string + type: array type: object simple: enum: - - ROUND_ROBIN + - UNSPECIFIED - LEAST_CONN - RANDOM - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of Service. type: string type: object outlierDetection: @@ -1794,8 +1903,8 @@ spec: localityLbSetting: properties: distribute: - description: 'Optional: only one of distribute - or failover can be set.' + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' items: properties: from: @@ -1817,8 +1926,8 @@ spec: nullable: true type: boolean failover: - description: 'Optional: only failover or distribute - can be set.' + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' items: properties: from: @@ -1828,13 +1937,26 @@ spec: type: string type: object type: array + failoverPriority: + description: failoverPriority is an ordered + list of labels used to sort endpoints to + do priority based load balancing. + items: + type: string + type: array type: object simple: enum: - - ROUND_ROBIN + - UNSPECIFIED - LEAST_CONN - RANDOM - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of + Service. type: string type: object outlierDetection: @@ -1889,6 +2011,9 @@ spec: type: string credentialName: type: string + insecureSkipVerify: + nullable: true + type: boolean mode: enum: - DISABLE @@ -1921,6 +2046,9 @@ spec: type: string credentialName: type: string + insecureSkipVerify: + nullable: true + type: boolean mode: enum: - DISABLE @@ -1940,6 +2068,21 @@ spec: type: string type: array type: object + tunnel: + properties: + protocol: + description: Specifies which protocol to use for tunneling + the downstream connection. + type: string + targetHost: + description: Specifies a host to which the downstream + connection is tunneled. + type: string + targetPort: + description: Specifies a port to which the downstream + connection is tunneled. + type: integer + type: object type: object type: object type: array @@ -2097,8 +2240,8 @@ spec: localityLbSetting: properties: distribute: - description: 'Optional: only one of distribute or failover - can be set.' + description: 'Optional: only one of distribute, failover + or failoverPriority can be set.' items: properties: from: @@ -2119,8 +2262,8 @@ spec: nullable: true type: boolean failover: - description: 'Optional: only failover or distribute can - be set.' + description: 'Optional: only one of distribute, failover + or failoverPriority can be set.' items: properties: from: @@ -2130,13 +2273,24 @@ spec: type: string type: object type: array + failoverPriority: + description: failoverPriority is an ordered list of labels + used to sort endpoints to do priority based load balancing. + items: + type: string + type: array type: object simple: enum: - - ROUND_ROBIN + - UNSPECIFIED - LEAST_CONN - RANDOM - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of Service. type: string type: object outlierDetection: @@ -2331,8 +2485,8 @@ spec: localityLbSetting: properties: distribute: - description: 'Optional: only one of distribute or - failover can be set.' + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' items: properties: from: @@ -2354,8 +2508,8 @@ spec: nullable: true type: boolean failover: - description: 'Optional: only failover or distribute - can be set.' + description: 'Optional: only one of distribute, + failover or failoverPriority can be set.' items: properties: from: @@ -2365,13 +2519,25 @@ spec: type: string type: object type: array + failoverPriority: + description: failoverPriority is an ordered list + of labels used to sort endpoints to do priority + based load balancing. + items: + type: string + type: array type: object simple: enum: - - ROUND_ROBIN + - UNSPECIFIED - LEAST_CONN - RANDOM - PASSTHROUGH + - ROUND_ROBIN + - LEAST_REQUEST + type: string + warmupDurationSecs: + description: Represents the warmup duration of Service. type: string type: object outlierDetection: @@ -2425,6 +2591,9 @@ spec: type: string credentialName: type: string + insecureSkipVerify: + nullable: true + type: boolean mode: enum: - DISABLE @@ -2457,6 +2626,9 @@ spec: type: string credentialName: type: string + insecureSkipVerify: + nullable: true + type: boolean mode: enum: - DISABLE @@ -2476,6 +2648,28 @@ spec: type: string type: array type: object + tunnel: + properties: + protocol: + description: Specifies which protocol to use for tunneling + the downstream connection. + type: string + targetHost: + description: Specifies a host to which the downstream connection + is tunneled. + type: string + targetPort: + description: Specifies a port to which the downstream connection + is tunneled. + type: integer + type: object + type: object + workloadSelector: + properties: + matchLabels: + additionalProperties: + type: string + type: object type: object type: object status: @@ -2491,7 +2685,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - helm.sh/resource-policy: keep + "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio @@ -2729,7 +2923,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - helm.sh/resource-policy: keep + "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio @@ -3034,7 +3228,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - helm.sh/resource-policy: keep + "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio @@ -3126,7 +3320,72 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - helm.sh/resource-policy: keep + "helm.sh/resource-policy": keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: proxyconfigs.networking.istio.io +spec: + group: networking.istio.io + names: + categories: + - istio-io + - networking-istio-io + kind: ProxyConfig + listKind: ProxyConfigList + plural: proxyconfigs + singular: proxyconfig + scope: Namespaced + versions: + - name: v1beta1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Provides configuration for individual workloads. See more + details at: https://istio.io/docs/reference/config/networking/proxy-config.html' + properties: + concurrency: + description: The number of worker threads to run. + nullable: true + type: integer + environmentVariables: + additionalProperties: + type: string + description: Additional environment variables for the proxy. + type: object + image: + description: Specifies the details of the proxy image. + properties: + imageType: + description: The image type of the image. + type: string + type: object + selector: + description: Optional. + properties: + matchLabels: + additionalProperties: + type: string + type: object + type: object + type: object + status: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio @@ -3166,8 +3425,8 @@ spec: type: string type: array forwardOriginalToken: - description: If set to true, the orginal token will be kept - for the ustream request. + description: If set to true, the original token will be kept + for the upstream request. type: boolean fromHeaders: description: List of header locations from which JWT is expected. @@ -3203,8 +3462,7 @@ spec: type: object type: array selector: - description: The selector determines the workloads to apply the RequestAuthentication - on. + description: Optional. properties: matchLabels: additionalProperties: @@ -3225,7 +3483,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - helm.sh/resource-policy: keep + "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio @@ -3347,6 +3605,7 @@ spec: - NONE - STATIC - DNS + - DNS_ROUND_ROBIN type: string subjectAltNames: items: @@ -3470,6 +3729,7 @@ spec: - NONE - STATIC - DNS + - DNS_ROUND_ROBIN type: string subjectAltNames: items: @@ -3497,7 +3757,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - helm.sh/resource-policy: keep + "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio @@ -3585,6 +3845,66 @@ spec: targetPort: type: integer type: object + tls: + properties: + caCertificates: + description: REQUIRED if mode is `MUTUAL`. + type: string + cipherSuites: + description: 'Optional: If specified, only support the specified + cipher list.' + items: + type: string + type: array + credentialName: + type: string + httpsRedirect: + type: boolean + maxProtocolVersion: + description: 'Optional: Maximum TLS protocol version.' + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + minProtocolVersion: + description: 'Optional: Minimum TLS protocol version.' + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + mode: + enum: + - PASSTHROUGH + - SIMPLE + - MUTUAL + - AUTO_PASSTHROUGH + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + serverCertificate: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + subjectAltNames: + items: + type: string + type: array + verifyCertificateHash: + items: + type: string + type: array + verifyCertificateSpki: + items: + type: string + type: array + type: object type: object type: array outboundTrafficPolicy: @@ -3697,55 +4017,115 @@ spec: targetPort: type: integer type: object - type: object - type: array - outboundTrafficPolicy: - description: Configuration for the outbound traffic policy. - properties: - egressProxy: - properties: - host: - description: The name of a service from the service registry. - type: string - port: - description: Specifies the port on the host that is being - addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - type: string - type: object - mode: - enum: - - REGISTRY_ONLY - - ALLOW_ANY - type: string - type: object - workloadSelector: - properties: - labels: - additionalProperties: - type: string - type: object - type: object - type: object - status: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - served: true - storage: false - subresources: - status: {} ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - helm.sh/resource-policy: keep + tls: + properties: + caCertificates: + description: REQUIRED if mode is `MUTUAL`. + type: string + cipherSuites: + description: 'Optional: If specified, only support the specified + cipher list.' + items: + type: string + type: array + credentialName: + type: string + httpsRedirect: + type: boolean + maxProtocolVersion: + description: 'Optional: Maximum TLS protocol version.' + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + minProtocolVersion: + description: 'Optional: Minimum TLS protocol version.' + enum: + - TLS_AUTO + - TLSV1_0 + - TLSV1_1 + - TLSV1_2 + - TLSV1_3 + type: string + mode: + enum: + - PASSTHROUGH + - SIMPLE + - MUTUAL + - AUTO_PASSTHROUGH + - ISTIO_MUTUAL + type: string + privateKey: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + serverCertificate: + description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. + type: string + subjectAltNames: + items: + type: string + type: array + verifyCertificateHash: + items: + type: string + type: array + verifyCertificateSpki: + items: + type: string + type: array + type: object + type: object + type: array + outboundTrafficPolicy: + description: Configuration for the outbound traffic policy. + properties: + egressProxy: + properties: + host: + description: The name of a service from the service registry. + type: string + port: + description: Specifies the port on the host that is being + addressed. + properties: + number: + type: integer + type: object + subset: + description: The name of a subset within the service. + type: string + type: object + mode: + enum: + - REGISTRY_ONLY + - ALLOW_ANY + type: string + type: object + workloadSelector: + properties: + labels: + additionalProperties: + type: string + type: object + type: object + type: object + status: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio @@ -3781,8 +4161,8 @@ spec: openAPIV3Schema: properties: spec: - description: Telemetry defines how the telemetry is generated for workloads - within a mesh. + description: 'Telemetry configuration for workloads. See more details + at: https://istio.io/docs/reference/config/telemetry.html' properties: accessLogging: description: Optional. @@ -3792,6 +4172,25 @@ spec: description: Controls logging. nullable: true type: boolean + filter: + description: Optional. + properties: + expression: + description: CEL expression for selecting when requests/connections + should be logged. + type: string + type: object + match: + description: Allows tailoring of logging behavior to specific + conditions. + properties: + mode: + enum: + - CLIENT_AND_SERVER + - CLIENT + - SERVER + type: string + type: object providers: description: Optional. items: @@ -3849,8 +4248,6 @@ spec: - GRPC_RESPONSE_MESSAGES type: string mode: - description: 'Controls which mode of metrics generation - is selected: CLIENT and/or SERVER.' enum: - CLIENT_AND_SERVER - CLIENT @@ -3930,8 +4327,6 @@ spec: type: string type: object header: - description: RequestHeader adds the value of an header - from the request to each span. properties: defaultValue: description: Optional. @@ -3956,6 +4351,16 @@ spec: description: Controls span reporting. nullable: true type: boolean + match: + description: Allows tailoring of behavior to specific conditions. + properties: + mode: + enum: + - CLIENT_AND_SERVER + - CLIENT + - SERVER + type: string + type: object providers: description: Optional. items: @@ -3968,6 +4373,9 @@ spec: randomSamplingPercentage: nullable: true type: number + useRequestIdForTraceSampling: + nullable: true + type: boolean type: object type: array type: object @@ -3984,7 +4392,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - helm.sh/resource-policy: keep + "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio @@ -4478,11 +4886,35 @@ spec: redirect: description: A HTTP rule can either redirect or forward (default) traffic. + oneOf: + - not: + anyOf: + - required: + - port + - required: + - derivePort + - required: + - port + - required: + - derivePort properties: authority: type: string + derivePort: + enum: + - FROM_PROTOCOL_DEFAULT + - FROM_REQUEST_PORT + type: string + port: + description: On a redirect, overwrite the port portion of + the URL with this value. + type: integer redirectCode: type: integer + scheme: + description: On a redirect, overwrite the scheme portion + of the URL with this value. + type: string uri: type: string type: object @@ -4574,6 +5006,8 @@ spec: type: object type: object weight: + description: Weight specifies the relative proportion + of traffic to be forwarded to the destination. format: int32 type: integer type: object @@ -4643,6 +5077,8 @@ spec: type: string type: object weight: + description: Weight specifies the relative proportion + of traffic to be forwarded to the destination. format: int32 type: integer type: object @@ -4709,6 +5145,8 @@ spec: type: string type: object weight: + description: Weight specifies the relative proportion + of traffic to be forwarded to the destination. format: int32 type: integer type: object @@ -5197,11 +5635,35 @@ spec: redirect: description: A HTTP rule can either redirect or forward (default) traffic. + oneOf: + - not: + anyOf: + - required: + - port + - required: + - derivePort + - required: + - port + - required: + - derivePort properties: authority: type: string + derivePort: + enum: + - FROM_PROTOCOL_DEFAULT + - FROM_REQUEST_PORT + type: string + port: + description: On a redirect, overwrite the port portion of + the URL with this value. + type: integer redirectCode: type: integer + scheme: + description: On a redirect, overwrite the scheme portion + of the URL with this value. + type: string uri: type: string type: object @@ -5293,6 +5755,8 @@ spec: type: object type: object weight: + description: Weight specifies the relative proportion + of traffic to be forwarded to the destination. format: int32 type: integer type: object @@ -5362,6 +5826,8 @@ spec: type: string type: object weight: + description: Weight specifies the relative proportion + of traffic to be forwarded to the destination. format: int32 type: integer type: object @@ -5428,6 +5894,8 @@ spec: type: string type: object weight: + description: Weight specifies the relative proportion + of traffic to be forwarded to the destination. format: int32 type: integer type: object @@ -5448,7 +5916,124 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - helm.sh/resource-policy: keep + "helm.sh/resource-policy": keep + labels: + app: istio-pilot + chart: istio + heritage: Tiller + release: istio + name: wasmplugins.extensions.istio.io +spec: + group: extensions.istio.io + names: + categories: + - istio-io + - extensions-istio-io + kind: WasmPlugin + listKind: WasmPluginList + plural: wasmplugins + singular: wasmplugin + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + spec: + description: 'Extend the functionality provided by the Istio proxy through + WebAssembly filters. See more details at: https://istio.io/docs/reference/config/proxy_extensions/wasm-plugin.html' + properties: + imagePullPolicy: + description: The pull behaviour to be applied when fetching an OCI + image. + enum: + - UNSPECIFIED_POLICY + - IfNotPresent + - Always + type: string + imagePullSecret: + description: Credentials to use for OCI image pulling. + type: string + phase: + description: Determines where in the filter chain this `WasmPlugin` + is to be injected. + enum: + - UNSPECIFIED_PHASE + - AUTHN + - AUTHZ + - STATS + type: string + pluginConfig: + description: The configuration that will be passed on to the plugin. + type: object + x-kubernetes-preserve-unknown-fields: true + pluginName: + type: string + priority: + description: Determines ordering of `WasmPlugins` in the same `phase`. + nullable: true + type: integer + selector: + properties: + matchLabels: + additionalProperties: + type: string + type: object + type: object + sha256: + description: SHA256 checksum that will be used to verify Wasm module + or OCI container. + type: string + url: + description: URL of a Wasm module or OCI container. + type: string + verificationKey: + type: string + vmConfig: + description: Configuration for a Wasm VM. + properties: + env: + description: Specifies environment variables to be injected to + this VM. + items: + properties: + name: + type: string + value: + description: Value for the environment variable. + type: string + valueFrom: + enum: + - INLINE + - HOST + type: string + type: object + type: array + type: object + type: object + status: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + "helm.sh/resource-policy": keep labels: app: istio-pilot chart: istio @@ -5748,3 +6333,152 @@ spec: storage: true subresources: status: {} + - additionalPrinterColumns: + - description: 'CreationTimestamp is a timestamp representing the server time + when this object was created. It is not guaranteed to be set in happens-before + order across separate operations. Clients may not set this value. It is represented + in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for + lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' + jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + spec: + properties: + metadata: + description: Metadata that will be used for all corresponding `WorkloadEntries`. + properties: + annotations: + additionalProperties: + type: string + type: object + labels: + additionalProperties: + type: string + type: object + type: object + probe: + description: '`ReadinessProbe` describes the configuration the user + must provide for healthchecking on their workload.' + oneOf: + - not: + anyOf: + - required: + - httpGet + - required: + - tcpSocket + - required: + - exec + - required: + - httpGet + - required: + - tcpSocket + - required: + - exec + properties: + exec: + description: Health is determined by how the command that is executed + exited. + properties: + command: + description: Command to run. + items: + type: string + type: array + type: object + failureThreshold: + description: Minimum consecutive failures for the probe to be + considered failed after having succeeded. + format: int32 + type: integer + httpGet: + properties: + host: + description: Host name to connect to, defaults to the pod + IP. + type: string + httpHeaders: + description: Headers the proxy will pass on to make the request. + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + path: + description: Path to access on the HTTP server. + type: string + port: + description: Port on which the endpoint lives. + type: integer + scheme: + type: string + type: object + initialDelaySeconds: + description: Number of seconds after the container has started + before readiness probes are initiated. + format: int32 + type: integer + periodSeconds: + description: How often (in seconds) to perform the probe. + format: int32 + type: integer + successThreshold: + description: Minimum consecutive successes for the probe to be + considered successful after having failed. + format: int32 + type: integer + tcpSocket: + description: Health is determined by if the proxy is able to connect. + properties: + host: + type: string + port: + type: integer + type: object + timeoutSeconds: + description: Number of seconds after which the probe times out. + format: int32 + type: integer + type: object + template: + description: Template to be used for the generation of `WorkloadEntry` + resources that belong to this `WorkloadGroup`. + properties: + address: + type: string + labels: + additionalProperties: + type: string + description: One or more labels associated with the endpoint. + type: object + locality: + description: The locality associated with the endpoint. + type: string + network: + type: string + ports: + additionalProperties: + type: integer + description: Set of ports associated with the endpoint. + type: object + serviceAccount: + type: string + weight: + description: The load balancing weight associated with the endpoint. + type: integer + type: object + type: object + status: + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: false + subresources: + status: {} diff --git a/common/istio-1-11/istio-crds/base/kustomization.yaml b/common/istio-1-14/istio-crds/base/kustomization.yaml similarity index 100% rename from common/istio-1-11/istio-crds/base/kustomization.yaml rename to common/istio-1-14/istio-crds/base/kustomization.yaml diff --git a/common/istio-1-11/istio-install/base/deny_all_authorizationpolicy.yaml b/common/istio-1-14/istio-install/base/deny_all_authorizationpolicy.yaml similarity index 100% rename from common/istio-1-11/istio-install/base/deny_all_authorizationpolicy.yaml rename to common/istio-1-14/istio-install/base/deny_all_authorizationpolicy.yaml diff --git a/common/istio-1-11/istio-install/base/gateway.yaml b/common/istio-1-14/istio-install/base/gateway.yaml similarity index 100% rename from common/istio-1-11/istio-install/base/gateway.yaml rename to common/istio-1-14/istio-install/base/gateway.yaml diff --git a/common/istio-1-11/istio-install/base/gateway_authorizationpolicy.yaml b/common/istio-1-14/istio-install/base/gateway_authorizationpolicy.yaml similarity index 100% rename from common/istio-1-11/istio-install/base/gateway_authorizationpolicy.yaml rename to common/istio-1-14/istio-install/base/gateway_authorizationpolicy.yaml diff --git a/common/istio-1-11/istio-install/base/install.yaml b/common/istio-1-14/istio-install/base/install.yaml similarity index 76% rename from common/istio-1-11/istio-install/base/install.yaml rename to common/istio-1-14/istio-install/base/install.yaml index 03d7a73886..6b1d9161df 100644 --- a/common/istio-1-11/istio-install/base/install.yaml +++ b/common/istio-1-14/istio-install/base/install.yaml @@ -9,7 +9,7 @@ metadata: release: istio istio.io/rev: default install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: IngressGateways + operator.istio.io/component: "IngressGateways" --- apiVersion: v1 kind: ServiceAccount @@ -47,35 +47,41 @@ metadata: release: istio rules: - apiGroups: - - config.istio.io - - security.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - resources: ['*'] - verbs: [get, list, watch] -- apiGroups: [''] - resources: [endpoints, pods, services, nodes, replicationcontrollers, namespaces, - secrets] - verbs: [get, list, watch] -- apiGroups: [networking.istio.io] - verbs: [get, watch, list] - resources: [workloadentries] -- apiGroups: [apiextensions.k8s.io] - resources: [customresourcedefinitions] - verbs: [get, list, watch] -- apiGroups: [discovery.k8s.io] - resources: [endpointslices] - verbs: [get, list, watch] -- apiGroups: [apps] - resources: [replicasets] - verbs: [get, list, watch] -- apiGroups: [authentication.k8s.io] - resources: [tokenreviews] - verbs: [create] -- apiGroups: [authorization.k8s.io] - resources: [subjectaccessreviews] - verbs: [create] + - "config.istio.io" + - "security.istio.io" + - "networking.istio.io" + - "authentication.istio.io" + - "rbac.istio.io" + resources: ["*"] + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", + "namespaces", "secrets"] + verbs: ["get", "list", "watch"] +- apiGroups: ["networking.istio.io"] + verbs: ["get", "watch", "list"] + resources: ["workloadentries"] +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] +- apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "watch"] +- apiGroups: ["multicluster.x-k8s.io"] + resources: ["serviceexports"] + verbs: ["get", "list", "watch", "create", "delete"] +- apiGroups: ["multicluster.x-k8s.io"] + resources: ["serviceimports"] + verbs: ["get", "list", "watch"] +- apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] +- apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -86,38 +92,41 @@ metadata: release: istio rules: - apiGroups: - - config.istio.io - - security.istio.io - - networking.istio.io - - authentication.istio.io - - rbac.istio.io - resources: ['*'] - verbs: [get, list, watch] -- apiGroups: [''] - resources: [endpoints, pods, services, nodes, replicationcontrollers, namespaces, - secrets] - verbs: [get, list, watch] -- apiGroups: [networking.istio.io] - verbs: [get, watch, list] - resources: [workloadentries] -- apiGroups: [apiextensions.k8s.io] - resources: [customresourcedefinitions] - verbs: [get, list, watch] -- apiGroups: [discovery.k8s.io] - resources: [endpointslices] - verbs: [get, list, watch] -- apiGroups: [apps] - resources: [replicasets] - verbs: [get, list, watch] -- apiGroups: [authentication.k8s.io] - resources: [tokenreviews] - verbs: [create] -- apiGroups: [authorization.k8s.io] - resources: [subjectaccessreviews] - verbs: [create] -- apiGroups: [multicluster.x-k8s.io] - resources: [serviceexports] - verbs: [get, watch, list] + - "config.istio.io" + - "security.istio.io" + - "networking.istio.io" + - "authentication.istio.io" + - "rbac.istio.io" + resources: ["*"] + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", + "namespaces", "secrets"] + verbs: ["get", "list", "watch"] +- apiGroups: ["networking.istio.io"] + verbs: ["get", "watch", "list"] + resources: ["workloadentries"] +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] +- apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "watch"] +- apiGroups: ["apps"] + resources: ["replicasets"] + verbs: ["get", "list", "watch"] +- apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] +- apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] +- apiGroups: ["multicluster.x-k8s.io"] + resources: ["serviceexports"] + verbs: ["get", "watch", "list"] +- apiGroups: ["multicluster.x-k8s.io"] + resources: ["serviceimports"] + verbs: ["get", "watch", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -128,96 +137,119 @@ metadata: release: istio rules: # sidecar injection controller -- apiGroups: [admissionregistration.k8s.io] - resources: [mutatingwebhookconfigurations] - verbs: [get, list, watch, update, patch] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update", "patch"] # configuration validation webhook controller -- apiGroups: [admissionregistration.k8s.io] - resources: [validatingwebhookconfigurations] - verbs: [get, list, watch, update] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update"] # istio configuration # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382) # please proceed with caution -- apiGroups: [config.istio.io, security.istio.io, networking.istio.io, authentication.istio.io, - rbac.istio.io, telemetry.istio.io] - verbs: [get, watch, list] - resources: ['*'] -- apiGroups: [networking.istio.io] - verbs: [get, watch, list, update, patch, create, delete] - resources: [workloadentries] -- apiGroups: [networking.istio.io] - verbs: [get, watch, list, update, patch, create, delete] - resources: [workloadentries/status] +- apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", + "rbac.istio.io", "telemetry.istio.io", "extensions.istio.io"] + verbs: ["get", "watch", "list"] + resources: ["*"] +- apiGroups: ["networking.istio.io"] + verbs: ["get", "watch", "list", "update", "patch", "create", "delete"] + resources: ["workloadentries"] +- apiGroups: ["networking.istio.io"] + verbs: ["get", "watch", "list", "update", "patch", "create", "delete"] + resources: ["workloadentries/status"] # auto-detect installed CRD definitions -- apiGroups: [apiextensions.k8s.io] - resources: [customresourcedefinitions] - verbs: [get, list, watch] +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] # discovery and routing -- apiGroups: [''] - resources: [pods, nodes, services, namespaces, endpoints] - verbs: [get, list, watch] -- apiGroups: [discovery.k8s.io] - resources: [endpointslices] - verbs: [get, list, watch] +- apiGroups: [""] + resources: ["pods", "nodes", "services", "namespaces", "endpoints"] + verbs: ["get", "list", "watch"] +- apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "watch"] # ingress controller -- apiGroups: [networking.k8s.io] - resources: [ingresses, ingressclasses] - verbs: [get, list, watch] -- apiGroups: [networking.k8s.io] - resources: [ingresses/status] - verbs: ['*'] +- apiGroups: ["networking.k8s.io"] + resources: ["ingresses", "ingressclasses"] + verbs: ["get", "list", "watch"] +- apiGroups: ["networking.k8s.io"] + resources: ["ingresses/status"] + verbs: ["*"] # required for CA's namespace controller -- apiGroups: [''] - resources: [configmaps] - verbs: [create, get, list, watch, update] +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "get", "list", "watch", "update"] # Istiod and bootstrap. -- apiGroups: [certificates.k8s.io] +- apiGroups: ["certificates.k8s.io"] resources: - - certificatesigningrequests - - certificatesigningrequests/approval - - certificatesigningrequests/status - verbs: [update, create, get, delete, watch] -- apiGroups: [certificates.k8s.io] + - "certificatesigningrequests" + - "certificatesigningrequests/approval" + - "certificatesigningrequests/status" + verbs: ["update", "create", "get", "delete", "watch"] +- apiGroups: ["certificates.k8s.io"] resources: - - signers + - "signers" resourceNames: - - kubernetes.io/legacy-unknown - verbs: [approve] + - "kubernetes.io/legacy-unknown" + verbs: ["approve"] # Used by Istiod to verify the JWT tokens -- apiGroups: [authentication.k8s.io] - resources: [tokenreviews] - verbs: [create] +- apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] # Used by Istiod to verify gateway SDS -- apiGroups: [authorization.k8s.io] - resources: [subjectaccessreviews] - verbs: [create] +- apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] # Use for Kubernetes Service APIs -- apiGroups: [networking.x-k8s.io] - resources: ['*'] - verbs: [get, watch, list] -- apiGroups: [networking.x-k8s.io] - resources: ['*'] # TODO: should be on just */status but wildcard is not supported - verbs: [update] +- apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"] + resources: ["*"] + verbs: ["get", "watch", "list"] +- apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"] + resources: ["*"] # TODO: should be on just */status but wildcard is not supported + verbs: ["update", "patch"] +- apiGroups: ["gateway.networking.k8s.io"] + resources: ["gatewayclasses"] + verbs: ["create", "update", "patch", "delete"] # Needed for multicluster secret reading, possibly ingress certs in the future -- apiGroups: [''] - resources: [secrets] - verbs: [get, watch, list] +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] # Used for MCS serviceexport management -- apiGroups: [multicluster.x-k8s.io] - resources: [serviceexports] - verbs: [get, watch, list, create, delete] +- apiGroups: ["multicluster.x-k8s.io"] + resources: ["serviceexports"] + verbs: ["get", "watch", "list", "create", "delete"] + + # Used for MCS serviceimport management +- apiGroups: ["multicluster.x-k8s.io"] + resources: ["serviceimports"] + verbs: ["get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istiod-gateway-controller-istio-system + labels: + app: istiod + release: istio +rules: +- apiGroups: ["apps"] + verbs: ["get", "watch", "list", "update", "patch", "create", "delete"] + resources: ["deployments"] +- apiGroups: [""] + verbs: ["get", "watch", "list", "update", "patch", "create", "delete"] + resources: ["services"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole @@ -228,96 +260,104 @@ metadata: release: istio rules: # sidecar injection controller -- apiGroups: [admissionregistration.k8s.io] - resources: [mutatingwebhookconfigurations] - verbs: [get, list, watch, update, patch] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["mutatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update", "patch"] # configuration validation webhook controller -- apiGroups: [admissionregistration.k8s.io] - resources: [validatingwebhookconfigurations] - verbs: [get, list, watch, update] +- apiGroups: ["admissionregistration.k8s.io"] + resources: ["validatingwebhookconfigurations"] + verbs: ["get", "list", "watch", "update"] # istio configuration # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382) # please proceed with caution -- apiGroups: [config.istio.io, security.istio.io, networking.istio.io, authentication.istio.io, - rbac.istio.io, telemetry.istio.io] - verbs: [get, watch, list] - resources: ['*'] -- apiGroups: [networking.istio.io] - verbs: [get, watch, list, update, patch, create, delete] - resources: [workloadentries] -- apiGroups: [networking.istio.io] - verbs: [get, watch, list, update, patch, create, delete] - resources: [workloadentries/status] +- apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", + "rbac.istio.io", "telemetry.istio.io"] + verbs: ["get", "watch", "list"] + resources: ["*"] +- apiGroups: ["networking.istio.io"] + verbs: ["get", "watch", "list", "update", "patch", "create", "delete"] + resources: ["workloadentries"] +- apiGroups: ["networking.istio.io"] + verbs: ["get", "watch", "list", "update", "patch", "create", "delete"] + resources: ["workloadentries/status"] # auto-detect installed CRD definitions -- apiGroups: [apiextensions.k8s.io] - resources: [customresourcedefinitions] - verbs: [get, list, watch] +- apiGroups: ["apiextensions.k8s.io"] + resources: ["customresourcedefinitions"] + verbs: ["get", "list", "watch"] # discovery and routing -- apiGroups: [''] - resources: [pods, nodes, services, namespaces, endpoints] - verbs: [get, list, watch] -- apiGroups: [discovery.k8s.io] - resources: [endpointslices] - verbs: [get, list, watch] +- apiGroups: [""] + resources: ["pods", "nodes", "services", "namespaces", "endpoints"] + verbs: ["get", "list", "watch"] +- apiGroups: ["discovery.k8s.io"] + resources: ["endpointslices"] + verbs: ["get", "list", "watch"] # ingress controller -- apiGroups: [networking.k8s.io] - resources: [ingresses, ingressclasses] - verbs: [get, list, watch] -- apiGroups: [networking.k8s.io] - resources: [ingresses/status] - verbs: ['*'] +- apiGroups: ["networking.k8s.io"] + resources: ["ingresses", "ingressclasses"] + verbs: ["get", "list", "watch"] +- apiGroups: ["networking.k8s.io"] + resources: ["ingresses/status"] + verbs: ["*"] # required for CA's namespace controller -- apiGroups: [''] - resources: [configmaps] - verbs: [create, get, list, watch, update] +- apiGroups: [""] + resources: ["configmaps"] + verbs: ["create", "get", "list", "watch", "update"] # Istiod and bootstrap. -- apiGroups: [certificates.k8s.io] +- apiGroups: ["certificates.k8s.io"] resources: - - certificatesigningrequests - - certificatesigningrequests/approval - - certificatesigningrequests/status - verbs: [update, create, get, delete, watch] -- apiGroups: [certificates.k8s.io] + - "certificatesigningrequests" + - "certificatesigningrequests/approval" + - "certificatesigningrequests/status" + verbs: ["update", "create", "get", "delete", "watch"] +- apiGroups: ["certificates.k8s.io"] resources: - - signers + - "signers" resourceNames: - - kubernetes.io/legacy-unknown - verbs: [approve] + - "kubernetes.io/legacy-unknown" + verbs: ["approve"] # Used by Istiod to verify the JWT tokens -- apiGroups: [authentication.k8s.io] - resources: [tokenreviews] - verbs: [create] +- apiGroups: ["authentication.k8s.io"] + resources: ["tokenreviews"] + verbs: ["create"] # Used by Istiod to verify gateway SDS -- apiGroups: [authorization.k8s.io] - resources: [subjectaccessreviews] - verbs: [create] +- apiGroups: ["authorization.k8s.io"] + resources: ["subjectaccessreviews"] + verbs: ["create"] # Use for Kubernetes Service APIs -- apiGroups: [networking.x-k8s.io] - resources: ['*'] - verbs: [get, watch, list] -- apiGroups: [networking.x-k8s.io] - resources: ['*'] # TODO: should be on just */status but wildcard is not supported - verbs: [update] +- apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"] + resources: ["*"] + verbs: ["get", "watch", "list"] +- apiGroups: ["networking.x-k8s.io", "gateway.networking.k8s.io"] + resources: ["*"] # TODO: should be on just */status but wildcard is not supported + verbs: ["update"] +- apiGroups: ["gateway.networking.k8s.io"] + resources: ["gatewayclasses"] + verbs: ["create", "update", "patch", "delete"] # Needed for multicluster secret reading, possibly ingress certs in the future -- apiGroups: [''] - resources: [secrets] - verbs: [get, watch, list] +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] # Used for MCS serviceexport management -- apiGroups: [multicluster.x-k8s.io] - resources: [serviceexports] - verbs: [get, watch, list, create, delete] +- apiGroups: ["multicluster.x-k8s.io"] + resources: ["serviceexports"] + verbs: ["get", "watch", "list", "create", "delete"] + + # Used for MCS serviceimport management +- apiGroups: ["multicluster.x-k8s.io"] + resources: ["serviceimports"] + verbs: ["get", "watch", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -369,6 +409,22 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding +metadata: + name: istiod-gateway-controller-istio-system + labels: + app: istiod + release: istio +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istiod-gateway-controller-istio-system +subjects: +- kind: ServiceAccount + name: istiod + namespace: istio-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding metadata: name: istiod-istio-system labels: @@ -401,8 +457,7 @@ webhooks: service: name: istiod namespace: istio-system - path: /validate - caBundle: '' # patched at runtime when the webhook is ready. + path: "/validate" rules: - operations: - CREATE @@ -410,362 +465,427 @@ webhooks: apiGroups: - security.istio.io - networking.istio.io + - telemetry.istio.io + - extensions.istio.io apiVersions: - - '*' + - "*" resources: - - '*' + - "*" # Fail open until the validation webhook is ready. The webhook controller # will update this to `Fail` and patch in the `caBundle` when the webhook # endpoint is ready. failurePolicy: Ignore sideEffects: None - admissionReviewVersions: [v1beta1, v1] + admissionReviewVersions: ["v1beta1", "v1"] objectSelector: matchExpressions: - key: istio.io/rev operator: In values: - - default - # Webhook handling default validation -- name: validation.istio.io - clientConfig: - # Should change from base but cannot for API compat - service: - name: istiod - namespace: istio-system - path: /validate - caBundle: '' - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - - telemetry.istio.io - apiVersions: - - '*' - resources: - - '*' - failurePolicy: Ignore - sideEffects: None - admissionReviewVersions: [v1beta1, v1] - objectSelector: - matchExpressions: - - key: istio.io/rev - operator: DoesNotExist + - "default" --- apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: - name: metadata-exchange-1.10 + name: stats-filter-1.11 namespace: istio-system labels: istio.io/rev: default - install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: Pilot spec: + priority: -1 configPatches: - applyTo: HTTP_FILTER match: - context: SIDECAR_INBOUND + context: SIDECAR_OUTBOUND proxy: - proxyVersion: ^1\.10.* + proxyVersion: '^1\.11.*' listener: filterChain: filter: - name: envoy.filters.network.http_connection_manager + name: "envoy.filters.network.http_connection_manager" + subFilter: + name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: - name: istio.metadata_exchange + name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: + root_id: stats_outbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | - {} + { + "debug": "false", + "stat_prefix": "istio" + } vm_config: + vm_id: stats_outbound runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.metadata_exchange + inline_string: envoy.wasm.stats - applyTo: HTTP_FILTER match: - context: SIDECAR_OUTBOUND + context: SIDECAR_INBOUND proxy: - proxyVersion: ^1\.10.* + proxyVersion: '^1\.11.*' listener: filterChain: filter: - name: envoy.filters.network.http_connection_manager + name: "envoy.filters.network.http_connection_manager" + subFilter: + name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: - name: istio.metadata_exchange + name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: + root_id: stats_inbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | - {} + { + "debug": "false", + "stat_prefix": "istio", + "disable_host_header_fallback": true, + "metrics": [ + { + "dimensions": { + "destination_cluster": "node.metadata['CLUSTER_ID']", + "source_cluster": "downstream_peer.cluster_id" + } + } + ] + } vm_config: + vm_id: stats_inbound runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.metadata_exchange + inline_string: envoy.wasm.stats - applyTo: HTTP_FILTER match: context: GATEWAY proxy: - proxyVersion: ^1\.10.* + proxyVersion: '^1\.11.*' listener: filterChain: filter: - name: envoy.filters.network.http_connection_manager + name: "envoy.filters.network.http_connection_manager" + subFilter: + name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: - name: istio.metadata_exchange + name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: + root_id: stats_outbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | - {} + { + "debug": "false", + "stat_prefix": "istio", + "disable_host_header_fallback": true + } vm_config: + vm_id: stats_outbound runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.metadata_exchange + inline_string: envoy.wasm.stats --- apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: - name: metadata-exchange-1.11 + name: stats-filter-1.12 namespace: istio-system labels: istio.io/rev: default - install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: Pilot spec: + priority: -1 configPatches: - applyTo: HTTP_FILTER match: - context: SIDECAR_INBOUND + context: SIDECAR_OUTBOUND proxy: - proxyVersion: ^1\.11.* + proxyVersion: '^1\.12.*' listener: filterChain: filter: - name: envoy.filters.network.http_connection_manager + name: "envoy.filters.network.http_connection_manager" + subFilter: + name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: - name: istio.metadata_exchange + name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: + root_id: stats_outbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | - {} + { + "debug": "false", + "stat_prefix": "istio" + } vm_config: + vm_id: stats_outbound runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.metadata_exchange + inline_string: envoy.wasm.stats - applyTo: HTTP_FILTER match: - context: SIDECAR_OUTBOUND + context: SIDECAR_INBOUND proxy: - proxyVersion: ^1\.11.* + proxyVersion: '^1\.12.*' listener: filterChain: filter: - name: envoy.filters.network.http_connection_manager + name: "envoy.filters.network.http_connection_manager" + subFilter: + name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: - name: istio.metadata_exchange + name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: + root_id: stats_inbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | - {} + { + "debug": "false", + "stat_prefix": "istio", + "disable_host_header_fallback": true, + "metrics": [ + { + "dimensions": { + "destination_cluster": "node.metadata['CLUSTER_ID']", + "source_cluster": "downstream_peer.cluster_id" + } + } + ] + } vm_config: + vm_id: stats_inbound runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.metadata_exchange + inline_string: envoy.wasm.stats - applyTo: HTTP_FILTER match: context: GATEWAY proxy: - proxyVersion: ^1\.11.* + proxyVersion: '^1\.12.*' listener: filterChain: filter: - name: envoy.filters.network.http_connection_manager + name: "envoy.filters.network.http_connection_manager" + subFilter: + name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: - name: istio.metadata_exchange + name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: + root_id: stats_outbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | - {} + { + "debug": "false", + "stat_prefix": "istio", + "disable_host_header_fallback": true + } vm_config: + vm_id: stats_outbound runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.metadata_exchange + inline_string: envoy.wasm.stats --- apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: - name: metadata-exchange-1.9 + name: stats-filter-1.13 namespace: istio-system labels: istio.io/rev: default - install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: Pilot spec: + priority: -1 configPatches: - applyTo: HTTP_FILTER match: - context: SIDECAR_INBOUND + context: SIDECAR_OUTBOUND proxy: - proxyVersion: ^1\.9.* + proxyVersion: '^1\.13.*' listener: filterChain: filter: - name: envoy.filters.network.http_connection_manager + name: "envoy.filters.network.http_connection_manager" + subFilter: + name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: - name: istio.metadata_exchange + name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: + root_id: stats_outbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | - {} + { + "debug": "false", + "stat_prefix": "istio" + } vm_config: + vm_id: stats_outbound runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.metadata_exchange + inline_string: envoy.wasm.stats - applyTo: HTTP_FILTER match: - context: SIDECAR_OUTBOUND + context: SIDECAR_INBOUND proxy: - proxyVersion: ^1\.9.* + proxyVersion: '^1\.13.*' listener: filterChain: filter: - name: envoy.filters.network.http_connection_manager + name: "envoy.filters.network.http_connection_manager" + subFilter: + name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: - name: istio.metadata_exchange + name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: + root_id: stats_inbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | - {} + { + "debug": "false", + "stat_prefix": "istio", + "disable_host_header_fallback": true, + "metrics": [ + { + "dimensions": { + "destination_cluster": "node.metadata['CLUSTER_ID']", + "source_cluster": "downstream_peer.cluster_id" + } + } + ] + } vm_config: + vm_id: stats_inbound runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.metadata_exchange + inline_string: envoy.wasm.stats - applyTo: HTTP_FILTER match: context: GATEWAY proxy: - proxyVersion: ^1\.9.* + proxyVersion: '^1\.13.*' listener: filterChain: filter: - name: envoy.filters.network.http_connection_manager + name: "envoy.filters.network.http_connection_manager" + subFilter: + name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: - name: istio.metadata_exchange + name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: + root_id: stats_outbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | - {} + { + "debug": "false", + "stat_prefix": "istio", + "disable_host_header_fallback": true + } vm_config: + vm_id: stats_outbound runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.metadata_exchange + inline_string: envoy.wasm.stats --- apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: - name: stats-filter-1.10 + name: stats-filter-1.14 namespace: istio-system labels: istio.io/rev: default spec: + priority: -1 configPatches: - applyTo: HTTP_FILTER match: context: SIDECAR_OUTBOUND proxy: - proxyVersion: ^1\.10.* + proxyVersion: '^1\.14.*' listener: filterChain: filter: - name: envoy.filters.network.http_connection_manager + name: "envoy.filters.network.http_connection_manager" subFilter: - name: envoy.filters.http.router + name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: root_id: stats_outbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | { "debug": "false", @@ -781,25 +901,25 @@ spec: match: context: SIDECAR_INBOUND proxy: - proxyVersion: ^1\.10.* + proxyVersion: '^1\.14.*' listener: filterChain: filter: - name: envoy.filters.network.http_connection_manager + name: "envoy.filters.network.http_connection_manager" subFilter: - name: envoy.filters.http.router + name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: root_id: stats_inbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | { "debug": "false", @@ -824,25 +944,25 @@ spec: match: context: GATEWAY proxy: - proxyVersion: ^1\.10.* + proxyVersion: '^1\.14.*' listener: filterChain: filter: - name: envoy.filters.network.http_connection_manager + name: "envoy.filters.network.http_connection_manager" subFilter: - name: envoy.filters.http.router + name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: root_id: stats_outbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | { "debug": "false", @@ -859,35 +979,36 @@ spec: apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: - name: stats-filter-1.11 + name: stats-filter-1.15 namespace: istio-system labels: istio.io/rev: default spec: + priority: -1 configPatches: - applyTo: HTTP_FILTER match: context: SIDECAR_OUTBOUND proxy: - proxyVersion: ^1\.11.* + proxyVersion: '^1\.15.*' listener: filterChain: filter: - name: envoy.filters.network.http_connection_manager + name: "envoy.filters.network.http_connection_manager" subFilter: - name: envoy.filters.http.router + name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: root_id: stats_outbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | { "debug": "false", @@ -903,25 +1024,25 @@ spec: match: context: SIDECAR_INBOUND proxy: - proxyVersion: ^1\.11.* + proxyVersion: '^1\.15.*' listener: filterChain: filter: - name: envoy.filters.network.http_connection_manager + name: "envoy.filters.network.http_connection_manager" subFilter: - name: envoy.filters.http.router + name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: root_id: stats_inbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | { "debug": "false", @@ -946,25 +1067,25 @@ spec: match: context: GATEWAY proxy: - proxyVersion: ^1\.11.* + proxyVersion: '^1\.15.*' listener: filterChain: filter: - name: envoy.filters.network.http_connection_manager + name: "envoy.filters.network.http_connection_manager" subFilter: - name: envoy.filters.http.router + name: "envoy.filters.http.router" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm value: config: root_id: stats_outbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | { "debug": "false", @@ -981,35 +1102,34 @@ spec: apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: - name: stats-filter-1.9 + name: tcp-stats-filter-1.11 namespace: istio-system labels: istio.io/rev: default spec: + priority: -1 configPatches: - - applyTo: HTTP_FILTER + - applyTo: NETWORK_FILTER match: - context: SIDECAR_OUTBOUND + context: SIDECAR_INBOUND proxy: - proxyVersion: ^1\.9.* + proxyVersion: '^1\.11.*' listener: filterChain: filter: - name: envoy.filters.network.http_connection_manager - subFilter: - name: envoy.filters.http.router + name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm + "@type": type.googleapis.com/udpa.type.v1.TypedStruct + type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: config: - root_id: stats_outbound + root_id: stats_inbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | { "debug": "false", @@ -1017,305 +1137,229 @@ spec: "metrics": [ { "dimensions": { - "source_cluster": "node.metadata['CLUSTER_ID']", - "destination_cluster": "upstream_peer.cluster_id" + "destination_cluster": "node.metadata['CLUSTER_ID']", + "source_cluster": "downstream_peer.cluster_id" } } ] } vm_config: - vm_id: stats_outbound + vm_id: tcp_stats_inbound runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.stats - - applyTo: HTTP_FILTER + inline_string: "envoy.wasm.stats" + - applyTo: NETWORK_FILTER match: - context: SIDECAR_INBOUND + context: SIDECAR_OUTBOUND proxy: - proxyVersion: ^1\.9.* + proxyVersion: '^1\.11.*' listener: filterChain: filter: - name: envoy.filters.network.http_connection_manager - subFilter: - name: envoy.filters.http.router + name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm + "@type": type.googleapis.com/udpa.type.v1.TypedStruct + type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: config: - root_id: stats_inbound + root_id: stats_outbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | { "debug": "false", - "stat_prefix": "istio", - "metrics": [ - { - "dimensions": { - "destination_cluster": "node.metadata['CLUSTER_ID']", - "source_cluster": "downstream_peer.cluster_id" - } - } - ] + "stat_prefix": "istio" } vm_config: - vm_id: stats_inbound + vm_id: tcp_stats_outbound runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.stats - - applyTo: HTTP_FILTER + inline_string: "envoy.wasm.stats" + - applyTo: NETWORK_FILTER match: context: GATEWAY proxy: - proxyVersion: ^1\.9.* + proxyVersion: '^1\.11.*' listener: filterChain: filter: - name: envoy.filters.network.http_connection_manager - subFilter: - name: envoy.filters.http.router + name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm + "@type": type.googleapis.com/udpa.type.v1.TypedStruct + type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: config: root_id: stats_outbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | { "debug": "false", - "stat_prefix": "istio", - "disable_host_header_fallback": true, - "metrics": [ - { - "dimensions": { - "source_cluster": "node.metadata['CLUSTER_ID']", - "destination_cluster": "upstream_peer.cluster_id" - } - } - ] + "stat_prefix": "istio" } vm_config: - vm_id: stats_outbound + vm_id: tcp_stats_outbound runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.stats + inline_string: "envoy.wasm.stats" --- apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: - name: tcp-metadata-exchange-1.10 + name: tcp-stats-filter-1.12 namespace: istio-system labels: istio.io/rev: default spec: + priority: -1 configPatches: - applyTo: NETWORK_FILTER match: context: SIDECAR_INBOUND proxy: - proxyVersion: ^1\.10.* - listener: {} + proxyVersion: '^1\.12.*' + listener: + filterChain: + filter: + name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: - name: istio.metadata_exchange + name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange + "@type": type.googleapis.com/udpa.type.v1.TypedStruct + type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: - protocol: istio-peer-exchange - - applyTo: CLUSTER - match: - context: SIDECAR_OUTBOUND - proxy: - proxyVersion: ^1\.10.* - cluster: {} - patch: - operation: MERGE - value: - filters: - - name: istio.metadata_exchange - typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange - value: - protocol: istio-peer-exchange - - applyTo: CLUSTER - match: - context: GATEWAY - proxy: - proxyVersion: ^1\.10.* - cluster: {} - patch: - operation: MERGE - value: - filters: - - name: istio.metadata_exchange - typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange - value: - protocol: istio-peer-exchange ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: tcp-metadata-exchange-1.11 - namespace: istio-system - labels: - istio.io/rev: default -spec: - configPatches: + config: + root_id: stats_inbound + configuration: + "@type": "type.googleapis.com/google.protobuf.StringValue" + value: | + { + "debug": "false", + "stat_prefix": "istio", + "metrics": [ + { + "dimensions": { + "destination_cluster": "node.metadata['CLUSTER_ID']", + "source_cluster": "downstream_peer.cluster_id" + } + } + ] + } + vm_config: + vm_id: tcp_stats_inbound + runtime: envoy.wasm.runtime.null + code: + local: + inline_string: "envoy.wasm.stats" - applyTo: NETWORK_FILTER match: - context: SIDECAR_INBOUND + context: SIDECAR_OUTBOUND proxy: - proxyVersion: ^1\.11.* - listener: {} + proxyVersion: '^1\.12.*' + listener: + filterChain: + filter: + name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: - name: istio.metadata_exchange + name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange + "@type": type.googleapis.com/udpa.type.v1.TypedStruct + type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: - protocol: istio-peer-exchange - - applyTo: CLUSTER - match: - context: SIDECAR_OUTBOUND - proxy: - proxyVersion: ^1\.11.* - cluster: {} - patch: - operation: MERGE - value: - filters: - - name: istio.metadata_exchange - typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange - value: - protocol: istio-peer-exchange - - applyTo: CLUSTER - match: - context: GATEWAY - proxy: - proxyVersion: ^1\.11.* - cluster: {} - patch: - operation: MERGE - value: - filters: - - name: istio.metadata_exchange - typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange - value: - protocol: istio-peer-exchange ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: tcp-metadata-exchange-1.9 - namespace: istio-system - labels: - istio.io/rev: default -spec: - configPatches: + config: + root_id: stats_outbound + configuration: + "@type": "type.googleapis.com/google.protobuf.StringValue" + value: | + { + "debug": "false", + "stat_prefix": "istio" + } + vm_config: + vm_id: tcp_stats_outbound + runtime: envoy.wasm.runtime.null + code: + local: + inline_string: "envoy.wasm.stats" - applyTo: NETWORK_FILTER match: - context: SIDECAR_INBOUND + context: GATEWAY proxy: - proxyVersion: ^1\.9.* - listener: {} + proxyVersion: '^1\.12.*' + listener: + filterChain: + filter: + name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: - name: istio.metadata_exchange + name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange + "@type": type.googleapis.com/udpa.type.v1.TypedStruct + type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: - protocol: istio-peer-exchange - - applyTo: CLUSTER - match: - context: SIDECAR_OUTBOUND - proxy: - proxyVersion: ^1\.9.* - cluster: {} - patch: - operation: MERGE - value: - filters: - - name: istio.metadata_exchange - typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange - value: - protocol: istio-peer-exchange - - applyTo: CLUSTER - match: - context: GATEWAY - proxy: - proxyVersion: ^1\.9.* - cluster: {} - patch: - operation: MERGE - value: - filters: - - name: istio.metadata_exchange - typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange - value: - protocol: istio-peer-exchange + config: + root_id: stats_outbound + configuration: + "@type": "type.googleapis.com/google.protobuf.StringValue" + value: | + { + "debug": "false", + "stat_prefix": "istio" + } + vm_config: + vm_id: tcp_stats_outbound + runtime: envoy.wasm.runtime.null + code: + local: + inline_string: "envoy.wasm.stats" --- apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: - name: tcp-stats-filter-1.10 + name: tcp-stats-filter-1.13 namespace: istio-system labels: istio.io/rev: default spec: + priority: -1 configPatches: - applyTo: NETWORK_FILTER match: context: SIDECAR_INBOUND proxy: - proxyVersion: ^1\.10.* + proxyVersion: '^1\.13.*' listener: filterChain: filter: - name: envoy.filters.network.tcp_proxy + name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: config: root_id: stats_inbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | { "debug": "false", @@ -1334,28 +1378,28 @@ spec: runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.stats + inline_string: "envoy.wasm.stats" - applyTo: NETWORK_FILTER match: context: SIDECAR_OUTBOUND proxy: - proxyVersion: ^1\.10.* + proxyVersion: '^1\.13.*' listener: filterChain: filter: - name: envoy.filters.network.tcp_proxy + name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: config: root_id: stats_outbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | { "debug": "false", @@ -1366,28 +1410,28 @@ spec: runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.stats + inline_string: "envoy.wasm.stats" - applyTo: NETWORK_FILTER match: context: GATEWAY proxy: - proxyVersion: ^1\.10.* + proxyVersion: '^1\.13.*' listener: filterChain: filter: - name: envoy.filters.network.tcp_proxy + name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: config: root_id: stats_outbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | { "debug": "false", @@ -1398,38 +1442,39 @@ spec: runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.stats + inline_string: "envoy.wasm.stats" --- apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: - name: tcp-stats-filter-1.11 + name: tcp-stats-filter-1.14 namespace: istio-system labels: istio.io/rev: default spec: + priority: -1 configPatches: - applyTo: NETWORK_FILTER match: context: SIDECAR_INBOUND proxy: - proxyVersion: ^1\.11.* + proxyVersion: '^1\.14.*' listener: filterChain: filter: - name: envoy.filters.network.tcp_proxy + name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: config: root_id: stats_inbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | { "debug": "false", @@ -1448,28 +1493,28 @@ spec: runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.stats + inline_string: "envoy.wasm.stats" - applyTo: NETWORK_FILTER match: context: SIDECAR_OUTBOUND proxy: - proxyVersion: ^1\.11.* + proxyVersion: '^1\.14.*' listener: filterChain: filter: - name: envoy.filters.network.tcp_proxy + name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: config: root_id: stats_outbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | { "debug": "false", @@ -1480,28 +1525,28 @@ spec: runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.stats + inline_string: "envoy.wasm.stats" - applyTo: NETWORK_FILTER match: context: GATEWAY proxy: - proxyVersion: ^1\.11.* + proxyVersion: '^1\.14.*' listener: filterChain: filter: - name: envoy.filters.network.tcp_proxy + name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: config: root_id: stats_outbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | { "debug": "false", @@ -1512,38 +1557,39 @@ spec: runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.stats + inline_string: "envoy.wasm.stats" --- apiVersion: networking.istio.io/v1alpha3 kind: EnvoyFilter metadata: - name: tcp-stats-filter-1.9 + name: tcp-stats-filter-1.15 namespace: istio-system labels: istio.io/rev: default spec: + priority: -1 configPatches: - applyTo: NETWORK_FILTER match: context: SIDECAR_INBOUND proxy: - proxyVersion: ^1\.9.* + proxyVersion: '^1\.15.*' listener: filterChain: filter: - name: envoy.filters.network.tcp_proxy + name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: config: root_id: stats_inbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | { "debug": "false", @@ -1562,87 +1608,71 @@ spec: runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.stats + inline_string: "envoy.wasm.stats" - applyTo: NETWORK_FILTER match: context: SIDECAR_OUTBOUND proxy: - proxyVersion: ^1\.9.* + proxyVersion: '^1\.15.*' listener: filterChain: filter: - name: envoy.filters.network.tcp_proxy + name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: config: root_id: stats_outbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | { "debug": "false", - "stat_prefix": "istio", - "metrics": [ - { - "dimensions": { - "source_cluster": "node.metadata['CLUSTER_ID']", - "destination_cluster": "upstream_peer.cluster_id" - } - } - ] + "stat_prefix": "istio" } vm_config: vm_id: tcp_stats_outbound runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.stats + inline_string: "envoy.wasm.stats" - applyTo: NETWORK_FILTER match: context: GATEWAY proxy: - proxyVersion: ^1\.9.* + proxyVersion: '^1\.15.*' listener: filterChain: filter: - name: envoy.filters.network.tcp_proxy + name: "envoy.filters.network.tcp_proxy" patch: operation: INSERT_BEFORE value: name: istio.stats typed_config: - '@type': type.googleapis.com/udpa.type.v1.TypedStruct + "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm value: config: root_id: stats_outbound configuration: - '@type': type.googleapis.com/google.protobuf.StringValue + "@type": "type.googleapis.com/google.protobuf.StringValue" value: | { "debug": "false", - "stat_prefix": "istio", - "metrics": [ - { - "dimensions": { - "source_cluster": "node.metadata['CLUSTER_ID']", - "destination_cluster": "upstream_peer.cluster_id" - } - } - ] + "stat_prefix": "istio" } vm_config: vm_id: tcp_stats_outbound runtime: envoy.wasm.runtime.null code: local: - inline_string: envoy.wasm.stats + inline_string: "envoy.wasm.stats" --- apiVersion: v1 kind: ConfigMap @@ -1652,7 +1682,7 @@ metadata: labels: istio.io/rev: default install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: Pilot + operator.istio.io/component: "Pilot" release: istio data: @@ -1669,6 +1699,11 @@ data: zipkin: address: zipkin.istio-system:9411 enablePrometheusMerge: true + extensionProviders: + - envoyOtelAls: + port: 4317 + service: otel-collector.istio-system.svc.cluster.local + name: otel rootNamespace: istio-system tcpKeepalive: interval: 5s @@ -1684,14 +1719,16 @@ metadata: labels: istio.io/rev: default install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: Pilot + operator.istio.io/component: "Pilot" release: istio data: values: |- { "global": { + "autoscalingv2API": true, "caAddress": "", + "caName": "", "configCluster": false, "configValidation": true, "defaultNodeSelector": {}, @@ -1706,7 +1743,7 @@ data: "enabled": true, "externalIstiod": false, "hub": "docker.io/istio", - "imagePullPolicy": "", + "imagePullPolicy": "IfNotPresent", "imagePullSecrets": [], "istioNamespace": "istio-system", "istiod": { @@ -1742,6 +1779,8 @@ data: "holdApplicationUntilProxyStarts": false, "image": "proxyv2", "includeIPRanges": "*", + "includeInboundPorts": "*", + "includeOutboundPorts": "", "logLevel": "warning", "privileged": false, "readinessFailureThreshold": 30, @@ -1782,7 +1821,7 @@ data: "sts": { "servicePort": 0 }, - "tag": "1.11.4", + "tag": "1.14.1", "tracer": { "datadog": { "address": "$(HOST_IP):8126" @@ -1813,10 +1852,6 @@ data: "enableNamespacesByDefault": false, "injectedAnnotations": {}, "neverInjectSelector": [], - "objectSelector": { - "autoInject": true, - "enabled": true - }, "rewriteAppHTTPProbe": true, "templates": {} } @@ -1839,6 +1874,32 @@ data: template: "{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}" templates: sidecar: | + {{- define "resources" }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} + requests: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} + cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} + memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" + {{ end }} + {{- end }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + limits: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} + cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} + memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" + {{ end }} + {{- end }} + {{- else }} + {{- if .Values.global.proxy.resources }} + {{ toYaml .Values.global.proxy.resources | indent 6 }} + {{- end }} + {{- end }} + {{- end }} {{- $containers := list }} {{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} metadata: @@ -1847,10 +1908,14 @@ data: service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} annotations: { - {{- if eq (len $containers) 1 }} + {{- if ge (len $containers) 1 }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-logs-container`) }} kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", + {{- end }} + {{- if not (isset .ObjectMeta.Annotations `kubectl.kubernetes.io/default-container`) }} kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", - {{ end }} + {{- end }} + {{- end }} {{- if .Values.istio_cni.enabled }} {{- if not .Values.istio_cni.chained }} k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `istio-cni` }}', @@ -1858,7 +1923,7 @@ data: sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}", {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }} {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }} - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}", + {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}traffic.sidecar.istio.io/includeInboundPorts: "{{.}}",{{ end }} traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}", {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }} traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}", @@ -1881,12 +1946,12 @@ data: {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }} image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}" {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" + image: "{{ .ProxyImage }}" {{- end }} args: - istio-iptables - "-p" - - "15001" + - {{ .MeshConfig.ProxyListenPort | default "15001" | quote }} - "-z" - "15006" - "-u" @@ -1898,7 +1963,7 @@ data: - "-x" - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` .Values.global.proxy.includeInboundPorts }}" - "-d" {{- if excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }} - "15090,15021,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" @@ -1930,30 +1995,7 @@ data: {{- end }} {{- end }} resources: - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} + {{ template "resources" . }} securityContext: allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} privileged: {{ .Values.global.proxy.privileged }} @@ -1988,10 +2030,11 @@ data: {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }} image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}" {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" + image: "{{ .ProxyImage }}" {{- end }} {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - resources: {} + resources: + {{ template "resources" . }} securityContext: allowPrivilegeEscalation: true capabilities: @@ -2010,7 +2053,7 @@ data: {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}" + image: "{{ .ProxyImage }}" {{- end }} ports: - containerPort: 15090 @@ -2151,6 +2194,20 @@ data: failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} {{ end -}} securityContext: + {{- if eq (index .ProxyConfig.ProxyMetadata "IPTABLES_TRACE_LOGGING") "true" }} + allowPrivilegeEscalation: true + capabilities: + add: + - NET_ADMIN + drop: + - ALL + privileged: true + readOnlyRootFilesystem: {{ ne (annotation .ObjectMeta `sidecar.istio.io/enableCoreDump` .Values.global.proxy.enableCoreDump) "true" }} + runAsGroup: 1337 + fsGroup: 1337 + runAsNonRoot: false + runAsUser: 0 + {{- else }} allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} capabilities: {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} @@ -2175,32 +2232,20 @@ data: runAsNonRoot: true runAsUser: 1337 {{- end }} + {{- end }} resources: - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} + {{ template "resources" . }} volumeMounts: + - name: workload-socket + mountPath: /var/run/secrets/workload-spiffe-uds + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} {{- if eq .Values.global.pilotCertProvider "istiod" }} - mountPath: /var/run/secrets/istio name: istiod-ca-cert @@ -2238,6 +2283,16 @@ data: {{ end }} {{- end }} volumes: + - emptyDir: + name: workload-socket + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + csi: + driver: workloadcertificates.security.cloud.google.com + {{- else }} + - emptyDir: + name: workload-certs + {{- end }} {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - name: custom-bootstrap-volume configMap: @@ -2325,7 +2380,7 @@ data: {{- if contains "/" .Values.global.proxy.image }} image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}" + image: "{{ .ProxyImage }}" {{- end }} ports: - containerPort: 15090 @@ -2439,6 +2494,16 @@ data: timeoutSeconds: 3 failureThreshold: {{ .Values.global.proxy.readinessFailureThreshold }} volumeMounts: + - name: workload-socket + mountPath: /var/run/secrets/workload-spiffe-uds + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + mountPath: /var/run/secrets/workload-spiffe-credentials + readOnly: true + {{- else }} + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials + {{- end }} {{- if eq .Values.global.pilotCertProvider "istiod" }} - mountPath: /var/run/secrets/istio name: istiod-ca-cert @@ -2461,6 +2526,16 @@ data: - name: istio-podinfo mountPath: /etc/istio/pod volumes: + - emptyDir: {} + name: workload-socket + {{- if eq .Values.global.caName "GkeWorkloadCertificate" }} + - name: gke-workload-certificate + csi: + driver: workloadcertificates.security.cloud.google.com + {{- else}} + - emptyDir: {} + name: workload-certs + {{- end }} # SDS channel between istioagent and Envoy - emptyDir: medium: Memory @@ -2512,6 +2587,8 @@ data: fsGroup: 1337 {{- end }} grpc-simple: | + metadata: + sidecar.istio.io/rewriteAppHTTPProbers: "false" spec: initContainers: - name: grpc-bootstrap-init @@ -2532,16 +2609,20 @@ data: valueFrom: fieldRef: fieldPath: metadata.namespace + - name: ISTIO_NAMESPACE + value: | + {{ .Values.global.istioNamespace }} command: - sh - "-c" - |- NODE_ID="sidecar~${INSTANCE_IP}~${POD_NAME}.${POD_NAMESPACE}~cluster.local" + SERVER_URI="dns:///istiod.${ISTIO_NAMESPACE}.svc:15010" echo ' { "xds_servers": [ { - "server_uri": "dns:///istiod.istio-system.svc:15010", + "server_uri": "'${SERVER_URI}'", "channel_creds": [{"type": "insecure"}], "server_features" : ["xds_v3"] } @@ -2574,11 +2655,15 @@ data: {{- $containers := list }} {{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} metadata: + labels: + service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} + service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} annotations: { {{- if eq (len $containers) 1 }} kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", {{ end }} + sidecar.istio.io/rewriteAppHTTPProbers: "false", } spec: containers: @@ -2586,10 +2671,10 @@ data: {{ if not (eq $container.Name "istio-proxy") }} - name: {{ $container.Name }} env: - - name: "GRPC_XDS_BOOTSTRAP" - value: "/var/lib/istio/data/grpc-bootstrap.json" - name: "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT" value: "true" + - name: "GRPC_XDS_BOOTSTRAP" + value: "/etc/istio/proxy/grpc-bootstrap.json" volumeMounts: - mountPath: /var/lib/istio/data name: istio-data @@ -2602,7 +2687,7 @@ data: {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}" + image: "{{ .ProxyImage }}" {{- end }} args: - proxy @@ -2617,8 +2702,6 @@ data: - --log_as_json {{- end }} env: - - name: "GRPC_XDS_BOOTSTRAP" - value: "/var/lib/istio/data/grpc-bootstrap.json" - name: ISTIO_META_GENERATOR value: grpc - name: OUTPUT_CERTS @@ -2748,6 +2831,10 @@ data: {{- end }} {{- end }} volumeMounts: + - name: workload-socket + mountPath: /var/run/secrets/workload-spiffe-uds + - name: workload-certs + mountPath: /var/run/secrets/workload-spiffe-credentials {{- if eq .Values.global.pilotCertProvider "istiod" }} - mountPath: /var/run/secrets/istio name: istiod-ca-cert @@ -2770,6 +2857,10 @@ data: {{ end }} {{- end }} volumes: + - emptyDir: {} + name: workload-socket + - emptyDir: {} + name: workload-certs # UDS channel between istioagent and gRPC client for XDS/SDS - emptyDir: medium: Memory @@ -2813,7 +2904,7 @@ metadata: labels: istio.io/rev: default install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: Pilot + operator.istio.io/component: "Pilot" app: sidecar-injector release: istio webhooks: @@ -2822,23 +2913,22 @@ webhooks: service: name: istiod namespace: istio-system - path: /inject + path: "/inject" port: 443 - caBundle: '' sideEffects: None rules: - - operations: [CREATE] - apiGroups: [''] - apiVersions: [v1] - resources: [pods] + - operations: ["CREATE"] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] failurePolicy: Fail - admissionReviewVersions: [v1beta1, v1] + admissionReviewVersions: ["v1beta1", "v1"] namespaceSelector: matchExpressions: - key: istio.io/rev operator: In values: - - default + - "default" - key: istio-injection operator: DoesNotExist objectSelector: @@ -2846,23 +2936,22 @@ webhooks: - key: sidecar.istio.io/inject operator: NotIn values: - - 'false' + - "false" - name: rev.object.sidecar-injector.istio.io clientConfig: service: name: istiod namespace: istio-system - path: /inject + path: "/inject" port: 443 - caBundle: '' sideEffects: None rules: - - operations: [CREATE] - apiGroups: [''] - apiVersions: [v1] - resources: [pods] + - operations: ["CREATE"] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] failurePolicy: Fail - admissionReviewVersions: [v1beta1, v1] + admissionReviewVersions: ["v1beta1", "v1"] namespaceSelector: matchExpressions: - key: istio.io/rev @@ -2874,27 +2963,26 @@ webhooks: - key: sidecar.istio.io/inject operator: NotIn values: - - 'false' + - "false" - key: istio.io/rev operator: In values: - - default + - "default" - name: namespace.sidecar-injector.istio.io clientConfig: service: name: istiod namespace: istio-system - path: /inject + path: "/inject" port: 443 - caBundle: '' sideEffects: None rules: - - operations: [CREATE] - apiGroups: [''] - apiVersions: [v1] - resources: [pods] + - operations: ["CREATE"] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] failurePolicy: Fail - admissionReviewVersions: [v1beta1, v1] + admissionReviewVersions: ["v1beta1", "v1"] namespaceSelector: matchExpressions: - key: istio-injection @@ -2906,23 +2994,22 @@ webhooks: - key: sidecar.istio.io/inject operator: NotIn values: - - 'false' + - "false" - name: object.sidecar-injector.istio.io clientConfig: service: name: istiod namespace: istio-system - path: /inject + path: "/inject" port: 443 - caBundle: '' sideEffects: None rules: - - operations: [CREATE] - apiGroups: [''] - apiVersions: [v1] - resources: [pods] + - operations: ["CREATE"] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] failurePolicy: Fail - admissionReviewVersions: [v1beta1, v1] + admissionReviewVersions: ["v1beta1", "v1"] namespaceSelector: matchExpressions: - key: istio-injection @@ -2934,7 +3021,7 @@ webhooks: - key: sidecar.istio.io/inject operator: In values: - - 'true' + - "true" - key: istio.io/rev operator: DoesNotExist --- @@ -2963,9 +3050,9 @@ spec: metadata: annotations: prometheus.io/path: /stats/prometheus - prometheus.io/port: '15020' - prometheus.io/scrape: 'true' - sidecar.istio.io/inject: 'false' + prometheus.io/port: "15020" + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "false" labels: app: istio-ingressgateway chart: gateways @@ -2977,7 +3064,7 @@ spec: release: istio service.istio.io/canonical-name: istio-ingressgateway service.istio.io/canonical-revision: latest - sidecar.istio.io/inject: 'false' + sidecar.istio.io/inject: "false" spec: affinity: nodeAffinity: @@ -2989,6 +3076,13 @@ spec: values: - amd64 weight: 2 + - preference: + matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - arm64 + weight: 2 - preference: matchExpressions: - key: kubernetes.io/arch @@ -3010,6 +3104,7 @@ spec: operator: In values: - amd64 + - arm64 - ppc64le - s390x containers: @@ -3066,12 +3161,11 @@ spec: - name: TRUST_DOMAIN value: cluster.local - name: ISTIO_META_UNPRIVILEGED_POD - value: 'true' - - name: ISTIO_META_ROUTER_MODE - value: standard + value: "true" - name: ISTIO_META_CLUSTER_ID value: Kubernetes - image: docker.io/istio/proxyv2:1.11.4 + image: docker.io/istio/proxyv2:1.14.1 + imagePullPolicy: IfNotPresent name: istio-proxy ports: - containerPort: 15021 @@ -3112,6 +3206,10 @@ spec: privileged: false readOnlyRootFilesystem: true volumeMounts: + - mountPath: /var/run/secrets/workload-spiffe-uds + name: workload-socket + - mountPath: /var/run/secrets/workload-spiffe-credentials + name: workload-certs - mountPath: /etc/istio/proxy name: istio-envoy - mountPath: /etc/istio/config @@ -3138,6 +3236,10 @@ spec: runAsUser: 1337 serviceAccountName: istio-ingressgateway-service-account volumes: + - emptyDir: {} + name: workload-socket + - emptyDir: {} + name: workload-certs - configMap: name: istio-ca-root-cert name: istiod-ca-cert @@ -3198,16 +3300,16 @@ spec: template: metadata: annotations: - prometheus.io/port: '15014' - prometheus.io/scrape: 'true' - sidecar.istio.io/inject: 'false' + prometheus.io/port: "15014" + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "false" labels: app: istiod install.operator.istio.io/owning-resource: unknown istio: pilot istio.io/rev: default operator.istio.io/component: Pilot - sidecar.istio.io/inject: 'false' + sidecar.istio.io/inject: "false" spec: containers: - args: @@ -3243,18 +3345,19 @@ spec: - name: KUBECONFIG value: /var/run/secrets/remote/config - name: PILOT_TRACE_SAMPLING - value: '100' + value: "100" - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND - value: 'true' + value: "true" - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND - value: 'true' + value: "true" - name: ISTIOD_ADDR value: istiod.istio-system.svc:15012 - name: PILOT_ENABLE_ANALYSIS - value: 'false' + value: "false" - name: CLUSTER_ID value: Kubernetes - image: docker.io/istio/pilot:1.11.4 + image: gcr.io/arrikto/istio/pilot:1.14.1-1-g19df463bb + imagePullPolicy: IfNotPresent name: discovery ports: - containerPort: 8080 @@ -3275,9 +3378,11 @@ spec: cpu: 10m memory: 100Mi securityContext: + allowPrivilegeEscalation: false capabilities: drop: - ALL + readOnlyRootFilesystem: true runAsGroup: 1337 runAsNonRoot: true runAsUser: 1337 @@ -3293,7 +3398,6 @@ spec: - mountPath: /var/run/secrets/remote name: istio-kubeconfig readOnly: true - nodeSelector: {} securityContext: fsGroup: 1337 serviceAccountName: istiod @@ -3328,7 +3432,7 @@ metadata: release: istio istio.io/rev: default install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: IngressGateways + operator.istio.io/component: "IngressGateways" spec: minAvailable: 1 selector: @@ -3345,7 +3449,7 @@ metadata: app: istiod istio.io/rev: default install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: Pilot + operator.istio.io/component: "Pilot" release: istio istio: pilot spec: @@ -3364,11 +3468,11 @@ metadata: release: istio istio.io/rev: default install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: IngressGateways + operator.istio.io/component: "IngressGateways" rules: -- apiGroups: [''] - resources: [secrets] - verbs: [get, watch, list] +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -3379,14 +3483,14 @@ metadata: app: istiod release: istio rules: -- apiGroups: [networking.istio.io] - verbs: [create] - resources: [gateways] +- apiGroups: ["networking.istio.io"] + verbs: ["create"] + resources: ["gateways"] -- apiGroups: [''] - resources: [secrets] +- apiGroups: [""] + resources: ["secrets"] # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config - verbs: [create, get, watch, list, update, delete] + verbs: ["create", "get", "watch", "list", "update", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -3397,14 +3501,14 @@ metadata: app: istiod release: istio rules: -- apiGroups: [networking.istio.io] - verbs: [create] - resources: [gateways] +- apiGroups: ["networking.istio.io"] + verbs: ["create"] + resources: ["gateways"] -- apiGroups: [''] - resources: [secrets] +- apiGroups: [""] + resources: ["secrets"] # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config - verbs: [create, get, watch, list, update, delete] + verbs: ["create", "get", "watch", "list", "update", "delete"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -3415,7 +3519,7 @@ metadata: release: istio istio.io/rev: default install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: IngressGateways + operator.istio.io/component: "IngressGateways" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role @@ -3506,7 +3610,7 @@ metadata: labels: istio.io/rev: default install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: Pilot + operator.istio.io/component: "Pilot" app: istiod istio: pilot release: istio diff --git a/common/istio-1-9/istio-crds/base/kustomization.yaml b/common/istio-1-14/istio-install/base/kustomization.yaml similarity index 86% rename from common/istio-1-9/istio-crds/base/kustomization.yaml rename to common/istio-1-14/istio-install/base/kustomization.yaml index 3dd2d3cace..c3f399ac43 100644 --- a/common/istio-1-9/istio-crds/base/kustomization.yaml +++ b/common/istio-1-14/istio-install/base/kustomization.yaml @@ -1,5 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- crd.yaml +- install.yaml + namespace: istio-system diff --git a/common/istio-1-11/istio-install/base/patches/istio-configmap-disable-tracing.yaml b/common/istio-1-14/istio-install/base/patches/istio-configmap-disable-tracing.yaml similarity index 100% rename from common/istio-1-11/istio-install/base/patches/istio-configmap-disable-tracing.yaml rename to common/istio-1-14/istio-install/base/patches/istio-configmap-disable-tracing.yaml diff --git a/common/istio-1-11/istio-install/base/patches/remove-pdb.yaml b/common/istio-1-14/istio-install/base/patches/remove-pdb.yaml similarity index 100% rename from common/istio-1-11/istio-install/base/patches/remove-pdb.yaml rename to common/istio-1-14/istio-install/base/patches/remove-pdb.yaml diff --git a/common/istio-1-11/istio-install/base/patches/service.yaml b/common/istio-1-14/istio-install/base/patches/service.yaml similarity index 100% rename from common/istio-1-11/istio-install/base/patches/service.yaml rename to common/istio-1-14/istio-install/base/patches/service.yaml diff --git a/common/istio-1-11/istio-install/base/x-forwarded-host.yaml b/common/istio-1-14/istio-install/base/x-forwarded-host.yaml similarity index 100% rename from common/istio-1-11/istio-install/base/x-forwarded-host.yaml rename to common/istio-1-14/istio-install/base/x-forwarded-host.yaml diff --git a/common/istio-1-9/istio-namespace/base/kustomization.yaml b/common/istio-1-14/istio-namespace/base/kustomization.yaml similarity index 66% rename from common/istio-1-9/istio-namespace/base/kustomization.yaml rename to common/istio-1-14/istio-namespace/base/kustomization.yaml index 6e0028159b..a8cfd5774a 100644 --- a/common/istio-1-9/istio-namespace/base/kustomization.yaml +++ b/common/istio-1-14/istio-namespace/base/kustomization.yaml @@ -1,3 +1,7 @@ +# +# Copyright © 2020 Arrikto Inc. All Rights Reserved. +# + apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization diff --git a/common/istio-1-11/istio-namespace/base/namespace.yaml b/common/istio-1-14/istio-namespace/base/namespace.yaml similarity index 100% rename from common/istio-1-11/istio-namespace/base/namespace.yaml rename to common/istio-1-14/istio-namespace/base/namespace.yaml diff --git a/common/istio-1-11/kubeflow-istio-resources/base/cluster-roles.yaml b/common/istio-1-14/kubeflow-istio-resources/base/cluster-roles.yaml similarity index 100% rename from common/istio-1-11/kubeflow-istio-resources/base/cluster-roles.yaml rename to common/istio-1-14/kubeflow-istio-resources/base/cluster-roles.yaml diff --git a/common/istio-1-11/kubeflow-istio-resources/base/kf-istio-resources.yaml b/common/istio-1-14/kubeflow-istio-resources/base/kf-istio-resources.yaml similarity index 100% rename from common/istio-1-11/kubeflow-istio-resources/base/kf-istio-resources.yaml rename to common/istio-1-14/kubeflow-istio-resources/base/kf-istio-resources.yaml diff --git a/common/istio-1-11/kubeflow-istio-resources/base/kustomization.yaml b/common/istio-1-14/kubeflow-istio-resources/base/kustomization.yaml similarity index 100% rename from common/istio-1-11/kubeflow-istio-resources/base/kustomization.yaml rename to common/istio-1-14/kubeflow-istio-resources/base/kustomization.yaml diff --git a/common/istio-1-11/profile-overlay.yaml b/common/istio-1-14/profile-overlay.yaml similarity index 100% rename from common/istio-1-11/profile-overlay.yaml rename to common/istio-1-14/profile-overlay.yaml diff --git a/common/istio-1-9/profile.yaml b/common/istio-1-14/profile.yaml similarity index 100% rename from common/istio-1-9/profile.yaml rename to common/istio-1-14/profile.yaml diff --git a/common/istio-1-11/split-istio-packages b/common/istio-1-14/split-istio-packages old mode 100755 new mode 100644 similarity index 100% rename from common/istio-1-11/split-istio-packages rename to common/istio-1-14/split-istio-packages diff --git a/common/istio-1-9/README.md b/common/istio-1-9/README.md deleted file mode 100644 index 4619ebb116..0000000000 --- a/common/istio-1-9/README.md +++ /dev/null @@ -1,93 +0,0 @@ -# Istio - -## Upgrade Istio Manifests - -Istio ships with an installer called `istioctl`, which is a deployment / -debugging / configuration management tool for Istio all in one package. -In this section, we explain how to upgrade our istio kustomize packages -by leveraging `istioctl`. Assuming the new version is `X.Y.Z` and the -old version is `X1.Y1.Z1`: - -1. Make a copy of the old istio manifests tree, which will become the - kustomization for the new Istio version: - - $ export MANIFESTS_SRC= - $ export ISTIO_OLD=$MANIFESTS_SRC/common/istio-X1-Y1 - $ export ISTIO_NEW=$MANIFESTS_SRC/common/istio-X-Y - $ cp -a $ISTIO_OLD $ISTIO_NEW - -2. Download `istioctl` for version `X.Y.Z`: - - $ ISTIO_VERSION="X.Y.Z" - $ wget "https://github.com/istio/istio/releases/download/${ISTIO_VERSION}/istio-${ISTIO_VERSION}-linux.tar.gz" - $ tar xvfz istio-${ISTIO_VERSION}-linux.tar.gz - # sudo mv istio-${ISTIO_VERSION}/bin/istioctl /usr/local/bin/istioctl - -3. Use `istioctl` to generate an `IstioOperator` resource, the - CustomResource used to describe the Istio Control Plane: - - $ cd $ISTIO_NEW - $ istioctl profile dump demo > profile.yaml - - --- - **NOTE** - - `istioctl` comes with a bunch of [predefined - profiles](https://istio.io/v1.9/docs/setup/additional-setup/config-profiles/) - (`default`, `demo`, `minimal`, etc.). The `demo` profile enables - high levels of tracing and access logging and included monitoring - components in the past, which we wanted to install. In the future, - we can consider moving to the `default` profile. - - --- - -4. Generate manifests and add them to their respective packages. We - will generate manifests using `istioctl`, the - `profile.yaml` file from upstream and the - `profile-overlay.yaml` file that contains our desired - changes: - - $ export PATH="$MANIFESTS_SRC/scripts:$PATH" - $ cd $ISTIO_NEW - $ istioctl manifest generate -f profile.yaml -f profile-overlay.yaml > dump.yaml - $ split-istio-packages -f dump.yaml - $ mv $ISTIO_NEW/crd.yaml $ISTIO_NEW/istio-crds/base - $ mv $ISTIO_NEW/install.yaml $ISTIO_NEW/istio-install/base - $ mv $ISTIO_NEW/cluster-local-gateway.yaml $ISTIO_NEW/cluster-local-gateway/base - - --- - **NOTE** - - `split-istio-packages` is a python script in the same folder as this file. - The `ruamel.yaml` version used is 0.16.12. - - --- - -## Changes to Istio's upstream manifests - -### Changes to the upstream IstioOperator profile - -Changes to Istio's upstream profile `demo` are the following: - -- Add a `cluster-local-gateway` component for KFServing. -- Disable the EgressGateway component. We don\'t use it and it adds - unnecessary complexity. - -Those changes are captured in the [profile-overlay.yaml](profile-overlay.yaml) -file. - -### Changes to the upstream manifests using kustomize - -The Istio kustomizations make the following changes: - -- Remove PodDisruptionBudget from `istio-install` and `cluster-local-gateway` kustomizations. See: - - https://github.com/istio/istio/issues/12602 - - https://github.com/istio/istio/issues/24000 -- Add EnvoyFilter for adding an `X-Forwarded-For` header in requests passing through the Istio Ingressgateway, inside the `istio-install` kustomization. -- Add Istio AuthorizationPolicy to allow all requests to the Istio Ingressgateway and the Istio cluster-local gateway. -- Add Istio AuthorizationPolicy in Istio's root namespace, so that sidecars deny traffic by default (explicit deny-by-default authorization model). -- Add Gateway CRs for the Istio Ingressgateway and the Istio cluster-local gateway, as `istioctl` stopped generating them in later versions. -- Add the istio-system namespace object to `istio-namespace`, as `istioctl` stopped generating it in later versions. -- Configure TCP KeepAlives. -- Disable tracing as it causes DNS breakdown. See: - https://github.com/istio/istio/issues/29898 diff --git a/common/istio-1-9/cluster-local-gateway/base/gateway-authorizationpolicy.yaml b/common/istio-1-9/cluster-local-gateway/base/gateway-authorizationpolicy.yaml deleted file mode 100644 index 4a45b0a1e0..0000000000 --- a/common/istio-1-9/cluster-local-gateway/base/gateway-authorizationpolicy.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# Allow all traffic to the cluster-local-gateway -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: cluster-local-gateway -spec: - action: ALLOW - selector: - # Same as the cluster-local-gateway Service selector - matchLabels: - app: cluster-local-gateway - istio: cluster-local-gateway - rules: - - {} \ No newline at end of file diff --git a/common/istio-1-9/cluster-local-gateway/base/gateway.yaml b/common/istio-1-9/cluster-local-gateway/base/gateway.yaml deleted file mode 100644 index a5db160087..0000000000 --- a/common/istio-1-9/cluster-local-gateway/base/gateway.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: cluster-local-gateway - labels: - release: istio -spec: - selector: - app: cluster-local-gateway - istio: cluster-local-gateway - servers: - - port: - number: 80 - name: http - protocol: HTTP - hosts: - - '*' diff --git a/common/istio-1-9/cluster-local-gateway/base/patches/remove-pdb.yaml b/common/istio-1-9/cluster-local-gateway/base/patches/remove-pdb.yaml deleted file mode 100644 index fc675a6493..0000000000 --- a/common/istio-1-9/cluster-local-gateway/base/patches/remove-pdb.yaml +++ /dev/null @@ -1,6 +0,0 @@ -$patch: delete -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: cluster-local-gateway - namespace: istio-system diff --git a/common/istio-1-9/istio-crds/base/crd.yaml b/common/istio-1-9/istio-crds/base/crd.yaml deleted file mode 100644 index ec7a472505..0000000000 --- a/common/istio-1-9/istio-crds/base/crd.yaml +++ /dev/null @@ -1,3499 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - labels: - app: istio-pilot - chart: istio - heritage: Tiller - istio: security - release: istio - name: authorizationpolicies.security.istio.io -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: AuthorizationPolicy - listKind: AuthorizationPolicyList - plural: authorizationpolicies - singular: authorizationpolicy - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration for access control on workloads. See more details - at: https://istio.io/docs/reference/config/security/authorization-policy.html' - oneOf: - - not: - anyOf: - - required: - - provider - - required: - - provider - properties: - action: - description: Optional. - enum: - - ALLOW - - DENY - - AUDIT - - CUSTOM - type: string - provider: - description: Specifies detailed configuration of the CUSTOM action. - properties: - name: - description: Specifies the name of the extension provider. - format: string - type: string - type: object - rules: - description: Optional. - items: - properties: - from: - description: Optional. - items: - properties: - source: - description: Source specifies the source of a request. - properties: - ipBlocks: - description: Optional. - items: - format: string - type: string - type: array - namespaces: - description: Optional. - items: - format: string - type: string - type: array - notIpBlocks: - description: Optional. - items: - format: string - type: string - type: array - notNamespaces: - description: Optional. - items: - format: string - type: string - type: array - notPrincipals: - description: Optional. - items: - format: string - type: string - type: array - notRemoteIpBlocks: - description: Optional. - items: - format: string - type: string - type: array - notRequestPrincipals: - description: Optional. - items: - format: string - type: string - type: array - principals: - description: Optional. - items: - format: string - type: string - type: array - remoteIpBlocks: - description: Optional. - items: - format: string - type: string - type: array - requestPrincipals: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - to: - description: Optional. - items: - properties: - operation: - description: Operation specifies the operation of a request. - properties: - hosts: - description: Optional. - items: - format: string - type: string - type: array - methods: - description: Optional. - items: - format: string - type: string - type: array - notHosts: - description: Optional. - items: - format: string - type: string - type: array - notMethods: - description: Optional. - items: - format: string - type: string - type: array - notPaths: - description: Optional. - items: - format: string - type: string - type: array - notPorts: - description: Optional. - items: - format: string - type: string - type: array - paths: - description: Optional. - items: - format: string - type: string - type: array - ports: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: object - type: array - when: - description: Optional. - items: - properties: - key: - description: The name of an Istio attribute. - format: string - type: string - notValues: - description: Optional. - items: - format: string - type: string - type: array - values: - description: Optional. - items: - format: string - type: string - type: array - type: object - type: array - type: object - type: array - selector: - description: Optional. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - status: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - versions: - - name: v1beta1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: destinationrules.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.host - description: The name of a service from the service registry - name: Host - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before order - across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for - lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: DestinationRule - listKind: DestinationRuleList - plural: destinationrules - shortNames: - - dr - singular: destinationrule - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting load balancing, outlier detection, - etc. See more details at: https://istio.io/docs/reference/config/networking/destination-rule.html' - properties: - exportTo: - description: A list of namespaces to which this destination rule is - exported. - items: - format: string - type: string - type: array - host: - description: The name of a service from the service registry. - format: string - type: string - subsets: - items: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - name: - description: Name of the subset. - format: string - type: string - trafficPolicy: - description: Traffic policies that apply to this subset. - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests - to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection - to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - useClientProtocol: - description: If set to true, client protocol will - be preserved while initiating connection to backend. - type: boolean - type: object - tcp: - description: Settings common to both HTTP and TCP upstream - connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpQueryParameterName - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpQueryParameterName - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpQueryParameterName - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpQueryParameterName - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - httpQueryParameterName: - description: Hash based on a specific HTTP query parameter. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute or - failover can be set.' - items: - properties: - from: - description: Originating locality, '/' separated, - e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities to traffic - distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, this - is DestinationRule-level and will override mesh - wide settings in entirety. - nullable: true - type: boolean - failover: - description: 'Optional: only failover or distribute - can be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host is ejected - from the connection pool. - nullable: true - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host is - ejected from the connection pool. - nullable: true - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP - requests to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a - backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per - connection to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - useClientProtocol: - description: If set to true, client protocol - will be preserved while initiating connection - to backend. - type: boolean - type: object - tcp: - description: Settings common to both HTTP and TCP - upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on - the socket to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer - algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpQueryParameterName - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpQueryParameterName - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpQueryParameterName - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpQueryParameterName - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - httpQueryParameterName: - description: Hash based on a specific HTTP query - parameter. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute - or failover can be set.' - items: - properties: - from: - description: Originating locality, '/' - separated, e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities - to traffic distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, - this is DestinationRule-level and will override - mesh wide settings in entirety. - nullable: true - type: boolean - failover: - description: 'Optional: only failover or distribute - can be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host - is ejected from the connection pool. - nullable: true - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host - is ejected from the connection pool. - nullable: true - type: integer - interval: - description: Time interval between ejection sweep - analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to - the upstream service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - credentialName: - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server - during TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - credentialName: - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during - TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - type: array - trafficPolicy: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should be upgraded - to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests to - a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection pool - connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection to - a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - useClientProtocol: - description: If set to true, client protocol will be preserved - while initiating connection to backend. - type: boolean - type: object - tcp: - description: Settings common to both HTTP and TCP upstream connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections to - a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpQueryParameterName - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpQueryParameterName - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpQueryParameterName - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpQueryParameterName - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - httpQueryParameterName: - description: Hash based on a specific HTTP query parameter. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute or failover - can be set.' - items: - properties: - from: - description: Originating locality, '/' separated, - e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities to traffic - distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, this is DestinationRule-level - and will override mesh wide settings in entirety. - nullable: true - type: boolean - failover: - description: 'Optional: only failover or distribute can - be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host is ejected from - the connection pool. - nullable: true - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host is ejected - from the connection pool. - nullable: true - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - portLevelSettings: - description: Traffic policies specific to individual ports. - items: - properties: - connectionPool: - properties: - http: - description: HTTP connection pool settings. - properties: - h2UpgradePolicy: - description: Specify if http1.1 connection should - be upgraded to http2 for the associated destination. - enum: - - DEFAULT - - DO_NOT_UPGRADE - - UPGRADE - type: string - http1MaxPendingRequests: - description: Maximum number of pending HTTP requests - to a destination. - format: int32 - type: integer - http2MaxRequests: - description: Maximum number of requests to a backend. - format: int32 - type: integer - idleTimeout: - description: The idle timeout for upstream connection - pool connections. - type: string - maxRequestsPerConnection: - description: Maximum number of requests per connection - to a backend. - format: int32 - type: integer - maxRetries: - format: int32 - type: integer - useClientProtocol: - description: If set to true, client protocol will - be preserved while initiating connection to backend. - type: boolean - type: object - tcp: - description: Settings common to both HTTP and TCP upstream - connections. - properties: - connectTimeout: - description: TCP connection timeout. - type: string - maxConnections: - description: Maximum number of HTTP1 /TCP connections - to a destination host. - format: int32 - type: integer - tcpKeepalive: - description: If set then set SO_KEEPALIVE on the socket - to enable TCP Keepalives. - properties: - interval: - description: The time duration between keep-alive - probes. - type: string - probes: - type: integer - time: - type: string - type: object - type: object - type: object - loadBalancer: - description: Settings controlling the load balancer algorithms. - oneOf: - - not: - anyOf: - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpQueryParameterName - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpQueryParameterName - required: - - consistentHash - - required: - - simple - - properties: - consistentHash: - oneOf: - - not: - anyOf: - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpQueryParameterName - - required: - - httpHeaderName - - required: - - httpCookie - - required: - - useSourceIp - - required: - - httpQueryParameterName - required: - - consistentHash - properties: - consistentHash: - properties: - httpCookie: - description: Hash based on HTTP cookie. - properties: - name: - description: Name of the cookie. - format: string - type: string - path: - description: Path to set for the cookie. - format: string - type: string - ttl: - description: Lifetime of the cookie. - type: string - type: object - httpHeaderName: - description: Hash based on a specific HTTP header. - format: string - type: string - httpQueryParameterName: - description: Hash based on a specific HTTP query parameter. - format: string - type: string - minimumRingSize: - type: integer - useSourceIp: - description: Hash based on the source IP address. - type: boolean - type: object - localityLbSetting: - properties: - distribute: - description: 'Optional: only one of distribute or - failover can be set.' - items: - properties: - from: - description: Originating locality, '/' separated, - e.g. - format: string - type: string - to: - additionalProperties: - type: integer - description: Map of upstream localities to traffic - distribution weights. - type: object - type: object - type: array - enabled: - description: enable locality load balancing, this - is DestinationRule-level and will override mesh - wide settings in entirety. - nullable: true - type: boolean - failover: - description: 'Optional: only failover or distribute - can be set.' - items: - properties: - from: - description: Originating region. - format: string - type: string - to: - format: string - type: string - type: object - type: array - type: object - simple: - enum: - - ROUND_ROBIN - - LEAST_CONN - - RANDOM - - PASSTHROUGH - type: string - type: object - outlierDetection: - properties: - baseEjectionTime: - description: Minimum ejection duration. - type: string - consecutive5xxErrors: - description: Number of 5xx errors before a host is ejected - from the connection pool. - nullable: true - type: integer - consecutiveErrors: - format: int32 - type: integer - consecutiveGatewayErrors: - description: Number of gateway errors before a host is - ejected from the connection pool. - nullable: true - type: integer - interval: - description: Time interval between ejection sweep analysis. - type: string - maxEjectionPercent: - format: int32 - type: integer - minHealthPercent: - format: int32 - type: integer - type: object - port: - properties: - number: - type: integer - type: object - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - credentialName: - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during - TLS handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: array - tls: - description: TLS related settings for connections to the upstream - service. - properties: - caCertificates: - format: string - type: string - clientCertificate: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - credentialName: - format: string - type: string - mode: - enum: - - DISABLE - - SIMPLE - - MUTUAL - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - sni: - description: SNI string to present to the server during TLS - handshake. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - type: object - type: object - type: object - status: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: envoyfilters.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: EnvoyFilter - listKind: EnvoyFilterList - plural: envoyfilters - singular: envoyfilter - preserveUnknownFields: true - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Customizing Envoy configuration generated by Istio. See more - details at: https://istio.io/docs/reference/config/networking/envoy-filter.html' - properties: - configPatches: - description: One or more patches with match conditions. - items: - properties: - applyTo: - enum: - - INVALID - - LISTENER - - FILTER_CHAIN - - NETWORK_FILTER - - HTTP_FILTER - - ROUTE_CONFIGURATION - - VIRTUAL_HOST - - HTTP_ROUTE - - CLUSTER - - EXTENSION_CONFIG - type: string - match: - description: Match on listener/route configuration/cluster. - oneOf: - - not: - anyOf: - - required: - - listener - - required: - - routeConfiguration - - required: - - cluster - - required: - - listener - - required: - - routeConfiguration - - required: - - cluster - properties: - cluster: - description: Match on envoy cluster attributes. - properties: - name: - description: The exact name of the cluster to match. - format: string - type: string - portNumber: - description: The service port for which this cluster was - generated. - type: integer - service: - description: The fully qualified service name for this - cluster. - format: string - type: string - subset: - description: The subset associated with the service. - format: string - type: string - type: object - context: - description: The specific config generation context to match - on. - enum: - - ANY - - SIDECAR_INBOUND - - SIDECAR_OUTBOUND - - GATEWAY - type: string - listener: - description: Match on envoy listener attributes. - properties: - filterChain: - description: Match a specific filter chain in a listener. - properties: - applicationProtocols: - description: Applies only to sidecars. - format: string - type: string - destinationPort: - description: The destination_port value used by a - filter chain's match condition. - type: integer - filter: - description: The name of a specific filter to apply - the patch to. - properties: - name: - description: The filter name to match on. - format: string - type: string - subFilter: - properties: - name: - description: The filter name to match on. - format: string - type: string - type: object - type: object - name: - description: The name assigned to the filter chain. - format: string - type: string - sni: - description: The SNI value used by a filter chain's - match condition. - format: string - type: string - transportProtocol: - description: Applies only to `SIDECAR_INBOUND` context. - format: string - type: string - type: object - name: - description: Match a specific listener by its name. - format: string - type: string - portName: - format: string - type: string - portNumber: - type: integer - type: object - proxy: - description: Match on properties associated with a proxy. - properties: - metadata: - additionalProperties: - format: string - type: string - type: object - proxyVersion: - format: string - type: string - type: object - routeConfiguration: - description: Match on envoy HTTP route configuration attributes. - properties: - gateway: - format: string - type: string - name: - description: Route configuration name to match on. - format: string - type: string - portName: - description: Applicable only for GATEWAY context. - format: string - type: string - portNumber: - type: integer - vhost: - properties: - name: - format: string - type: string - route: - description: Match a specific route within the virtual - host. - properties: - action: - description: Match a route with specific action - type. - enum: - - ANY - - ROUTE - - REDIRECT - - DIRECT_RESPONSE - type: string - name: - format: string - type: string - type: object - type: object - type: object - type: object - patch: - description: The patch to apply along with the operation. - properties: - filterClass: - description: Determines the filter insertion order. - enum: - - UNSPECIFIED - - AUTHN - - AUTHZ - - STATS - type: string - operation: - description: Determines how the patch should be applied. - enum: - - INVALID - - MERGE - - ADD - - REMOVE - - INSERT_BEFORE - - INSERT_AFTER - - INSERT_FIRST - - REPLACE - type: string - value: - description: The JSON config of the object being patched. - type: object - type: object - type: object - type: array - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - status: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - versions: - - name: v1alpha3 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: gateways.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Gateway - listKind: GatewayList - plural: gateways - shortNames: - - gw - singular: gateway - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting edge load balancer. See more details - at: https://istio.io/docs/reference/config/networking/gateway.html' - properties: - selector: - additionalProperties: - format: string - type: string - type: object - servers: - description: A list of server specifications. - items: - properties: - bind: - format: string - type: string - defaultEndpoint: - format: string - type: string - hosts: - description: One or more hosts exposed by this gateway. - items: - format: string - type: string - type: array - name: - description: An optional name of the server, when set must be - unique across all servers. - format: string - type: string - port: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - targetPort: - type: integer - type: object - tls: - description: Set of TLS related options that govern the server's - behavior. - properties: - caCertificates: - description: REQUIRED if mode is `MUTUAL`. - format: string - type: string - cipherSuites: - description: 'Optional: If specified, only support the specified - cipher list.' - items: - format: string - type: string - type: array - credentialName: - format: string - type: string - httpsRedirect: - type: boolean - maxProtocolVersion: - description: 'Optional: Maximum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - minProtocolVersion: - description: 'Optional: Minimum TLS protocol version.' - enum: - - TLS_AUTO - - TLSV1_0 - - TLSV1_1 - - TLSV1_2 - - TLSV1_3 - type: string - mode: - enum: - - PASSTHROUGH - - SIMPLE - - MUTUAL - - AUTO_PASSTHROUGH - - ISTIO_MUTUAL - type: string - privateKey: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - serverCertificate: - description: REQUIRED if mode is `SIMPLE` or `MUTUAL`. - format: string - type: string - subjectAltNames: - items: - format: string - type: string - type: array - verifyCertificateHash: - items: - format: string - type: string - type: array - verifyCertificateSpki: - items: - format: string - type: string - type: array - type: object - type: object - type: array - type: object - status: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: istiooperators.install.istio.io - labels: - release: istio -spec: - additionalPrinterColumns: - - JSONPath: .spec.revision - description: Istio control plane revision - name: Revision - type: string - - JSONPath: .status.status - description: IOP current state - type: string - name: Status - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before order - across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for - lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: install.istio.io - names: - kind: IstioOperator - plural: istiooperators - singular: istiooperator - shortNames: - - iop - - io - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: 'Specification of the desired state of the istio control plane - resource. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - status: - description: 'Status describes each of istio control plane component status - at the current time. 0 means NONE, 1 means UPDATING, 2 means HEALTHY, - 3 means ERROR, 4 means RECONCILING. More info: https://github.com/istio/api/blob/master/operator/v1alpha1/istio.operator.v1alpha1.pb.html - & https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - versions: - - name: v1alpha1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - labels: - app: istio-pilot - chart: istio - heritage: Tiller - istio: security - release: istio - name: peerauthentications.security.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.mtls.mode - description: Defines the mTLS mode used for peer authentication. - name: Mode - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before order - across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for - lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: PeerAuthentication - listKind: PeerAuthenticationList - plural: peerauthentications - shortNames: - - pa - singular: peerauthentication - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: PeerAuthentication defines how traffic will be tunneled (or - not) to the sidecar. - properties: - mtls: - description: Mutual TLS settings for workload. - properties: - mode: - description: Defines the mTLS mode used for peer authentication. - enum: - - UNSET - - DISABLE - - PERMISSIVE - - STRICT - type: string - type: object - portLevelMtls: - additionalProperties: - properties: - mode: - description: Defines the mTLS mode used for peer authentication. - enum: - - UNSET - - DISABLE - - PERMISSIVE - - STRICT - type: string - type: object - description: Port specific mutual TLS settings. - type: object - selector: - description: The selector determines the workloads to apply the ChannelAuthentication - on. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - status: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - versions: - - name: v1beta1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - labels: - app: istio-pilot - chart: istio - heritage: Tiller - istio: security - release: istio - name: requestauthentications.security.istio.io -spec: - group: security.istio.io - names: - categories: - - istio-io - - security-istio-io - kind: RequestAuthentication - listKind: RequestAuthenticationList - plural: requestauthentications - shortNames: - - ra - singular: requestauthentication - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: RequestAuthentication defines what request authentication methods - are supported by a workload. - properties: - jwtRules: - description: Define the list of JWTs that can be validated at the selected - workloads' proxy. - items: - properties: - audiences: - items: - format: string - type: string - type: array - forwardOriginalToken: - description: If set to true, the orginal token will be kept for - the ustream request. - type: boolean - fromHeaders: - description: List of header locations from which JWT is expected. - items: - properties: - name: - description: The HTTP header name. - format: string - type: string - prefix: - description: The prefix that should be stripped before decoding - the token. - format: string - type: string - type: object - type: array - fromParams: - description: List of query parameters from which JWT is expected. - items: - format: string - type: string - type: array - issuer: - description: Identifies the issuer that issued the JWT. - format: string - type: string - jwks: - description: JSON Web Key Set of public keys to validate signature - of the JWT. - format: string - type: string - jwks_uri: - format: string - type: string - jwksUri: - format: string - type: string - outputPayloadToHeader: - format: string - type: string - type: object - type: array - selector: - description: The selector determines the workloads to apply the RequestAuthentication - on. - properties: - matchLabels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - status: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - versions: - - name: v1beta1 - served: true - storage: true ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: serviceentries.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.hosts - description: The hosts associated with the ServiceEntry - name: Hosts - type: string - - JSONPath: .spec.location - description: Whether the service is external to the mesh or part of the mesh (MESH_EXTERNAL - or MESH_INTERNAL) - name: Location - type: string - - JSONPath: .spec.resolution - description: Service discovery mode for the hosts (NONE, STATIC, or DNS) - name: Resolution - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before order - across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for - lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: ServiceEntry - listKind: ServiceEntryList - plural: serviceentries - shortNames: - - se - singular: serviceentry - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting service registry. See more details - at: https://istio.io/docs/reference/config/networking/service-entry.html' - properties: - addresses: - description: The virtual IP addresses associated with the service. - items: - format: string - type: string - type: array - endpoints: - description: One or more endpoints associated with the service. - items: - properties: - address: - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: One or more labels associated with the endpoint. - type: object - locality: - description: The locality associated with the endpoint. - format: string - type: string - network: - format: string - type: string - ports: - additionalProperties: - type: integer - description: Set of ports associated with the endpoint. - type: object - serviceAccount: - format: string - type: string - weight: - description: The load balancing weight associated with the endpoint. - type: integer - type: object - type: array - exportTo: - description: A list of namespaces to which this service is exported. - items: - format: string - type: string - type: array - hosts: - description: The hosts associated with the ServiceEntry. - items: - format: string - type: string - type: array - location: - enum: - - MESH_EXTERNAL - - MESH_INTERNAL - type: string - ports: - description: The ports associated with the external service. - items: - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - targetPort: - type: integer - type: object - type: array - resolution: - description: Service discovery mode for the hosts. - enum: - - NONE - - STATIC - - DNS - type: string - subjectAltNames: - items: - format: string - type: string - type: array - workloadSelector: - description: Applicable only for MESH_INTERNAL services. - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - status: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: sidecars.networking.istio.io -spec: - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: Sidecar - listKind: SidecarList - plural: sidecars - singular: sidecar - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting network reachability of a sidecar. - See more details at: https://istio.io/docs/reference/config/networking/sidecar.html' - properties: - egress: - items: - properties: - bind: - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - hosts: - items: - format: string - type: string - type: array - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - targetPort: - type: integer - type: object - type: object - type: array - ingress: - items: - properties: - bind: - description: The IP to which the listener should be bound. - format: string - type: string - captureMode: - enum: - - DEFAULT - - IPTABLES - - NONE - type: string - defaultEndpoint: - format: string - type: string - port: - description: The port associated with the listener. - properties: - name: - description: Label assigned to the port. - format: string - type: string - number: - description: A valid non-negative integer port number. - type: integer - protocol: - description: The protocol exposed on the port. - format: string - type: string - targetPort: - type: integer - type: object - type: object - type: array - outboundTrafficPolicy: - description: Configuration for the outbound traffic policy. - properties: - egressProxy: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - mode: - enum: - - REGISTRY_ONLY - - ALLOW_ANY - type: string - type: object - workloadSelector: - properties: - labels: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - status: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: virtualservices.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .spec.gateways - description: The names of gateways and sidecars that should apply these routes - name: Gateways - type: string - - JSONPath: .spec.hosts - description: The destination hosts to which traffic is being sent - name: Hosts - type: string - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before order - across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for - lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: VirtualService - listKind: VirtualServiceList - plural: virtualservices - shortNames: - - vs - singular: virtualservice - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting label/content routing, sni routing, - etc. See more details at: https://istio.io/docs/reference/config/networking/virtual-service.html' - properties: - exportTo: - description: A list of namespaces to which this virtual service is exported. - items: - format: string - type: string - type: array - gateways: - description: The names of gateways and sidecars that should apply these - routes. - items: - format: string - type: string - type: array - hosts: - description: The destination hosts to which traffic is being sent. - items: - format: string - type: string - type: array - http: - description: An ordered list of route rules for HTTP traffic. - items: - properties: - corsPolicy: - description: Cross-Origin Resource Sharing policy (CORS). - properties: - allowCredentials: - nullable: true - type: boolean - allowHeaders: - items: - format: string - type: string - type: array - allowMethods: - description: List of HTTP methods allowed to access the resource. - items: - format: string - type: string - type: array - allowOrigin: - description: The list of origins that are allowed to perform - CORS requests. - items: - format: string - type: string - type: array - allowOrigins: - description: String patterns that match allowed origins. - items: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - format: string - type: string - type: object - type: array - exposeHeaders: - items: - format: string - type: string - type: array - maxAge: - type: string - type: object - delegate: - properties: - name: - description: Name specifies the name of the delegate VirtualService. - format: string - type: string - namespace: - description: Namespace specifies the namespace where the delegate - VirtualService resides. - format: string - type: string - type: object - fault: - description: Fault injection policy to apply on HTTP traffic at - the client side. - properties: - abort: - oneOf: - - not: - anyOf: - - required: - - httpStatus - - required: - - grpcStatus - - required: - - http2Error - - required: - - httpStatus - - required: - - grpcStatus - - required: - - http2Error - properties: - grpcStatus: - format: string - type: string - http2Error: - format: string - type: string - httpStatus: - description: HTTP status code to use to abort the Http - request. - format: int32 - type: integer - percentage: - description: Percentage of requests to be aborted with - the error code provided. - properties: - value: - format: double - type: number - type: object - type: object - delay: - oneOf: - - not: - anyOf: - - required: - - fixedDelay - - required: - - exponentialDelay - - required: - - fixedDelay - - required: - - exponentialDelay - properties: - exponentialDelay: - type: string - fixedDelay: - description: Add a fixed delay before forwarding the request. - type: string - percent: - description: Percentage of requests on which the delay - will be injected (0-100). - format: int32 - type: integer - percentage: - description: Percentage of requests on which the delay - will be injected. - properties: - value: - format: double - type: number - type: object - type: object - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - match: - items: - properties: - authority: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - format: string - type: string - type: object - gateways: - description: Names of gateways where the rule should be - applied. - items: - format: string - type: string - type: array - headers: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - format: string - type: string - type: object - type: object - ignoreUriCase: - description: Flag to specify whether the URI matching should - be case-insensitive. - type: boolean - method: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - format: string - type: string - type: object - name: - description: The name assigned to a match. - format: string - type: string - port: - description: Specifies the ports on the host that is being - addressed. - type: integer - queryParams: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - format: string - type: string - type: object - description: Query parameters for matching. - type: object - scheme: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - format: string - type: string - type: object - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceNamespace: - description: Source namespace constraining the applicability - of a rule to workloads in that namespace. - format: string - type: string - uri: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - format: string - type: string - type: object - withoutHeaders: - additionalProperties: - oneOf: - - not: - anyOf: - - required: - - exact - - required: - - prefix - - required: - - regex - - required: - - exact - - required: - - prefix - - required: - - regex - properties: - exact: - format: string - type: string - prefix: - format: string - type: string - regex: - description: RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). - format: string - type: string - type: object - description: withoutHeader has the same syntax with the - header, but has opposite meaning. - type: object - type: object - type: array - mirror: - properties: - host: - description: The name of a service from the service registry. - format: string - type: string - port: - description: Specifies the port on the host that is being - addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - mirror_percent: - description: Percentage of the traffic to be mirrored by the `mirror` - field. - nullable: true - type: integer - mirrorPercent: - description: Percentage of the traffic to be mirrored by the `mirror` - field. - nullable: true - type: integer - mirrorPercentage: - description: Percentage of the traffic to be mirrored by the `mirror` - field. - properties: - value: - format: double - type: number - type: object - name: - description: The name assigned to the route for debugging purposes. - format: string - type: string - redirect: - description: A HTTP rule can either redirect or forward (default) - traffic. - properties: - authority: - format: string - type: string - redirectCode: - type: integer - uri: - format: string - type: string - type: object - retries: - description: Retry policy for HTTP requests. - properties: - attempts: - description: Number of retries to be allowed for a given request. - format: int32 - type: integer - perTryTimeout: - description: Timeout per attempt for a given request, including - the initial call and any retries. - type: string - retryOn: - description: Specifies the conditions under which retry takes - place. - format: string - type: string - retryRemoteLocalities: - description: Flag to specify whether the retries should retry - to other localities. - nullable: true - type: boolean - type: object - rewrite: - description: Rewrite HTTP URIs and Authority headers. - properties: - authority: - description: rewrite the Authority/Host header with this value. - format: string - type: string - uri: - format: string - type: string - type: object - route: - description: A HTTP rule can either redirect or forward (default) - traffic. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - headers: - properties: - request: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - response: - properties: - add: - additionalProperties: - format: string - type: string - type: object - remove: - items: - format: string - type: string - type: array - set: - additionalProperties: - format: string - type: string - type: object - type: object - type: object - weight: - format: int32 - type: integer - type: object - type: array - timeout: - description: Timeout for HTTP requests, default is disabled. - type: string - type: object - type: array - tcp: - description: An ordered list of route rules for opaque TCP traffic. - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with - optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceNamespace: - description: Source namespace constraining the applicability - of a rule to workloads in that namespace. - format: string - type: string - sourceSubnet: - description: IPv4 or IPv6 ip address of source with optional - subnet. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be - forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - tls: - items: - properties: - match: - items: - properties: - destinationSubnets: - description: IPv4 or IPv6 ip addresses of destination with - optional subnet. - items: - format: string - type: string - type: array - gateways: - description: Names of gateways where the rule should be - applied. - items: - format: string - type: string - type: array - port: - description: Specifies the port on the host that is being - addressed. - type: integer - sniHosts: - description: SNI (server name indicator) to match on. - items: - format: string - type: string - type: array - sourceLabels: - additionalProperties: - format: string - type: string - type: object - sourceNamespace: - description: Source namespace constraining the applicability - of a rule to workloads in that namespace. - format: string - type: string - type: object - type: array - route: - description: The destination to which the connection should be - forwarded to. - items: - properties: - destination: - properties: - host: - description: The name of a service from the service - registry. - format: string - type: string - port: - description: Specifies the port on the host that is - being addressed. - properties: - number: - type: integer - type: object - subset: - description: The name of a subset within the service. - format: string - type: string - type: object - weight: - format: int32 - type: integer - type: object - type: array - type: object - type: array - type: object - status: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - annotations: - "helm.sh/resource-policy": keep - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: workloadentries.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before order - across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for - lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - - JSONPath: .spec.address - description: Address associated with the network endpoint. - name: Address - type: string - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: WorkloadEntry - listKind: WorkloadEntryList - plural: workloadentries - shortNames: - - we - singular: workloadentry - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Configuration affecting VMs onboarded into the mesh. See more - details at: https://istio.io/docs/reference/config/networking/workload-entry.html' - properties: - address: - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: One or more labels associated with the endpoint. - type: object - locality: - description: The locality associated with the endpoint. - format: string - type: string - network: - format: string - type: string - ports: - additionalProperties: - type: integer - description: Set of ports associated with the endpoint. - type: object - serviceAccount: - format: string - type: string - weight: - description: The load balancing weight associated with the endpoint. - type: integer - type: object - status: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - versions: - - name: v1alpha3 - served: true - storage: true - - name: v1beta1 - served: true - storage: false ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - labels: - app: istio-pilot - chart: istio - heritage: Tiller - release: istio - name: workloadgroups.networking.istio.io -spec: - additionalPrinterColumns: - - JSONPath: .metadata.creationTimestamp - description: 'CreationTimestamp is a timestamp representing the server time when - this object was created. It is not guaranteed to be set in happens-before order - across separate operations. Clients may not set this value. It is represented - in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for - lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata' - name: Age - type: date - group: networking.istio.io - names: - categories: - - istio-io - - networking-istio-io - kind: WorkloadGroup - listKind: WorkloadGroupList - plural: workloadgroups - shortNames: - - wg - singular: workloadgroup - preserveUnknownFields: false - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - spec: - description: 'Describes a collection of workload instances. See more details - at: https://istio.io/docs/reference/config/networking/workload-group.html' - properties: - metadata: - description: Metadata that will be used for all corresponding `WorkloadEntries`. - properties: - annotations: - additionalProperties: - format: string - type: string - type: object - labels: - additionalProperties: - format: string - type: string - type: object - type: object - probe: - description: '`ReadinessProbe` describes the configuration the user - must provide for healthchecking on their workload.' - oneOf: - - not: - anyOf: - - required: - - httpGet - - required: - - tcpSocket - - required: - - exec - - required: - - httpGet - - required: - - tcpSocket - - required: - - exec - properties: - exec: - description: Health is determined by how the command that is executed - exited. - properties: - command: - description: Command to run. - items: - format: string - type: string - type: array - type: object - failureThreshold: - description: Minimum consecutive failures for the probe to be considered - failed after having succeeded. - format: int32 - type: integer - httpGet: - properties: - host: - description: Host name to connect to, defaults to the pod IP. - format: string - type: string - httpHeaders: - description: Headers the proxy will pass on to make the request. - items: - properties: - name: - format: string - type: string - value: - format: string - type: string - type: object - type: array - path: - description: Path to access on the HTTP server. - format: string - type: string - port: - description: Port on which the endpoint lives. - type: integer - scheme: - format: string - type: string - type: object - initialDelaySeconds: - description: Number of seconds after the container has started before - readiness probes are initiated. - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to be considered - successful after having failed. - format: int32 - type: integer - tcpSocket: - description: Health is determined by if the proxy is able to connect. - properties: - host: - format: string - type: string - port: - type: integer - type: object - timeoutSeconds: - description: Number of seconds after which the probe times out. - format: int32 - type: integer - type: object - template: - description: Template to be used for the generation of `WorkloadEntry` - resources that belong to this `WorkloadGroup`. - properties: - address: - format: string - type: string - labels: - additionalProperties: - format: string - type: string - description: One or more labels associated with the endpoint. - type: object - locality: - description: The locality associated with the endpoint. - format: string - type: string - network: - format: string - type: string - ports: - additionalProperties: - type: integer - description: Set of ports associated with the endpoint. - type: object - serviceAccount: - format: string - type: string - weight: - description: The load balancing weight associated with the endpoint. - type: integer - type: object - type: object - status: - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - versions: - - name: v1alpha3 - served: true - storage: true diff --git a/common/istio-1-9/istio-install/base/deny_all_authorizationpolicy.yaml b/common/istio-1-9/istio-install/base/deny_all_authorizationpolicy.yaml deleted file mode 100644 index 390f153d38..0000000000 --- a/common/istio-1-9/istio-install/base/deny_all_authorizationpolicy.yaml +++ /dev/null @@ -1,9 +0,0 @@ -# Enforce an explicit deny-by-default authorization model, similar to -# the deprecated Istio RBAC -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: global-deny-all - namespace: istio-system -spec: - {} diff --git a/common/istio-1-9/istio-install/base/gateway.yaml b/common/istio-1-9/istio-install/base/gateway.yaml deleted file mode 100644 index 28ae654e1b..0000000000 --- a/common/istio-1-9/istio-install/base/gateway.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: istio-ingressgateway - labels: - release: istio -spec: - selector: - app: istio-ingressgateway - istio: ingressgateway - servers: - - port: - number: 80 - name: http - protocol: HTTP - hosts: - - '*' diff --git a/common/istio-1-9/istio-install/base/gateway_authorizationpolicy.yaml b/common/istio-1-9/istio-install/base/gateway_authorizationpolicy.yaml deleted file mode 100644 index 44808eb7ac..0000000000 --- a/common/istio-1-9/istio-install/base/gateway_authorizationpolicy.yaml +++ /dev/null @@ -1,14 +0,0 @@ -# Allow all traffic to the istio-ingressgateway -apiVersion: security.istio.io/v1beta1 -kind: AuthorizationPolicy -metadata: - name: istio-ingressgateway -spec: - action: ALLOW - selector: - # Same as the istio-ingressgateway Service selector - matchLabels: - app: istio-ingressgateway - istio: ingressgateway - rules: - - {} diff --git a/common/istio-1-9/istio-install/base/install.yaml b/common/istio-1-9/istio-install/base/install.yaml deleted file mode 100644 index 9f9623d4ee..0000000000 --- a/common/istio-1-9/istio-install/base/install.yaml +++ /dev/null @@ -1,2552 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-ingressgateway-service-account - namespace: istio-system - labels: - app: istio-ingressgateway - istio: ingressgateway - release: istio - istio.io/rev: default - install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: "IngressGateways" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istio-reader-service-account - namespace: istio-system - labels: - app: istio-reader - release: istio ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: istiod-service-account - namespace: istio-system - labels: - app: istiod - release: istio ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istio-reader-istio-system - labels: - app: istio-reader - release: istio -rules: -- apiGroups: - - "config.istio.io" - - "security.istio.io" - - "networking.istio.io" - - "authentication.istio.io" - - "rbac.istio.io" - resources: ["*"] - verbs: ["get", "list", "watch"] -- apiGroups: [""] - resources: ["endpoints", "pods", "services", "nodes", "replicationcontrollers", - "namespaces", "secrets"] - verbs: ["get", "list", "watch"] -- apiGroups: ["networking.istio.io"] - verbs: ["get", "watch", "list"] - resources: ["workloadentries"] -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] -- apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] -- apiGroups: ["apps"] - resources: ["replicasets"] - verbs: ["get", "list", "watch"] -- apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] -- apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: istiod-istio-system - labels: - app: istiod - release: istio -rules: - # sidecar injection controller -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update", "patch"] - - # configuration validation webhook controller -- apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch", "update"] - - # istio configuration - # removing CRD permissions can break older versions of Istio running alongside this control plane (https://github.com/istio/istio/issues/29382) - # please proceed with caution -- apiGroups: ["config.istio.io", "security.istio.io", "networking.istio.io", "authentication.istio.io", - "rbac.istio.io"] - verbs: ["get", "watch", "list"] - resources: ["*"] -- apiGroups: ["networking.istio.io"] - verbs: ["get", "watch", "list", "update", "patch", "create", "delete"] - resources: ["workloadentries"] -- apiGroups: ["networking.istio.io"] - verbs: ["get", "watch", "list", "update", "patch", "create", "delete"] - resources: ["workloadentries/status"] - - # auto-detect installed CRD definitions -- apiGroups: ["apiextensions.k8s.io"] - resources: ["customresourcedefinitions"] - verbs: ["get", "list", "watch"] - - # discovery and routing -- apiGroups: [""] - resources: ["pods", "nodes", "services", "namespaces", "endpoints"] - verbs: ["get", "list", "watch"] -- apiGroups: ["discovery.k8s.io"] - resources: ["endpointslices"] - verbs: ["get", "list", "watch"] - - # ingress controller -- apiGroups: ["networking.k8s.io"] - resources: ["ingresses", "ingressclasses"] - verbs: ["get", "list", "watch"] -- apiGroups: ["networking.k8s.io"] - resources: ["ingresses/status"] - verbs: ["*"] - - # required for CA's namespace controller -- apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "get", "list", "watch", "update"] - - # Istiod and bootstrap. -- apiGroups: ["certificates.k8s.io"] - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: ["update", "create", "get", "delete", "watch"] -- apiGroups: ["certificates.k8s.io"] - resources: - - "signers" - resourceNames: - - "kubernetes.io/legacy-unknown" - verbs: ["approve"] - - # Used by Istiod to verify the JWT tokens -- apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - # Used by Istiod to verify gateway SDS -- apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] - - # Use for Kubernetes Service APIs -- apiGroups: ["networking.x-k8s.io"] - resources: ["*"] - verbs: ["get", "watch", "list"] - - # Needed for multicluster secret reading, possibly ingress certs in the future -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istio-reader-istio-system - labels: - app: istio-reader - release: istio -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istio-reader-istio-system -subjects: -- kind: ServiceAccount - name: istio-reader-service-account - namespace: istio-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: istiod-istio-system - labels: - app: istiod - release: istio -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: istiod-istio-system -subjects: -- kind: ServiceAccount - name: istiod-service-account - namespace: istio-system ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: istiod-istio-system - labels: - app: istiod - release: istio - istio: istiod -webhooks: -- name: validation.istio.io - clientConfig: - service: - name: istiod - namespace: istio-system - path: "/validate" - caBundle: "" # patched at runtime when the webhook is ready. - rules: - - operations: - - CREATE - - UPDATE - apiGroups: - - security.istio.io - - networking.istio.io - apiVersions: - - "*" - resources: - - "*" - # Fail open until the validation webhook is ready. The webhook controller - # will update this to `Fail` and patch in the `caBundle` when the webhook - # endpoint is ready. - failurePolicy: Ignore - sideEffects: None - admissionReviewVersions: ["v1beta1", "v1"] ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: metadata-exchange-1.8 - namespace: istio-system - labels: - istio.io/rev: default - install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: "Pilot" -spec: - configPatches: - - applyTo: HTTP_FILTER - match: - context: SIDECAR_INBOUND - proxy: - proxyVersion: '^1\.8.*' - listener: - filterChain: - filter: - name: "envoy.filters.network.http_connection_manager" - patch: - operation: INSERT_BEFORE - value: - name: istio.metadata_exchange - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm - value: - config: - configuration: - "@type": "type.googleapis.com/google.protobuf.StringValue" - value: | - {} - vm_config: - runtime: envoy.wasm.runtime.null - code: - local: - inline_string: envoy.wasm.metadata_exchange - - applyTo: HTTP_FILTER - match: - context: SIDECAR_OUTBOUND - proxy: - proxyVersion: '^1\.8.*' - listener: - filterChain: - filter: - name: "envoy.filters.network.http_connection_manager" - patch: - operation: INSERT_BEFORE - value: - name: istio.metadata_exchange - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm - value: - config: - configuration: - "@type": "type.googleapis.com/google.protobuf.StringValue" - value: | - {} - vm_config: - runtime: envoy.wasm.runtime.null - code: - local: - inline_string: envoy.wasm.metadata_exchange - - applyTo: HTTP_FILTER - match: - context: GATEWAY - proxy: - proxyVersion: '^1\.8.*' - listener: - filterChain: - filter: - name: "envoy.filters.network.http_connection_manager" - patch: - operation: INSERT_BEFORE - value: - name: istio.metadata_exchange - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm - value: - config: - configuration: - "@type": "type.googleapis.com/google.protobuf.StringValue" - value: | - {} - vm_config: - runtime: envoy.wasm.runtime.null - code: - local: - inline_string: envoy.wasm.metadata_exchange ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: metadata-exchange-1.9 - namespace: istio-system - labels: - istio.io/rev: default - install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: "Pilot" -spec: - configPatches: - - applyTo: HTTP_FILTER - match: - context: SIDECAR_INBOUND - proxy: - proxyVersion: '^1\.9.*' - listener: - filterChain: - filter: - name: "envoy.filters.network.http_connection_manager" - patch: - operation: INSERT_BEFORE - value: - name: istio.metadata_exchange - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm - value: - config: - configuration: - "@type": "type.googleapis.com/google.protobuf.StringValue" - value: | - {} - vm_config: - runtime: envoy.wasm.runtime.null - code: - local: - inline_string: envoy.wasm.metadata_exchange - - applyTo: HTTP_FILTER - match: - context: SIDECAR_OUTBOUND - proxy: - proxyVersion: '^1\.9.*' - listener: - filterChain: - filter: - name: "envoy.filters.network.http_connection_manager" - patch: - operation: INSERT_BEFORE - value: - name: istio.metadata_exchange - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm - value: - config: - configuration: - "@type": "type.googleapis.com/google.protobuf.StringValue" - value: | - {} - vm_config: - runtime: envoy.wasm.runtime.null - code: - local: - inline_string: envoy.wasm.metadata_exchange - - applyTo: HTTP_FILTER - match: - context: GATEWAY - proxy: - proxyVersion: '^1\.9.*' - listener: - filterChain: - filter: - name: "envoy.filters.network.http_connection_manager" - patch: - operation: INSERT_BEFORE - value: - name: istio.metadata_exchange - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm - value: - config: - configuration: - "@type": "type.googleapis.com/google.protobuf.StringValue" - value: | - {} - vm_config: - runtime: envoy.wasm.runtime.null - code: - local: - inline_string: envoy.wasm.metadata_exchange ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: stats-filter-1.8 - namespace: istio-system - labels: - istio.io/rev: default -spec: - configPatches: - - applyTo: HTTP_FILTER - match: - context: SIDECAR_OUTBOUND - proxy: - proxyVersion: '^1\.8.*' - listener: - filterChain: - filter: - name: "envoy.filters.network.http_connection_manager" - subFilter: - name: "envoy.filters.http.router" - patch: - operation: INSERT_BEFORE - value: - name: istio.stats - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm - value: - config: - root_id: stats_outbound - configuration: - "@type": "type.googleapis.com/google.protobuf.StringValue" - value: | - { - } - vm_config: - vm_id: stats_outbound - runtime: envoy.wasm.runtime.null - code: - local: - inline_string: envoy.wasm.stats - - applyTo: HTTP_FILTER - match: - context: SIDECAR_INBOUND - proxy: - proxyVersion: '^1\.8.*' - listener: - filterChain: - filter: - name: "envoy.filters.network.http_connection_manager" - subFilter: - name: "envoy.filters.http.router" - patch: - operation: INSERT_BEFORE - value: - name: istio.stats - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm - value: - config: - root_id: stats_inbound - configuration: - "@type": "type.googleapis.com/google.protobuf.StringValue" - value: | - { - } - vm_config: - vm_id: stats_inbound - runtime: envoy.wasm.runtime.null - code: - local: - inline_string: envoy.wasm.stats - - applyTo: HTTP_FILTER - match: - context: GATEWAY - proxy: - proxyVersion: '^1\.8.*' - listener: - filterChain: - filter: - name: "envoy.filters.network.http_connection_manager" - subFilter: - name: "envoy.filters.http.router" - patch: - operation: INSERT_BEFORE - value: - name: istio.stats - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm - value: - config: - root_id: stats_outbound - configuration: - "@type": "type.googleapis.com/google.protobuf.StringValue" - value: | - { - "disable_host_header_fallback": true - } - vm_config: - vm_id: stats_outbound - runtime: envoy.wasm.runtime.null - code: - local: - inline_string: envoy.wasm.stats ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: stats-filter-1.9 - namespace: istio-system - labels: - istio.io/rev: default -spec: - configPatches: - - applyTo: HTTP_FILTER - match: - context: SIDECAR_OUTBOUND - proxy: - proxyVersion: '^1\.9.*' - listener: - filterChain: - filter: - name: "envoy.filters.network.http_connection_manager" - subFilter: - name: "envoy.filters.http.router" - patch: - operation: INSERT_BEFORE - value: - name: istio.stats - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm - value: - config: - root_id: stats_outbound - configuration: - "@type": "type.googleapis.com/google.protobuf.StringValue" - value: | - { - "debug": "false", - "stat_prefix": "istio", - "metrics": [ - { - "dimensions": { - "source_cluster": "node.metadata['CLUSTER_ID']", - "destination_cluster": "upstream_peer.cluster_id" - } - } - ] - } - vm_config: - vm_id: stats_outbound - runtime: envoy.wasm.runtime.null - code: - local: - inline_string: envoy.wasm.stats - - applyTo: HTTP_FILTER - match: - context: SIDECAR_INBOUND - proxy: - proxyVersion: '^1\.9.*' - listener: - filterChain: - filter: - name: "envoy.filters.network.http_connection_manager" - subFilter: - name: "envoy.filters.http.router" - patch: - operation: INSERT_BEFORE - value: - name: istio.stats - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm - value: - config: - root_id: stats_inbound - configuration: - "@type": "type.googleapis.com/google.protobuf.StringValue" - value: | - { - "debug": "false", - "stat_prefix": "istio", - "metrics": [ - { - "dimensions": { - "destination_cluster": "node.metadata['CLUSTER_ID']", - "source_cluster": "downstream_peer.cluster_id" - } - } - ] - } - vm_config: - vm_id: stats_inbound - runtime: envoy.wasm.runtime.null - code: - local: - inline_string: envoy.wasm.stats - - applyTo: HTTP_FILTER - match: - context: GATEWAY - proxy: - proxyVersion: '^1\.9.*' - listener: - filterChain: - filter: - name: "envoy.filters.network.http_connection_manager" - subFilter: - name: "envoy.filters.http.router" - patch: - operation: INSERT_BEFORE - value: - name: istio.stats - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm - value: - config: - root_id: stats_outbound - configuration: - "@type": "type.googleapis.com/google.protobuf.StringValue" - value: | - { - "debug": "false", - "stat_prefix": "istio", - "disable_host_header_fallback": true, - "metrics": [ - { - "dimensions": { - "source_cluster": "node.metadata['CLUSTER_ID']", - "destination_cluster": "upstream_peer.cluster_id" - } - } - ] - } - vm_config: - vm_id: stats_outbound - runtime: envoy.wasm.runtime.null - code: - local: - inline_string: envoy.wasm.stats ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: tcp-metadata-exchange-1.8 - namespace: istio-system - labels: - istio.io/rev: default -spec: - configPatches: - - applyTo: NETWORK_FILTER - match: - context: SIDECAR_INBOUND - proxy: - proxyVersion: '^1\.8.*' - listener: {} - patch: - operation: INSERT_BEFORE - value: - name: istio.metadata_exchange - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange - value: - protocol: istio-peer-exchange - - applyTo: CLUSTER - match: - context: SIDECAR_OUTBOUND - proxy: - proxyVersion: '^1\.8.*' - cluster: {} - patch: - operation: MERGE - value: - filters: - - name: istio.metadata_exchange - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange - value: - protocol: istio-peer-exchange - - applyTo: CLUSTER - match: - context: GATEWAY - proxy: - proxyVersion: '^1\.8.*' - cluster: {} - patch: - operation: MERGE - value: - filters: - - name: istio.metadata_exchange - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange - value: - protocol: istio-peer-exchange ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: tcp-metadata-exchange-1.9 - namespace: istio-system - labels: - istio.io/rev: default -spec: - configPatches: - - applyTo: NETWORK_FILTER - match: - context: SIDECAR_INBOUND - proxy: - proxyVersion: '^1\.9.*' - listener: {} - patch: - operation: INSERT_BEFORE - value: - name: istio.metadata_exchange - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange - value: - protocol: istio-peer-exchange - - applyTo: CLUSTER - match: - context: SIDECAR_OUTBOUND - proxy: - proxyVersion: '^1\.9.*' - cluster: {} - patch: - operation: MERGE - value: - filters: - - name: istio.metadata_exchange - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange - value: - protocol: istio-peer-exchange - - applyTo: CLUSTER - match: - context: GATEWAY - proxy: - proxyVersion: '^1\.9.*' - cluster: {} - patch: - operation: MERGE - value: - filters: - - name: istio.metadata_exchange - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.tcp.metadataexchange.config.MetadataExchange - value: - protocol: istio-peer-exchange ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: tcp-stats-filter-1.8 - namespace: istio-system - labels: - istio.io/rev: default -spec: - configPatches: - - applyTo: NETWORK_FILTER - match: - context: SIDECAR_INBOUND - proxy: - proxyVersion: '^1\.8.*' - listener: - filterChain: - filter: - name: "envoy.filters.network.tcp_proxy" - patch: - operation: INSERT_BEFORE - value: - name: istio.stats - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm - value: - config: - root_id: stats_inbound - configuration: - "@type": "type.googleapis.com/google.protobuf.StringValue" - value: | - { - } - vm_config: - vm_id: tcp_stats_inbound - runtime: envoy.wasm.runtime.null - code: - local: - inline_string: "envoy.wasm.stats" - - applyTo: NETWORK_FILTER - match: - context: SIDECAR_OUTBOUND - proxy: - proxyVersion: '^1\.8.*' - listener: - filterChain: - filter: - name: "envoy.filters.network.tcp_proxy" - patch: - operation: INSERT_BEFORE - value: - name: istio.stats - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm - value: - config: - root_id: stats_outbound - configuration: - "@type": "type.googleapis.com/google.protobuf.StringValue" - value: | - { - } - vm_config: - vm_id: tcp_stats_outbound - runtime: envoy.wasm.runtime.null - code: - local: - inline_string: "envoy.wasm.stats" - - applyTo: NETWORK_FILTER - match: - context: GATEWAY - proxy: - proxyVersion: '^1\.8.*' - listener: - filterChain: - filter: - name: "envoy.filters.network.tcp_proxy" - patch: - operation: INSERT_BEFORE - value: - name: istio.stats - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm - value: - config: - root_id: stats_outbound - configuration: - "@type": "type.googleapis.com/google.protobuf.StringValue" - value: | - { - } - vm_config: - vm_id: tcp_stats_outbound - runtime: envoy.wasm.runtime.null - code: - local: - inline_string: "envoy.wasm.stats" ---- -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: tcp-stats-filter-1.9 - namespace: istio-system - labels: - istio.io/rev: default -spec: - configPatches: - - applyTo: NETWORK_FILTER - match: - context: SIDECAR_INBOUND - proxy: - proxyVersion: '^1\.9.*' - listener: - filterChain: - filter: - name: "envoy.filters.network.tcp_proxy" - patch: - operation: INSERT_BEFORE - value: - name: istio.stats - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm - value: - config: - root_id: stats_inbound - configuration: - "@type": "type.googleapis.com/google.protobuf.StringValue" - value: | - { - "debug": "false", - "stat_prefix": "istio", - "metrics": [ - { - "dimensions": { - "destination_cluster": "node.metadata['CLUSTER_ID']", - "source_cluster": "downstream_peer.cluster_id" - } - } - ] - } - vm_config: - vm_id: tcp_stats_inbound - runtime: envoy.wasm.runtime.null - code: - local: - inline_string: "envoy.wasm.stats" - - applyTo: NETWORK_FILTER - match: - context: SIDECAR_OUTBOUND - proxy: - proxyVersion: '^1\.9.*' - listener: - filterChain: - filter: - name: "envoy.filters.network.tcp_proxy" - patch: - operation: INSERT_BEFORE - value: - name: istio.stats - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm - value: - config: - root_id: stats_outbound - configuration: - "@type": "type.googleapis.com/google.protobuf.StringValue" - value: | - { - "debug": "false", - "stat_prefix": "istio", - "metrics": [ - { - "dimensions": { - "source_cluster": "node.metadata['CLUSTER_ID']", - "destination_cluster": "upstream_peer.cluster_id" - } - } - ] - } - vm_config: - vm_id: tcp_stats_outbound - runtime: envoy.wasm.runtime.null - code: - local: - inline_string: "envoy.wasm.stats" - - applyTo: NETWORK_FILTER - match: - context: GATEWAY - proxy: - proxyVersion: '^1\.9.*' - listener: - filterChain: - filter: - name: "envoy.filters.network.tcp_proxy" - patch: - operation: INSERT_BEFORE - value: - name: istio.stats - typed_config: - "@type": type.googleapis.com/udpa.type.v1.TypedStruct - type_url: type.googleapis.com/envoy.extensions.filters.network.wasm.v3.Wasm - value: - config: - root_id: stats_outbound - configuration: - "@type": "type.googleapis.com/google.protobuf.StringValue" - value: | - { - "debug": "false", - "stat_prefix": "istio", - "metrics": [ - { - "dimensions": { - "source_cluster": "node.metadata['CLUSTER_ID']", - "destination_cluster": "upstream_peer.cluster_id" - } - } - ] - } - vm_config: - vm_id: tcp_stats_outbound - runtime: envoy.wasm.runtime.null - code: - local: - inline_string: "envoy.wasm.stats" ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio - namespace: istio-system - labels: - istio.io/rev: default - install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: "Pilot" - release: istio -data: - - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - meshNetworks: |- - networks: {} - - mesh: |- - accessLogFile: /dev/stdout - defaultConfig: - discoveryAddress: istiod.istio-system.svc:15012 - proxyMetadata: {} - tracing: - zipkin: - address: zipkin.istio-system:9411 - enablePrometheusMerge: true - rootNamespace: istio-system - tcpKeepalive: - interval: 5s - probes: 3 - time: 10s - trustDomain: cluster.local ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio-sidecar-injector - namespace: istio-system - labels: - istio.io/rev: default - install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: "Pilot" - release: istio -data: - - values: |- - { - "global": { - "arch": { - "amd64": 2, - "ppc64le": 2, - "s390x": 2 - }, - "caAddress": "", - "configValidation": true, - "defaultNodeSelector": {}, - "defaultPodDisruptionBudget": { - "enabled": true - }, - "defaultResources": { - "requests": { - "cpu": "10m" - } - }, - "enabled": true, - "externalIstiod": false, - "hub": "docker.io/istio", - "imagePullPolicy": "", - "imagePullSecrets": [], - "istioNamespace": "istio-system", - "istiod": { - "enableAnalysis": false - }, - "jwtPolicy": "third-party-jwt", - "logAsJson": false, - "logging": { - "level": "default:info" - }, - "meshID": "", - "meshNetworks": {}, - "mountMtlsCerts": false, - "multiCluster": { - "clusterName": "", - "enabled": false - }, - "namespace": "istio-system", - "network": "", - "omitSidecarInjectorConfigMap": false, - "oneNamespace": false, - "operatorManageWebhooks": false, - "pilotCertProvider": "istiod", - "priorityClassName": "", - "proxy": { - "autoInject": "enabled", - "clusterDomain": "cluster.local", - "componentLogLevel": "misc:error", - "enableCoreDump": false, - "excludeIPRanges": "", - "excludeInboundPorts": "", - "excludeOutboundPorts": "", - "holdApplicationUntilProxyStarts": false, - "image": "proxyv2", - "includeIPRanges": "*", - "logLevel": "warning", - "privileged": false, - "readinessFailureThreshold": 30, - "readinessInitialDelaySeconds": 1, - "readinessPeriodSeconds": 2, - "resources": { - "limits": { - "cpu": "2000m", - "memory": "1024Mi" - }, - "requests": { - "cpu": "10m", - "memory": "40Mi" - } - }, - "statusPort": 15020, - "tracer": "zipkin" - }, - "proxy_init": { - "image": "proxyv2", - "resources": { - "limits": { - "cpu": "2000m", - "memory": "1024Mi" - }, - "requests": { - "cpu": "10m", - "memory": "10Mi" - } - } - }, - "remotePilotAddress": "", - "sds": { - "token": { - "aud": "istio-ca" - } - }, - "sts": { - "servicePort": 0 - }, - "tag": "1.9.6", - "tracer": { - "datadog": { - "address": "$(HOST_IP):8126" - }, - "lightstep": { - "accessToken": "", - "address": "" - }, - "stackdriver": { - "debug": false, - "maxNumberOfAnnotations": 200, - "maxNumberOfAttributes": 200, - "maxNumberOfMessageEvents": 200 - }, - "zipkin": { - "address": "" - } - }, - "trustDomain": "", - "useMCP": false - }, - "istio_cni": { - "enabled": false - }, - "revision": "", - "sidecarInjectorWebhook": { - "alwaysInjectSelector": [], - "defaultTemplates": [], - "enableNamespacesByDefault": false, - "injectedAnnotations": {}, - "neverInjectSelector": [], - "objectSelector": { - "autoInject": true, - "enabled": true - }, - "rewriteAppHTTPProbe": true, - "templates": {}, - "useLegacySelectors": true - } - } - - # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching - # and istiod webhook functionality. - # - # New fields should not use Values - it is a 'primary' config object, users should be able - # to fine tune it or use it with kube-inject. - config: |- - # defaultTemplates defines the default template to use for pods that do not explicitly specify a template - defaultTemplates: [sidecar] - policy: enabled - alwaysInjectSelector: - [] - neverInjectSelector: - [] - injectedAnnotations: - template: "{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}" - templates: - sidecar: | - {{- $containers := list }} - {{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} - metadata: - labels: - security.istio.io/tlsMode: {{ index .ObjectMeta.Labels `security.istio.io/tlsMode` | default "istio" | quote }} - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - istio.io/rev: {{ .Revision | default "default" | quote }} - annotations: { - {{- if eq (len $containers) 1 }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{ end }} - {{- if .Values.istio_cni.enabled }} - {{- if not .Values.istio_cni.chained }} - k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `istio-cni` }}', - {{- end }} - sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}", - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }} - {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }} - traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}", - traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}", - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }} - traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}", - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} - traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}", - {{- end }} - {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}traffic.sidecar.istio.io/kubevirtInterfaces: "{{.}}",{{ end }} - {{- end }} - } - spec: - {{- $holdProxy := or .ProxyConfig.HoldApplicationUntilProxyStarts.GetValue .Values.global.proxy.holdApplicationUntilProxyStarts }} - initContainers: - {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} - {{ if .Values.istio_cni.enabled -}} - - name: istio-validation - {{ else -}} - - name: istio-init - {{ end -}} - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}" - {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" - {{- end }} - args: - - istio-iptables - - "-p" - - "15001" - - "-z" - - "15006" - - "-u" - - "1337" - - "-m" - - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" - - "-i" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" - - "-x" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" - - "-b" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" - - "-d" - {{- if excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }} - - "15090,15021,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" - {{- else }} - - "15090,15021" - {{- end }} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") -}} - - "-q" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}" - {{ end -}} - {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} - - "-o" - - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" - {{ end -}} - {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} - - "-k" - - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" - {{ end -}} - {{ if .Values.istio_cni.enabled -}} - - "--run-validation" - - "--skip-rule-apply" - {{ end -}} - imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" - {{- if .ProxyConfig.ProxyMetadata }} - env: - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - resources: - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - privileged: {{ .Values.global.proxy.privileged }} - capabilities: - {{- if not .Values.istio_cni.enabled }} - add: - - NET_ADMIN - - NET_RAW - {{- end }} - drop: - - ALL - {{- if not .Values.istio_cni.enabled }} - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - {{- else }} - readOnlyRootFilesystem: true - runAsGroup: 1337 - runAsUser: 1337 - runAsNonRoot: true - {{- end }} - restartPolicy: Always - {{ end -}} - {{- if eq .Values.global.proxy.enableCoreDump true }} - - name: enable-core-dump - args: - - -c - - sysctl -w kernel.core_pattern=/var/lib/istio/data/core.proxy && ulimit -c unlimited - command: - - /bin/sh - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}" - {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" - {{- end }} - imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" - resources: {} - securityContext: - allowPrivilegeEscalation: true - capabilities: - add: - - SYS_ADMIN - drop: - - ALL - privileged: true - readOnlyRootFilesystem: false - runAsGroup: 0 - runAsNonRoot: false - runAsUser: 0 - {{ end }} - containers: - - name: istio-proxy - {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}" - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - sidecar - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - {{ if ne "" (index .ObjectMeta.Labels "app") -}} - - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" - {{ else -}} - - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" - {{ end -}} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if gt .ProxyConfig.Concurrency.GetValue 0 }} - - --concurrency - - "{{ .ProxyConfig.Concurrency.GetValue }}" - {{- end -}} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- else if $holdProxy }} - lifecycle: - postStart: - exec: - command: - - pilot-agent - - wait - {{- end }} - env: - - name: JWT_POLICY - value: {{ .Values.global.jwtPolicy }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: CANONICAL_SERVICE - valueFrom: - fieldRef: - fieldPath: metadata.labels['service.istio.io/canonical-name'] - - name: CANONICAL_REVISION - valueFrom: - fieldRef: - fieldPath: metadata.labels['service.istio.io/canonical-revision'] - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{ if .ObjectMeta.Annotations }} - - name: ISTIO_METAJSON_ANNOTATIONS - value: | - {{ toJSON .ObjectMeta.Annotations }} - {{ end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: ISTIO_BOOTSTRAP_OVERRIDE - value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" - {{- end }} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - imagePullPolicy: "{{ valueOrDefault .Values.global.imagePullPolicy `Always` }}" - {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} - {{ end -}} - securityContext: - allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} - capabilities: - {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - add: - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} - - NET_ADMIN - {{- end }} - {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} - - NET_BIND_SERVICE - {{- end }} - {{- end }} - drop: - - ALL - privileged: {{ .Values.global.proxy.privileged }} - readOnlyRootFilesystem: {{ not .Values.global.proxy.enableCoreDump }} - runAsGroup: 1337 - fsGroup: 1337 - {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} - runAsNonRoot: false - runAsUser: 0 - {{- else -}} - runAsNonRoot: true - runAsUser: 1337 - {{- end }} - resources: - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} - requests: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" - {{ end }} - {{- end }} - {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} - limits: - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} - cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" - {{ end }} - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} - memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" - {{ end }} - {{- end }} - {{- else }} - {{- if .Values.global.proxy.resources }} - {{ toYaml .Values.global.proxy.resources | indent 6 }} - {{- end }} - {{- end }} - volumeMounts: - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - mountPath: /etc/istio/custom-bootstrap - name: custom-bootstrap-volume - {{- end }} - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - {{- if eq .Values.global.jwtPolicy "third-party-jwt" }} - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - mountPath: {{ directory .ProxyConfig.GetTracing.GetTlsSettings.GetCaCertificates }} - name: lightstep-certs - readOnly: true - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} - {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 6 }} - {{ end }} - {{- end }} - volumes: - {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} - - name: custom-bootstrap-volume - configMap: - name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} - {{- end }} - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - path: "cpu-limit" - resourceFieldRef: - containerName: istio-proxy - resource: limits.cpu - divisor: 1m - - path: "cpu-request" - resourceFieldRef: - containerName: istio-proxy - resource: requests.cpu - divisor: 1m - {{- if eq .Values.global.jwtPolicy "third-party-jwt" }} - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - configMap: - name: istio-ca-root-cert - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} - {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} - - name: "{{ $index }}" - {{ toYaml $value | indent 4 }} - {{ end }} - {{ end }} - {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} - - name: lightstep-certs - secret: - optional: true - secretName: lightstep.cacert - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} - {{- if eq (env "ENABLE_LEGACY_FSGROUP_INJECTION" "true") "true" }} - securityContext: - fsGroup: 1337 - {{- end }} - gateway: | - {{- $containers := list }} - {{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} - metadata: - labels: - service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} - service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} - istio.io/rev: {{ .Revision | default "default" | quote }} - annotations: { - {{- if eq (len $containers) 1 }} - kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", - {{ end }} - } - spec: - containers: - - name: istio-proxy - {{- if contains "/" .Values.global.proxy.image }} - image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" - {{- else }} - image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}" - {{- end }} - ports: - - containerPort: 15090 - protocol: TCP - name: http-envoy-prom - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} - - --serviceCluster - {{ if ne "" (index .ObjectMeta.Labels "app") -}} - - "{{ index .ObjectMeta.Labels `app` }}.$(POD_NAMESPACE)" - {{ else -}} - - "{{ valueOrDefault .DeploymentMeta.Name `istio-proxy` }}.{{ valueOrDefault .DeploymentMeta.Namespace `default` }}" - {{ end -}} - - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} - - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} - - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} - {{- if .Values.global.sts.servicePort }} - - --stsPort={{ .Values.global.sts.servicePort }} - {{- end }} - {{- if .Values.global.logAsJson }} - - --log_as_json - {{- end }} - {{- if .Values.global.proxy.lifecycle }} - lifecycle: - {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} - {{- end }} - env: - - name: JWT_POLICY - value: {{ .Values.global.jwtPolicy }} - - name: PILOT_CERT_PROVIDER - value: {{ .Values.global.pilotCertProvider }} - - name: CA_ADDR - {{- if .Values.global.caAddress }} - value: {{ .Values.global.caAddress }} - {{- else }} - value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 - {{- end }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: CANONICAL_SERVICE - valueFrom: - fieldRef: - fieldPath: metadata.labels['service.istio.io/canonical-name'] - - name: CANONICAL_REVISION - valueFrom: - fieldRef: - fieldPath: metadata.labels['service.istio.io/canonical-revision'] - - name: PROXY_CONFIG - value: | - {{ protoToJSON .ProxyConfig }} - - name: ISTIO_META_POD_PORTS - value: |- - [ - {{- $first := true }} - {{- range $index1, $c := .Spec.Containers }} - {{- range $index2, $p := $c.Ports }} - {{- if (structToJSON $p) }} - {{if not $first}},{{end}}{{ structToJSON $p }} - {{- $first = false }} - {{- end }} - {{- end}} - {{- end}} - ] - - name: ISTIO_META_APP_CONTAINERS - value: "{{ $containers | join "," }}" - - name: ISTIO_META_CLUSTER_ID - value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" - - name: ISTIO_META_INTERCEPTION_MODE - value: "{{ .ProxyConfig.InterceptionMode.String }}" - {{- if .Values.global.network }} - - name: ISTIO_META_NETWORK - value: "{{ .Values.global.network }}" - {{- end }} - {{ if .ObjectMeta.Annotations }} - - name: ISTIO_METAJSON_ANNOTATIONS - value: | - {{ toJSON .ObjectMeta.Annotations }} - {{ end }} - {{- if .DeploymentMeta.Name }} - - name: ISTIO_META_WORKLOAD_NAME - value: "{{ .DeploymentMeta.Name }}" - {{ end }} - {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} - - name: ISTIO_META_OWNER - value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} - {{- end}} - {{- if .Values.global.meshID }} - - name: ISTIO_META_MESH_ID - value: "{{ .Values.global.meshID }}" - {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: ISTIO_META_MESH_ID - value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" - {{- end }} - {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} - - name: TRUST_DOMAIN - value: "{{ . }}" - {{- end }} - {{- range $key, $value := .ProxyConfig.ProxyMetadata }} - - name: {{ $key }} - value: "{{ $value }}" - {{- end }} - {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} - readinessProbe: - httpGet: - path: /healthz/ready - port: 15021 - initialDelaySeconds: {{.Values.global.proxy.readinessInitialDelaySeconds }} - periodSeconds: {{ .Values.global.proxy.readinessPeriodSeconds }} - timeoutSeconds: 3 - failureThreshold: {{ .Values.global.proxy.readinessFailureThreshold }} - volumeMounts: - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - {{- end }} - - mountPath: /var/lib/istio/data - name: istio-data - # SDS channel between istioagent and Envoy - - mountPath: /etc/istio/proxy - name: istio-envoy - {{- if eq .Values.global.jwtPolicy "third-party-jwt" }} - - mountPath: /var/run/secrets/tokens - name: istio-token - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - mountPath: /etc/certs/ - name: istio-certs - readOnly: true - {{- end }} - - name: istio-podinfo - mountPath: /etc/istio/pod - volumes: - # SDS channel between istioagent and Envoy - - emptyDir: - medium: Memory - name: istio-envoy - - name: istio-data - emptyDir: {} - - name: istio-podinfo - downwardAPI: - items: - - path: "labels" - fieldRef: - fieldPath: metadata.labels - - path: "annotations" - fieldRef: - fieldPath: metadata.annotations - - path: "cpu-limit" - resourceFieldRef: - containerName: istio-proxy - resource: limits.cpu - divisor: 1m - - path: "cpu-request" - resourceFieldRef: - containerName: istio-proxy - resource: requests.cpu - divisor: 1m - {{- if eq .Values.global.jwtPolicy "third-party-jwt" }} - - name: istio-token - projected: - sources: - - serviceAccountToken: - path: istio-token - expirationSeconds: 43200 - audience: {{ .Values.global.sds.token.aud }} - {{- end }} - {{- if eq .Values.global.pilotCertProvider "istiod" }} - - name: istiod-ca-cert - configMap: - name: istio-ca-root-cert - {{- end }} - {{- if .Values.global.mountMtlsCerts }} - # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. - - name: istio-certs - secret: - optional: true - {{ if eq .Spec.ServiceAccountName "" }} - secretName: istio.default - {{ else -}} - secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} - {{ end -}} - {{- end }} - {{- if .Values.global.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.global.imagePullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} - {{- if eq (env "ENABLE_LEGACY_FSGROUP_INJECTION" "true") "true" }} - securityContext: - fsGroup: 1337 - {{- end }} ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: istio-sidecar-injector - labels: - istio.io/rev: default - install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: "Pilot" - app: sidecar-injector - release: istio -webhooks: -- name: sidecar-injector.istio.io - clientConfig: - service: - name: istiod - namespace: istio-system - path: "/inject" - port: 443 - caBundle: "" - sideEffects: None - rules: - - operations: ["CREATE"] - apiGroups: [""] - apiVersions: ["v1"] - resources: ["pods"] - failurePolicy: Fail - admissionReviewVersions: ["v1beta1", "v1"] - namespaceSelector: - matchLabels: - istio-injection: enabled - objectSelector: - matchExpressions: - - key: "sidecar.istio.io/inject" - operator: NotIn - values: - - "false" ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: istio-ingressgateway - install.operator.istio.io/owning-resource: unknown - istio: ingressgateway - istio.io/rev: default - operator.istio.io/component: IngressGateways - release: istio - name: istio-ingressgateway - namespace: istio-system -spec: - selector: - matchLabels: - app: istio-ingressgateway - istio: ingressgateway - strategy: - rollingUpdate: - maxSurge: 100% - maxUnavailable: 25% - template: - metadata: - annotations: - prometheus.io/path: /stats/prometheus - prometheus.io/port: "15020" - prometheus.io/scrape: "true" - sidecar.istio.io/inject: "false" - labels: - app: istio-ingressgateway - chart: gateways - heritage: Tiller - install.operator.istio.io/owning-resource: unknown - istio: ingressgateway - istio.io/rev: default - operator.istio.io/component: IngressGateways - release: istio - service.istio.io/canonical-name: istio-ingressgateway - service.istio.io/canonical-revision: latest - sidecar.istio.io/inject: "false" - spec: - affinity: - nodeAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - preference: - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - weight: 2 - - preference: - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - ppc64le - weight: 2 - - preference: - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - s390x - weight: 2 - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/arch - operator: In - values: - - amd64 - - ppc64le - - s390x - containers: - - args: - - proxy - - router - - --domain - - $(POD_NAMESPACE).svc.cluster.local - - --proxyLogLevel=warning - - --proxyComponentLogLevel=misc:error - - --log_output_level=default:info - - --serviceCluster - - istio-ingressgateway - env: - - name: JWT_POLICY - value: third-party-jwt - - name: PILOT_CERT_PROVIDER - value: istiod - - name: CA_ADDR - value: istiod.istio-system.svc:15012 - - name: NODE_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.nodeName - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: INSTANCE_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.podIP - - name: HOST_IP - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: status.hostIP - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - fieldPath: spec.serviceAccountName - - name: CANONICAL_SERVICE - valueFrom: - fieldRef: - fieldPath: metadata.labels['service.istio.io/canonical-name'] - - name: CANONICAL_REVISION - valueFrom: - fieldRef: - fieldPath: metadata.labels['service.istio.io/canonical-revision'] - - name: ISTIO_META_WORKLOAD_NAME - value: istio-ingressgateway - - name: ISTIO_META_OWNER - value: kubernetes://apis/apps/v1/namespaces/istio-system/deployments/istio-ingressgateway - - name: ISTIO_META_UNPRIVILEGED_POD - value: "true" - - name: ISTIO_META_ROUTER_MODE - value: standard - - name: ISTIO_META_CLUSTER_ID - value: Kubernetes - image: docker.io/istio/proxyv2:1.9.6 - name: istio-proxy - ports: - - containerPort: 15021 - protocol: TCP - - containerPort: 8080 - protocol: TCP - - containerPort: 8443 - protocol: TCP - - containerPort: 31400 - protocol: TCP - - containerPort: 15443 - protocol: TCP - - containerPort: 15090 - name: http-envoy-prom - protocol: TCP - readinessProbe: - failureThreshold: 30 - httpGet: - path: /healthz/ready - port: 15021 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 10m - memory: 40Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - privileged: false - readOnlyRootFilesystem: true - volumeMounts: - - mountPath: /etc/istio/proxy - name: istio-envoy - - mountPath: /etc/istio/config - name: config-volume - - mountPath: /var/run/secrets/istio - name: istiod-ca-cert - - mountPath: /var/run/secrets/tokens - name: istio-token - readOnly: true - - mountPath: /var/lib/istio/data - name: istio-data - - mountPath: /etc/istio/pod - name: podinfo - - mountPath: /etc/istio/ingressgateway-certs - name: ingressgateway-certs - readOnly: true - - mountPath: /etc/istio/ingressgateway-ca-certs - name: ingressgateway-ca-certs - readOnly: true - securityContext: - fsGroup: 1337 - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - serviceAccountName: istio-ingressgateway-service-account - volumes: - - configMap: - name: istio-ca-root-cert - name: istiod-ca-cert - - downwardAPI: - items: - - fieldRef: - fieldPath: metadata.labels - path: labels - - fieldRef: - fieldPath: metadata.annotations - path: annotations - - path: cpu-limit - resourceFieldRef: - containerName: istio-proxy - divisor: 1m - resource: limits.cpu - - path: cpu-request - resourceFieldRef: - containerName: istio-proxy - divisor: 1m - resource: requests.cpu - name: podinfo - - emptyDir: {} - name: istio-envoy - - emptyDir: {} - name: istio-data - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: istio-ca - expirationSeconds: 43200 - path: istio-token - - configMap: - name: istio - optional: true - name: config-volume - - name: ingressgateway-certs - secret: - optional: true - secretName: istio-ingressgateway-certs - - name: ingressgateway-ca-certs - secret: - optional: true - secretName: istio-ingressgateway-ca-certs ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - labels: - app: istiod - install.operator.istio.io/owning-resource: unknown - istio: pilot - istio.io/rev: default - operator.istio.io/component: Pilot - release: istio - name: istiod - namespace: istio-system -spec: - replicas: 1 - selector: - matchLabels: - istio: pilot - strategy: - rollingUpdate: - maxSurge: 100% - maxUnavailable: 25% - template: - metadata: - annotations: - prometheus.io/port: "15014" - prometheus.io/scrape: "true" - sidecar.istio.io/inject: "false" - labels: - app: istiod - install.operator.istio.io/owning-resource: unknown - istio: pilot - istio.io/rev: default - operator.istio.io/component: Pilot - sidecar.istio.io/inject: "false" - spec: - containers: - - args: - - discovery - - --monitoringAddr=:15014 - - --log_output_level=default:info - - --domain - - cluster.local - - --keepaliveMaxServerConnectionAge - - 30m - env: - - name: REVISION - value: default - - name: JWT_POLICY - value: third-party-jwt - - name: PILOT_CERT_PROVIDER - value: istiod - - name: POD_NAME - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: metadata.namespace - - name: SERVICE_ACCOUNT - valueFrom: - fieldRef: - apiVersion: v1 - fieldPath: spec.serviceAccountName - - name: KUBECONFIG - value: /var/run/secrets/remote/config - - name: PILOT_TRACE_SAMPLING - value: "100" - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND - value: "true" - - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND - value: "true" - - name: ISTIOD_ADDR - value: istiod.istio-system.svc:15012 - - name: PILOT_ENABLE_ANALYSIS - value: "false" - - name: CLUSTER_ID - value: Kubernetes - - name: EXTERNAL_ISTIOD - value: "false" - image: docker.io/istio/pilot:1.9.6 - name: discovery - ports: - - containerPort: 8080 - protocol: TCP - - containerPort: 15010 - protocol: TCP - - containerPort: 15017 - protocol: TCP - readinessProbe: - httpGet: - path: /ready - port: 8080 - initialDelaySeconds: 1 - periodSeconds: 3 - timeoutSeconds: 5 - resources: - requests: - cpu: 10m - memory: 100Mi - securityContext: - capabilities: - drop: - - ALL - runAsGroup: 1337 - runAsNonRoot: true - runAsUser: 1337 - volumeMounts: - - mountPath: /etc/istio/config - name: config-volume - - mountPath: /var/run/secrets/tokens - name: istio-token - readOnly: true - - mountPath: /var/run/secrets/istio-dns - name: local-certs - - mountPath: /etc/cacerts - name: cacerts - readOnly: true - - mountPath: /var/run/secrets/remote - name: istio-kubeconfig - readOnly: true - - mountPath: /var/lib/istio/inject - name: inject - readOnly: true - nodeSelector: {} - securityContext: - fsGroup: 1337 - serviceAccountName: istiod-service-account - volumes: - - emptyDir: - medium: Memory - name: local-certs - - name: istio-token - projected: - sources: - - serviceAccountToken: - audience: istio-ca - expirationSeconds: 43200 - path: istio-token - - name: cacerts - secret: - optional: true - secretName: cacerts - - name: istio-kubeconfig - secret: - optional: true - secretName: istio-kubeconfig - - configMap: - name: istio-sidecar-injector - name: inject - - configMap: - name: istio - name: config-volume ---- -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-ingressgateway - namespace: istio-system - labels: - app: istio-ingressgateway - istio: ingressgateway - release: istio - istio.io/rev: default - install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: "IngressGateways" -spec: - minAvailable: 1 - selector: - matchLabels: - app: istio-ingressgateway - istio: ingressgateway ---- -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istiod - namespace: istio-system - labels: - app: istiod - istio.io/rev: default - install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: "Pilot" - release: istio - istio: pilot -spec: - minAvailable: 1 - selector: - matchLabels: - app: istiod - istio: pilot ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: istio-ingressgateway-sds - namespace: istio-system - labels: - release: istio - istio.io/rev: default - install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: "IngressGateways" -rules: -- apiGroups: [""] - resources: ["secrets"] - verbs: ["get", "watch", "list"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: istiod-istio-system - namespace: istio-system - labels: - app: istiod - release: istio -rules: -- apiGroups: ["networking.istio.io"] - verbs: ["create"] - resources: ["gateways"] - -- apiGroups: [""] - resources: ["secrets"] - # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config - verbs: ["create", "get", "watch", "list", "update", "delete"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: istio-ingressgateway-sds - namespace: istio-system - labels: - release: istio - istio.io/rev: default - install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: "IngressGateways" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: istio-ingressgateway-sds -subjects: -- kind: ServiceAccount - name: istio-ingressgateway-service-account ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: istiod-istio-system - namespace: istio-system - labels: - app: istiod - release: istio -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: istiod-istio-system -subjects: -- kind: ServiceAccount - name: istiod-service-account - namespace: istio-system ---- -apiVersion: v1 -kind: Service -metadata: - annotations: - labels: - app: istio-ingressgateway - install.operator.istio.io/owning-resource: unknown - istio: ingressgateway - istio.io/rev: default - operator.istio.io/component: IngressGateways - release: istio - name: istio-ingressgateway - namespace: istio-system -spec: - ports: - - name: status-port - port: 15021 - protocol: TCP - targetPort: 15021 - - name: http2 - port: 80 - protocol: TCP - targetPort: 8080 - - name: https - port: 443 - protocol: TCP - targetPort: 8443 - - name: tcp - port: 31400 - protocol: TCP - targetPort: 31400 - - name: tls - port: 15443 - protocol: TCP - targetPort: 15443 - selector: - app: istio-ingressgateway - istio: ingressgateway - type: LoadBalancer ---- -apiVersion: v1 -kind: Service -metadata: - name: istiod - namespace: istio-system - labels: - istio.io/rev: default - install.operator.istio.io/owning-resource: unknown - operator.istio.io/component: "Pilot" - app: istiod - istio: pilot - release: istio -spec: - ports: - - port: 15010 - name: grpc-xds # plaintext - protocol: TCP - - port: 15012 - name: https-dns # mTLS with k8s-signed cert - protocol: TCP - - port: 443 - name: https-webhook # validation and injection - targetPort: 15017 - protocol: TCP - - port: 15014 - name: http-monitoring # prometheus stats - protocol: TCP - selector: - app: istiod - # Label used by the 'default' service. For versioned deployments we match with app and version. - # This avoids default deployment picking the canary - istio: pilot diff --git a/common/istio-1-9/istio-install/base/kustomization.yaml b/common/istio-1-9/istio-install/base/kustomization.yaml deleted file mode 100644 index e686907bf1..0000000000 --- a/common/istio-1-9/istio-install/base/kustomization.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- install.yaml -- gateway_authorizationpolicy.yaml -- deny_all_authorizationpolicy.yaml -- gateway.yaml -- x-forwarded-host.yaml - -namespace: istio-system - -patchesStrategicMerge: -- patches/service.yaml -- patches/remove-pdb.yaml -- patches/istio-configmap-disable-tracing.yaml diff --git a/common/istio-1-9/istio-install/base/patches/istio-configmap-disable-tracing.yaml b/common/istio-1-9/istio-install/base/patches/istio-configmap-disable-tracing.yaml deleted file mode 100644 index 4db376d17e..0000000000 --- a/common/istio-1-9/istio-install/base/patches/istio-configmap-disable-tracing.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: istio - namespace: istio-system -data: - # Configuration file for the mesh networks to be used by the Split Horizon EDS. - mesh: |- - accessLogFile: /dev/stdout - defaultConfig: - discoveryAddress: istiod.istio-system.svc:15012 - proxyMetadata: {} - tracing: {} - enablePrometheusMerge: true - rootNamespace: istio-system - tcpKeepalive: - interval: 5s - probes: 3 - time: 10s - trustDomain: cluster.local diff --git a/common/istio-1-9/istio-install/base/patches/remove-pdb.yaml b/common/istio-1-9/istio-install/base/patches/remove-pdb.yaml deleted file mode 100644 index 2ee65a61a7..0000000000 --- a/common/istio-1-9/istio-install/base/patches/remove-pdb.yaml +++ /dev/null @@ -1,13 +0,0 @@ -$patch: delete -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istio-ingressgateway - namespace: istio-system ---- -$patch: delete -apiVersion: policy/v1beta1 -kind: PodDisruptionBudget -metadata: - name: istiod - namespace: istio-system diff --git a/common/istio-1-9/istio-install/base/patches/service.yaml b/common/istio-1-9/istio-install/base/patches/service.yaml deleted file mode 100644 index 7b46a35d81..0000000000 --- a/common/istio-1-9/istio-install/base/patches/service.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: istio-ingressgateway - namespace: istio-system -spec: - type: NodePort diff --git a/common/istio-1-9/istio-install/base/x-forwarded-host.yaml b/common/istio-1-9/istio-install/base/x-forwarded-host.yaml deleted file mode 100644 index 4bae262aa6..0000000000 --- a/common/istio-1-9/istio-install/base/x-forwarded-host.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# EnvoyFilter for adding the X-Forwarded-Host header. -# Needed for the Rok GW to work correctly. -# Older manifests used an Istio rule, but that relies on Mixer which -# is deprecated. This way is more performant and up-to-date. -# -# TODO: X-Forwarded-Host needs to be applied in two steps: -# 1. Put old host in `X-Forwarded-Host` -# 2. Update Host in request -# -# This filter only does (1). It can't do (2) because it doesn't know the new -# host yet. See if we can add an EnvoyFilter for (2). We currently have to do -# this per VirtualService, in each app that needs it. -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: x-forwarded-host -spec: - workloadSelector: - labels: - istio: ingressgateway - configPatches: - # The first patch adds the lua filter to the listener/http connection manager - - applyTo: HTTP_FILTER - match: - context: GATEWAY - listener: - filterChain: - filter: - name: "envoy.http_connection_manager" - subFilter: - name: "envoy.router" - patch: - operation: INSERT_BEFORE - value: - name: envoy.filters.http.lua - typed_config: - "@type": "type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua" - inlineCode: | - function envoy_on_request(request_handle) - local host = request_handle:headers():get(":authority") - request_handle:headers():add("x-forwarded-host", host) - end diff --git a/common/istio-1-9/istio-namespace/base/namespace.yaml b/common/istio-1-9/istio-namespace/base/namespace.yaml deleted file mode 100644 index 355352bbb2..0000000000 --- a/common/istio-1-9/istio-namespace/base/namespace.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: istio-system - labels: - istio-operator-managed: Reconcile - istio-injection: disabled diff --git a/common/istio-1-9/kubeflow-istio-resources/base/cluster-roles.yaml b/common/istio-1-9/kubeflow-istio-resources/base/cluster-roles.yaml deleted file mode 100644 index d60d4e9cd2..0000000000 --- a/common/istio-1-9/kubeflow-istio-resources/base/cluster-roles.yaml +++ /dev/null @@ -1,55 +0,0 @@ ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubeflow-istio-admin - labels: - rbac.authorization.kubeflow.org/aggregate-to-kubeflow-admin: "true" -aggregationRule: - clusterRoleSelectors: - - matchLabels: - rbac.authorization.kubeflow.org/aggregate-to-kubeflow-istio-admin: "true" -rules: [] - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubeflow-istio-edit - labels: - rbac.authorization.kubeflow.org/aggregate-to-kubeflow-edit: "true" - rbac.authorization.kubeflow.org/aggregate-to-kubeflow-istio-admin: "true" -rules: -- apiGroups: - - istio.io - - networking.istio.io - resources: ["*"] - verbs: - - get - - list - - watch - - create - - delete - - deletecollection - - patch - - update - ---- - -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: kubeflow-istio-view - labels: - rbac.authorization.kubeflow.org/aggregate-to-kubeflow-view: "true" -rules: -- apiGroups: - - istio.io - - networking.istio.io - resources: ["*"] - verbs: - - get - - list - - watch diff --git a/common/istio-1-9/kubeflow-istio-resources/base/kf-istio-resources.yaml b/common/istio-1-9/kubeflow-istio-resources/base/kf-istio-resources.yaml deleted file mode 100644 index 720ff97dd3..0000000000 --- a/common/istio-1-9/kubeflow-istio-resources/base/kf-istio-resources.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: Gateway -metadata: - name: kubeflow-gateway -spec: - selector: - istio: ingressgateway - servers: - - port: - number: 80 - name: http - protocol: HTTP - hosts: - - "*" diff --git a/common/istio-1-9/kubeflow-istio-resources/base/kustomization.yaml b/common/istio-1-9/kubeflow-istio-resources/base/kustomization.yaml deleted file mode 100644 index 75669a18a5..0000000000 --- a/common/istio-1-9/kubeflow-istio-resources/base/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- kf-istio-resources.yaml -- cluster-roles.yaml -namespace: kubeflow diff --git a/common/istio-1-9/profile-overlay.yaml b/common/istio-1-9/profile-overlay.yaml deleted file mode 100644 index c06c9f2d5b..0000000000 --- a/common/istio-1-9/profile-overlay.yaml +++ /dev/null @@ -1,54 +0,0 @@ -apiVersion: install.istio.io/v1alpha1 -kind: IstioOperator -spec: - meshConfig: - tcpKeepalive: - time: 10s - interval: 5s - probes: 3 - components: - ingressGateways: - # Cluster-local gateway for KFServing - - enabled: true - name: cluster-local-gateway - # https://github.com/istio/istio/issues/19263#issuecomment-615833092 - label: - app: cluster-local-gateway - istio: cluster-local-gateway - k8s: - env: - - name: ISTIO_META_ROUTER_MODE - value: sni-dnat - hpaSpec: - maxReplicas: 5 - metrics: - - resource: - name: cpu - targetAverageUtilization: 80 - type: Resource - minReplicas: 1 - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: cluster-local-gateway - resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 100m - memory: 128Mi - service: - type: ClusterIP - ports: - - name: status-port - port: 15020 - targetPort: 15020 - - name: http2 - port: 80 - targetPort: 8080 - - # Disable EgressGateway - egressGateways: - - enabled: false - name: istio-egressgateway diff --git a/common/istio-1-9/split-istio-packages b/common/istio-1-9/split-istio-packages deleted file mode 100644 index bc119aeea5..0000000000 --- a/common/istio-1-9/split-istio-packages +++ /dev/null @@ -1,72 +0,0 @@ -#!/usr/bin/env python3 - -import sys -import argparse -import ruamel.yaml - - -DESCRIPTION = """ Separate Istio YAML into separate components. - -Separate Istio YAML definitions into four separate components: crds, install -and cluster-local-gateway. -""" - - -class YAMLEmitterNoVersionDirective(ruamel.yaml.emitter.Emitter): - """YAML Emitter that doesn't emit the YAML version directive.""" - - def write_version_directive(self, version_text): - """Disable emitting version directive, i.e., %YAML 1.1.""" - pass - - -class YAML(ruamel.yaml.YAML): - """Wrapper of the ruamel.yaml.YAML class with our custom settings.""" - - def __init__(self, *args, **kwargs): - super(YAML, self).__init__(*args, **kwargs) - # XXX: Explicitly set version for producing K8s compatible manifests. - # https://yaml.readthedocs.io/en/latest/detail.html#document-version-support - self.version = (1, 1) - # XXX: Do not emit version directive since tools might fail to - # parse manifests. - self.Emitter = YAMLEmitterNoVersionDirective - - -yaml = YAML() - - -def parse_args(): - parser = argparse.ArgumentParser( - description=DESCRIPTION, - formatter_class=argparse.ArgumentDefaultsHelpFormatter) - parser.add_argument("-f", "--manifest-file", type=str, required=True, - dest="manifest_file", - help="Istio YAML, generated by istioctl.") - return parser.parse_args() - - -def main(): - args = parse_args() - with open(args.manifest_file, "r") as f: - objects = [obj for obj in list(yaml.load_all(f)) if obj] - crds, install, cluster_local = [], [], [] - for obj in objects: - if obj.get("kind") == "CustomResourceDefinition": - crds.append(obj) - elif (obj.get("metadata", {}).get("name", ""). - startswith("cluster-local-gateway")): - cluster_local.append(obj) - else: - install.append(obj) - - with open("crd.yaml", "w") as f: - yaml.dump_all(crds, f) - with open("install.yaml", "w") as f: - yaml.dump_all(install, f) - with open("cluster-local-gateway.yaml", "w") as f: - yaml.dump_all(cluster_local, f) - - -if __name__ == "__main__": - sys.exit(main()) diff --git a/common/istio/add-anonymous-user-filter-istio-1.6/envoy-filter.yaml b/common/istio/add-anonymous-user-filter-istio-1.6/envoy-filter.yaml deleted file mode 100644 index 084b1725d7..0000000000 --- a/common/istio/add-anonymous-user-filter-istio-1.6/envoy-filter.yaml +++ /dev/null @@ -1,29 +0,0 @@ -apiVersion: networking.istio.io/v1alpha3 -kind: EnvoyFilter -metadata: - name: add-user-filter - namespace: istio-system -spec: - workloadSelector: - labels: - app: istio-ingressgateway - configPatches: - - applyTo: HTTP_FILTER - match: - context: GATEWAY - listener: - filterChain: - filter: - name: "envoy.http_connection_manager" - subFilter: - name: "envoy.router" - patch: - operation: INSERT_BEFORE - value: - name: envoy.lua - typed_config: - "@type": "type.googleapis.com/envoy.config.filter.http.lua.v2.Lua" - inlineCode: | - function envoy_on_request(request_handle) - request_handle:headers():add("kubeflow-userid","anonymous@kubeflow.org") - end diff --git a/common/istio/add-anonymous-user-filter-istio-1.6/kustomization.yaml b/common/istio/add-anonymous-user-filter-istio-1.6/kustomization.yaml deleted file mode 100644 index 45e61bd377..0000000000 --- a/common/istio/add-anonymous-user-filter-istio-1.6/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: istio-system -resources: -- envoy-filter.yaml diff --git a/common/knative/README.md b/common/knative/README.md index df54ef742e..514a3d331d 100644 --- a/common/knative/README.md +++ b/common/knative/README.md @@ -4,8 +4,8 @@ The manifests for Knative Serving are based off the following: - - [Knative serving (v0.22.1)](https://github.com/knative/serving/releases/download/v0.22.1/serving-core.yaml) - - [Knative ingress controller for Istio (v0.22.1)](https://github.com/knative-sandbox/net-istio/releases/download/v0.22.1/net-istio.yaml) + - [Knative serving (v1.2.5)](https://github.com/knative/serving/releases/download/knative-v1.2.5/serving-core.yaml) + - [Knative ingress controller for Istio (v1.2.0)](https://github.com/knative-sandbox/net-istio/releases/download/knative-v1.2.0/net-istio.yaml) 1. Download the knative-serving manifests with the following commands: @@ -13,9 +13,9 @@ The manifests for Knative Serving are based off the following: ```sh # No need to install serving-crds. # See: https://github.com/knative/serving/issues/9945 - wget -O knative-serving/base/upstream/serving-core.yaml 'https://github.com/knative/serving/releases/download/v0.22.1/serving-core.yaml' - wget -O knative-serving/base/upstream/net-istio.yaml 'https://github.com/knative-sandbox/net-istio/releases/download/v0.22.1/net-istio.yaml' - wget -O knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml https://github.com/knative/serving/releases/download/v0.22.1/serving-post-install-jobs.yaml + wget -O knative-serving/base/upstream/serving-core.yaml 'https://github.com/knative/serving/releases/download/knative-v1.2.5/serving-core.yaml' + wget -O knative-serving/base/upstream/net-istio.yaml 'https://github.com/knative-sandbox/net-istio/releases/download/knative-v1.2.0/net-istio.yaml' + wget -O knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml https://github.com/knative/serving/releases/download/knative-v1.2.5/serving-post-install-jobs.yaml ``` 1. Remove all comments, since `yq` does not handle them correctly. See: @@ -46,6 +46,8 @@ The manifests for Knative Serving are based off the following: yq eval -i 'select((.kind == "Gateway" and .metadata.name == "knative-ingress-gateway") | not)' knative-serving/base/upstream/net-istio.yaml ``` + NOTE: You'll need to remove a redundant `{}` at the end of the `knative-serving/base/upstream/net-istio.yaml` file. + 1. Set `metadata.name` in the serving post-install job, to be deploy-able with `kustomize` and `kubectl apply`: @@ -55,6 +57,10 @@ The manifests for Knative Serving are based off the following: yq eval -i 'select(.kind == "Job" and .metadata.generateName == "storage-version-migration-serving-") | .metadata.name = "storage-version-migration-serving"' knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml ``` + +NOTE: You'll need to remove a redundant `{}` at the end of the `knative-serving/base/upstream/net-istio.yaml` and +`knative-serving/base/upstream/serving-core.yaml` files. + ### Changes from upstream - In `knative-serving/base/upstream/net-istio.yaml`, the `knative-ingress-gateway` Gateway is removed since we use the Kubeflow gateway. @@ -67,20 +73,20 @@ The manifests for Knative Serving are based off the following: ## Knative-Eventing -The manifests for Knative Eventing are based off the the [v0.22.1 release](https://github.com/knative/eventing/releases/tag/v0.22.1). +The manifests for Knative Eventing are based off the the [v1.2.4 release](https://github.com/knative/eventing/releases/tag/knative-v1.2.4). - - [Eventing Core](https://github.com/knative/eventing/releases/download/v0.22.1/eventing-core.yaml) - - [In-Memory Channel](https://github.com/knative/eventing/releases/download/v0.22.1/in-memory-channel.yaml) - - [MT Channel Broker](https://github.com/knative/eventing/releases/download/v0.22.1/mt-channel-broker.yaml) + - [Eventing Core](https://github.com/knative/eventing/releases/download/knative-v1.2.4/eventing-core.yaml) + - [In-Memory Channel](https://github.com/knative/eventing/releases/download/knative-v1.2.4/in-memory-channel.yaml) + - [MT Channel Broker](https://github.com/knative/eventing/releases/download/knative-v1.2.4/mt-channel-broker.yaml) -1. Download the knative-serving manifests with the following commands: +1. Download the knative-eventing manifests with the following commands: ```sh - wget -O knative-eventing/base/upstream/eventing-core.yaml 'https://github.com/knative/eventing/releases/download/v0.22.1/eventing-core.yaml' - wget -O knative-eventing/base/upstream/in-memory-channel.yaml 'https://github.com/knative/eventing/releases/download/v0.22.1/in-memory-channel.yaml' - wget -O knative-eventing/base/upstream/mt-channel-broker.yaml 'https://github.com/knative/eventing/releases/download/v0.22.1/mt-channel-broker.yaml' - wget -O knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml https://github.com/knative/eventing/releases/download/v0.22.1/eventing-post-install-jobs.yaml + wget -O knative-eventing/base/upstream/eventing-core.yaml 'https://github.com/knative/eventing/releases/download/knative-v1.2.4/eventing-core.yaml' + wget -O knative-eventing/base/upstream/in-memory-channel.yaml 'https://github.com/knative/eventing/releases/download/knative-v1.2.4/in-memory-channel.yaml' + wget -O knative-eventing/base/upstream/mt-channel-broker.yaml 'https://github.com/knative/eventing/releases/download/knative-v1.2.4/mt-channel-broker.yaml' + wget -O knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml https://github.com/knative/eventing/releases/download/knative-v1.2.4/eventing-post-install.yaml ``` 1. Remove all comments, since `yq` does not handle them correctly. See: @@ -124,4 +130,4 @@ distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -``` +``` \ No newline at end of file diff --git a/common/knative/knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml b/common/knative/knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml index fbc7fe5585..6ef5c02074 100644 --- a/common/knative/knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml +++ b/common/knative/knative-eventing-post-install-jobs/base/eventing-post-install-jobs.yaml @@ -3,7 +3,7 @@ kind: ClusterRole metadata: name: knative-eventing-post-install-job-role labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" rules: - apiGroups: - "apiextensions.k8s.io" @@ -19,13 +19,77 @@ rules: - apiGroups: - "sources.knative.dev" resources: + - "apiserversources" + - "apiserversources/finalizers" + - "apiserversources/status" + - "containersources" + - "containersources/finalizers" + - "containersources/status" - "pingsources" + - "pingsources/finalizers" + - "pingsources/status" + - "sinkbindings" + - "sinkbindings/finalizers" + - "sinkbindings/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "watch" + - apiGroups: + - "eventing.knative.dev" + resources: + - "brokers" + - "brokers/finalizers" + - "brokers/status" + - "eventtypes" + - "eventtypes/finalizers" + - "eventtypes/status" + - "triggers" + - "triggers/finalizers" + - "triggers/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "watch" + - apiGroups: + - "messaging.knative.dev" + resources: + - "channels" + - "channels/finalizers" + - "channels/status" + - "inmemorychannels" + - "inmemorychannels/finalizers" + - "inmemorychannels/status" + - "subscriptions" + - "subscriptions/finalizers" + - "subscriptions/status" + verbs: + - "get" + - "list" + - "create" + - "update" + - "patch" + - "watch" + - apiGroups: + - "flows.knative.dev" + resources: + - "parallels" + - "parallels/finalizers" + - "parallels/status" + - "sequences" + - "sequences/finalizers" + - "sequences/status" verbs: - "get" - "list" - "create" - "update" - - "delete" - "patch" - "watch" - apiGroups: @@ -36,45 +100,20 @@ rules: - "get" - "list" --- -apiVersion: batch/v1 -kind: Job -metadata: - name: v0.22.0-pingsource-cleanup - namespace: knative-eventing - labels: - eventing.knative.dev/release: "v0.22.1" -spec: - ttlSecondsAfterFinished: 600 - template: - metadata: - annotations: - sidecar.istio.io/inject: "false" - spec: - serviceAccountName: knative-eventing-post-install-job - restartPolicy: Never - containers: - - name: pingsource - image: gcr.io/knative-releases/knative.dev/eventing/cmd/v0.22/pingsource-cleanup@sha256:837b8d5cfe38afa297d25e7aed30ec8df80f721a084d4fdcc614d65afde4c528 - env: - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace ---- apiVersion: v1 kind: ServiceAccount metadata: name: knative-eventing-post-install-job namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: knative-eventing-post-install-job-role-binding labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" subjects: - kind: ServiceAccount name: knative-eventing-post-install-job @@ -87,19 +126,19 @@ roleRef: apiVersion: batch/v1 kind: Job metadata: - name: v0.21-storage-version-migration + generateName: storage-version-migration-eventing- namespace: knative-eventing labels: - app: "storage-version-migration" - eventing.knative.dev/release: "v0.22.1" + app: "storage-version-migration-eventing" + eventing.knative.dev/release: "v1.2.4" spec: ttlSecondsAfterFinished: 600 backoffLimit: 10 template: metadata: labels: - app: "storage-version-migration" - eventing.knative.dev/release: "v0.22.1" + app: "storage-version-migration-eventing" + eventing.knative.dev/release: "v1.2.4" annotations: sidecar.istio.io/inject: "false" spec: @@ -107,8 +146,26 @@ spec: restartPolicy: OnFailure containers: - name: migrate - image: gcr.io/knative-releases/knative.dev/eventing/vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:ef150a99d5b18781746d3934f181a766b27a975cb7593d9283fbd040e9ebfe5b + image: gcr.io/knative-releases/knative.dev/eventing/vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:ce1cf40c3e58fb437bac1731aa4dd3bda63bcedeaaf303b928963071192f82bf args: + - "apiserversources.sources.knative.dev" + - "brokers.eventing.knative.dev" + - "channels.messaging.knative.dev" + - "containersources.sources.knative.dev" + - "eventtypes.eventing.knative.dev" + - "inmemorychannels.messaging.knative.dev" + - "parallels.flows.knative.dev" - "pingsources.sources.knative.dev" + - "sequences.flows.knative.dev" + - "sinkbindings.sources.knative.dev" + - "subscriptions.messaging.knative.dev" + - "triggers.eventing.knative.dev" + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all --- diff --git a/common/knative/knative-eventing/base/kustomization.yaml b/common/knative/knative-eventing/base/kustomization.yaml index 1e8cb25ffb..8b579a06a6 100644 --- a/common/knative/knative-eventing/base/kustomization.yaml +++ b/common/knative/knative-eventing/base/kustomization.yaml @@ -3,8 +3,8 @@ kind: Kustomization namespace: knative-eventing resources: - upstream/eventing-core.yaml -- upstream/in-memory-channel.yaml -- upstream/mt-channel-broker.yaml +# - upstream/in-memory-channel.yaml +# - upstream/mt-channel-broker.yaml patchesStrategicMerge: - patches/clusterrole-patch.yaml commonLabels: diff --git a/common/knative/knative-eventing/base/upstream/eventing-core.yaml b/common/knative/knative-eventing/base/upstream/eventing-core.yaml index e692914457..7de25adbfe 100644 --- a/common/knative/knative-eventing/base/upstream/eventing-core.yaml +++ b/common/knative/knative-eventing/base/upstream/eventing-core.yaml @@ -3,7 +3,9 @@ kind: Namespace metadata: name: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing --- apiVersion: v1 kind: ServiceAccount @@ -11,14 +13,18 @@ metadata: name: eventing-controller namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: eventing-controller labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-controller @@ -33,7 +39,9 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-resolver labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-controller @@ -48,7 +56,9 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-source-observer labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-controller @@ -63,7 +73,9 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-sources-controller labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-controller @@ -78,7 +90,9 @@ kind: ClusterRoleBinding metadata: name: eventing-controller-manipulator labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-controller @@ -94,14 +108,18 @@ metadata: name: pingsource-mt-adapter namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: knative-eventing-pingsource-mt-adapter labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: pingsource-mt-adapter @@ -117,14 +135,18 @@ metadata: name: eventing-webhook namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: eventing-webhook labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-webhook @@ -140,7 +162,9 @@ metadata: namespace: knative-eventing name: eventing-webhook labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-webhook @@ -155,7 +179,9 @@ kind: ClusterRoleBinding metadata: name: eventing-webhook-resolver labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-webhook @@ -170,7 +196,9 @@ kind: ClusterRoleBinding metadata: name: eventing-webhook-podspecable-binding labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-webhook @@ -186,9 +214,11 @@ metadata: name: config-br-default-channel namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing data: - channelTemplateSpec: | + channel-template-spec: | apiVersion: messaging.knative.dev/v1 kind: InMemoryChannel --- @@ -198,7 +228,9 @@ metadata: name: config-br-defaults namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing data: default-br-config: | clusterDefault: @@ -207,6 +239,10 @@ data: kind: ConfigMap name: config-br-default-channel namespace: knative-eventing + delivery: + retry: 10 + backoffPolicy: exponential + backoffDelay: PT0.2S --- apiVersion: v1 kind: ConfigMap @@ -214,7 +250,9 @@ metadata: name: default-ch-webhook namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing data: default-ch-config: | clusterDefault: @@ -231,9 +269,11 @@ metadata: name: config-ping-defaults namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" annotations: - knative.dev/example-checksum: "f8e5a744" + knative.dev/example-checksum: "9185c153" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing data: _example: | ################################ @@ -253,7 +293,60 @@ data: # Max number of bytes allowed to be sent for message excluding any # base64 decoding. Default is no limit set for data - dataMaxSize: -1 + data-max-size: -1 +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-features + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.2.4" + knative.dev/config-propagation: original + knative.dev/config-category: eventing + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +data: + kreference-group: "disabled" + delivery-retryafter: "disabled" + delivery-timeout: "disabled" + kreference-mapping: "disabled" + strict-subscriber: "disabled" + new-trigger-filters: "disabled" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-kreference-mapping + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.2.4" + knative.dev/config-propagation: original + knative.dev/config-category: eventing + annotations: + knative.dev/example-checksum: "7375dbe1" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + + # this is an example of mapping from pod to addressable-pod service + # the data key must be of the form "kind.version.group" + # the data value must be a valid URL. Valid template data are: + # - Name: reference name + # - Namespace: reference namespace + # - SystemNamespace: knative namespace + # - UID: reference UID + # + # Pod.v1: https://addressable-pod.{{ .SystemNamespace }}.svc.cluster.local/{{ .Name }} --- apiVersion: v1 kind: ConfigMap @@ -261,9 +354,11 @@ metadata: name: config-leader-election namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing annotations: - knative.dev/example-checksum: "96896b00" + knative.dev/example-checksum: "f7948630" data: _example: | ################################ @@ -281,17 +376,17 @@ data: # this example block and unindented to be in the data block # to actually change the configuration. - # leaseDuration is how long non-leaders will wait to try to acquire the + # lease-duration is how long non-leaders will wait to try to acquire the # lock; 15 seconds is the value used by core kubernetes controllers. - leaseDuration: "15s" + lease-duration: "15s" - # renewDeadline is how long a leader will try to renew the lease before + # renew-deadline is how long a leader will try to renew the lease before # giving up; 10 seconds is the value used by core kubernetes controllers. - renewDeadline: "10s" + renew-deadline: "10s" - # retryPeriod is how long the leader election client waits between tries of + # retry-period is how long the leader election client waits between tries of # actions; 2 seconds is the value used by core kubernetes controllers. - retryPeriod: "2s" + retry-period: "2s" # buckets is the number of buckets used to partition key space of each # Reconciler. If this number is M and the replica number of the controller @@ -306,9 +401,11 @@ metadata: name: config-logging namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" knative.dev/config-propagation: original knative.dev/config-category: eventing + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing data: zap-logger-config: | { @@ -340,9 +437,11 @@ metadata: name: config-observability namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" knative.dev/config-propagation: original knative.dev/config-category: eventing + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing annotations: knative.dev/example-checksum: "f46cf09d" data: @@ -400,11 +499,13 @@ metadata: name: config-tracing namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" knative.dev/config-propagation: original knative.dev/config-category: eventing + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing annotations: - knative.dev/example-checksum: "4002b4c2" + knative.dev/example-checksum: "0492ceb0" data: _example: | ################################ @@ -421,18 +522,13 @@ data: # this example block and unindented to be in the data block # to actually change the configuration. # - # This may be "zipkin" or "stackdriver", the default is "none" + # This may be "zipkin" or "none". the default is "none" backend: "none" # URL to zipkin collector where traces are sent. # This must be specified when backend is "zipkin" zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - # The GCP project into which stackdriver metrics will be written - # when backend is "stackdriver". If unspecified, the project-id - # is read from GCP metadata when running on GCP. - stackdriver-project-id: "my-project" - # Enable zipkin debug mode. This allows all spans to be sent to the server # bypassing sampling. debug: "false" @@ -446,8 +542,11 @@ metadata: name: eventing-controller namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" knative.dev/high-availability: "true" + app.kubernetes.io/component: eventing-controller + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing spec: selector: matchLabels: @@ -456,7 +555,10 @@ spec: metadata: labels: app: eventing-controller - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/component: eventing-autoscaler + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing spec: affinity: podAntiAffinity: @@ -472,7 +574,7 @@ spec: containers: - name: eventing-controller terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:6ddffbc286a84048cfd090193d00b4ecda25a3a7bf2de1a8e873f8b3755cc913 + image: gcr.io/knative-releases/knative.dev/eventing/cmd/controller@sha256:dc0ac2d8f235edb04ec1290721f389d2bc719ab8b6222ee86f17af8d7d2a160f resources: requests: cpu: 100m @@ -489,13 +591,18 @@ spec: - name: METRICS_DOMAIN value: knative.dev/eventing - name: APISERVER_RA_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:a05b1db9acdfe901417307ddf403ec3702f219e5aeb25d692bc9542fc6421330 + value: gcr.io/knative-releases/knative.dev/eventing/cmd/apiserver_receive_adapter@sha256:5b672eedd343bcf9496c2070479f9d8f29231069148bf2aa7991bd5ca5a7562a - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all ports: - name: metrics containerPort: 9090 @@ -508,7 +615,10 @@ metadata: name: pingsource-mt-adapter namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/component: pingsource-mt-adapter + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing spec: replicas: 0 selector: @@ -520,12 +630,25 @@ spec: labels: eventing.knative.dev/source: ping-source-controller sources.knative.dev/role: adapter - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/component: pingsource-mt-adapter + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + eventing.knative.dev/source: ping-source-controller + sources.knative.dev/role: adapter + topologyKey: kubernetes.io/hostname + weight: 100 enableServiceLinks: false containers: - name: dispatcher - image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtping@sha256:edf462d03591e53e536640591a53538e6bea837fea15ed081eccfb42bc35a5c0 + image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtping@sha256:632d9d710d070efed2563f6125a87993e825e8e36562ec3da0366e2a897406c0 env: - name: SYSTEM_NAMESPACE value: '' @@ -558,6 +681,13 @@ spec: limits: cpu: 1000m memory: 2048Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all serviceAccountName: pingsource-mt-adapter --- apiVersion: autoscaling/v2beta2 @@ -566,7 +696,10 @@ metadata: name: eventing-webhook namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing spec: scaleTargetRef: apiVersion: apps/v1 @@ -588,7 +721,10 @@ metadata: name: eventing-webhook namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing spec: minAvailable: 80% selector: @@ -601,7 +737,10 @@ metadata: name: eventing-webhook namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing spec: selector: matchLabels: @@ -612,6 +751,10 @@ spec: labels: app: eventing-webhook role: eventing-webhook + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing spec: affinity: podAntiAffinity: @@ -627,7 +770,7 @@ spec: containers: - name: eventing-webhook terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:9f70a2a8bb78781472fba0327c5d6ff91f13a29736d4502bf8ad3d60d3f16ccd + image: gcr.io/knative-releases/knative.dev/eventing/cmd/webhook@sha256:b7faf7d253bd256dbe08f1cac084469128989cf39abbe256ecb4e1d4eb085a31 resources: requests: cpu: 100m @@ -656,6 +799,11 @@ spec: fieldPath: metadata.name securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all ports: - name: https-webhook containerPort: 8443 @@ -686,8 +834,11 @@ apiVersion: v1 kind: Service metadata: labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" role: eventing-webhook + app.kubernetes.io/component: eventing-webhook + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing name: eventing-webhook namespace: knative-eventing spec: @@ -703,10 +854,12 @@ kind: CustomResourceDefinition metadata: creationTimestamp: null labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" eventing.knative.dev/source: "true" duck.knative.dev/source: "true" knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing annotations: registry.knative.dev/eventTypes: | [ @@ -721,128 +874,92 @@ metadata: spec: group: sources.knative.dev versions: - - name: v1alpha1 + - name: v1 served: true - storage: false + storage: true subresources: status: {} schema: openAPIV3Schema: - type: object description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' + type: object properties: spec: type: object - description: 'ApiServerSourceSpec defines the desired state of ApiServerSource (from the client).' + required: + - resources properties: ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. type: object properties: extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. type: object - additionalProperties: - type: string + x-kubernetes-preserve-unknown-fields: true mode: - description: 'Mode is the mode the receive adapter controller runs under: Ref or Resource. `Ref` sends only the reference to the resource. `Resource` send the full resource.' + description: EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference` type: string owner: - description: 'ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter.' + description: ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter. type: object properties: apiVersion: - description: 'APIVersion - the API version of the resource to watch.' + description: APIVersion - the API version of the resource to watch. type: string kind: description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string resources: - description: 'Resources is the list of resources to watch' + description: Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter. type: array items: type: object properties: apiVersion: - description: 'API version of the resource to watch.' + description: APIVersion - the API version of the resource to watch. type: string - controller: - description: 'If true, send an event referencing the object controlling the resource Deprecated: Per-resource controller flag will no longer be supported in v1alpha2, please use Spec.Owner as a GKV.' - type: boolean - controllerSelector: - description: 'ControllerSelector restricts this source to objects with a controlling owner reference of the specified kind. Only apiVersion and kind are used. Both are optional. Deprecated: Per-resource owner refs will no longer be supported in v1alpha2, please use Spec.Owner as a GKV.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - blockOwnerDeletion: - description: 'If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.' - type: boolean - controller: - description: 'If true, this reference points to the managing controller.' - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string kind: description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string - labelSelector: - description: 'LabelSelector restricts this source to objects with the selected labels More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' + selector: + description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' type: object properties: matchExpressions: - description: 'matchExpressions is a list of label selector requirements. The requirements are ANDed.' + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: type: object properties: key: - description: 'key is the label key that the selector applies to.' + description: key is the label key that the selector applies to. type: string operator: - description: 'operator represents a key''s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.' + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: 'values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.' + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. type: array items: type: string matchLabels: - description: 'matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.' + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object x-kubernetes-preserve-unknown-fields: true serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this source.' + description: ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set. type: string sink: - description: 'Sink is a reference to an object that will resolve to a domain name to use as the sink.' + description: Sink is a reference to an object that will resolve to a uri to use as the sink. type: object properties: - apiVersion: - type: string - kind: - type: string - name: - type: string - namespace: - type: string ref: - description: 'Ref points to an Addressable.' + description: Ref points to an Addressable. type: object properties: apiVersion: - description: 'API version of the referent.' - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + description: API version of the referent. type: string kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' @@ -851,39 +968,32 @@ spec: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' type: string uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string status: type: object - description: 'ApiServerSourceStatus defines the observed state of ApiServerSource (from the controller).' properties: annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. type: array items: type: object properties: source: - description: 'Source is the CloudEvents source attribute.' + description: Source is the CloudEvents source attribute. type: string type: - description: Type refers to the CloudEvent type attribute.' + description: Type refers to the CloudEvent type attribute. type: string conditions: - description: 'Conditions the latest available observations of a resource''s current state.' + description: Conditions the latest available observations of a resource's current state. type: array items: type: object @@ -892,29 +1002,29 @@ spec: - status properties: lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). type: string message: - description: 'A human readable message indicating details about the transition.' + description: A human readable message indicating details about the transition. type: string reason: - description: 'The reason for the condition''s last transition.' + description: The reason for the condition's last transition. type: string severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. type: string status: - description: 'Status of the condition, one of True, False, Unknown.' + description: Status of the condition, one of True, False, Unknown. type: string type: - description: 'Type of condition.' + description: Type of condition. type: string observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer format: int64 sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' + description: SinkURI is the current active sink URI that has been configured for the Source. type: string additionalPrinterColumns: - name: Sink @@ -929,154 +1039,125 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - subresources: - status: {} - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1alpha2 + names: + categories: + - all + - knative + - sources + kind: ApiServerSource + plural: apiserversources + singular: apiserversource + scope: Namespaced +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: brokers.eventing.knative.dev + labels: + eventing.knative.dev/release: "v1.2.4" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +spec: + group: eventing.knative.dev + versions: + - name: v1 served: true - storage: false + storage: true + subresources: + status: {} schema: openAPIV3Schema: + description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' type: object - description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' properties: spec: + description: Spec defines the desired state of the Broker. type: object - description: 'ApiServerSourceSpec defines the desired state of ApiServerSource (from the client).' - required: - - resources properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - additionalProperties: - type: string - mode: - description: 'EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference`' - type: string - owner: - description: 'ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter.' + config: + description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. type: object properties: apiVersion: - description: 'APIVersion - the API version of the resource to watch.' + description: API version of the referent. type: string kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string - resources: - description: 'Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter.' + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + delivery: + description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true + status: + description: Status represents the current state of the Broker. This data may be out of date. + type: object + properties: + address: + description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. + type: object + properties: + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + conditions: + description: Conditions the latest available observations of a resource's current state. type: array items: type: object + required: + - type + - status properties: - apiVersion: - description: 'APIVersion - the API version of the resource to watch.' + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - selector: - description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' - type: object - properties: - matchExpressions: - description: 'matchExpressions is a list of label selector requirements. The requirements are ANDed.' - type: array - items: - type: object - properties: - key: - description: 'key is the label key that the selector applies to.' - type: string - operator: - description: 'operator represents a key''s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.' - type: string - values: - description: 'values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.' - type: array - items: - type: string - matchLabels: - description: 'matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.' - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set.' - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - status: - type: object - description: 'ApiServerSourceStatus defines the observed state of ApiServerSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' + message: + description: 'A human readable message indicating details about the transition.' type: string reason: description: 'The reason for the condition''s last transition.' @@ -1090,19 +1171,17 @@ spec: type: description: 'Type of condition.' type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. + type: string observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - - subresources: - status: {} additionalPrinterColumns: - - name: Sink + - name: URL type: string - jsonPath: ".status.sinkUri" + jsonPath: .status.address.url - name: Age type: date jsonPath: .metadata.creationTimestamp @@ -1112,260 +1191,322 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1beta1 + names: + kind: Broker + plural: brokers + singular: broker + categories: + - all + - knative + - eventing + scope: Namespaced +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: channels.messaging.knative.dev + labels: + eventing.knative.dev/release: "v1.2.4" + knative.dev/crd-install: "true" + messaging.knative.dev/subscribable: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +spec: + group: messaging.knative.dev + versions: + - name: v1 served: true - storage: false + storage: true + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.address.url + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" schema: openAPIV3Schema: + description: 'Channel represents a generic Channel. It is normally used when we want a Channel, but do not need a specific Channel implementation.' type: object - description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' properties: spec: + description: Spec defines the desired state of the Channel. type: object - description: 'ApiServerSourceSpec defines the desired state of ApiServerSource (from the client).' - required: - - resources properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - additionalProperties: - type: string - mode: - description: 'EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference`' - type: string - owner: - description: 'ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter.' + channelTemplate: + description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. type: object properties: apiVersion: - description: 'APIVersion - the API version of the resource to watch.' + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string - resources: - description: 'Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter.' - type: array - items: - type: object - properties: - apiVersion: - description: 'APIVersion - the API version of the resource to watch.' - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - selector: - description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' - type: object - properties: - matchExpressions: - description: 'matchExpressions is a list of label selector requirements. The requirements are ANDed.' - type: array - items: - type: object - properties: - key: - description: 'key is the label key that the selector applies to.' - type: string - operator: - description: 'operator represents a key''s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.' - type: string - values: - description: 'values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.' - type: array - items: - type: string - matchLabels: - description: 'matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.' - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set.' - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' + spec: + description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. + type: object + x-kubernetes-preserve-unknown-fields: true + delivery: + description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. type: object properties: - ref: - description: 'Ref points to an Addressable.' + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. type: object properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - status: - type: object - description: 'ApiServerSourceStatus defines the observed state of ApiServerSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' + subscribers: + description: This is the list of subscriptions for this subscribable. type: array items: type: object - required: - - type - - status properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' + delivery: + description: DeliverySpec contains options controlling the event delivery + type: object + properties: + backoffDelay: + description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' + type: string + backoffPolicy: + description: BackoffPolicy is the retry backoff policy (linear, exponential). + type: string + deadLetterSink: + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + retry: + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. + type: integer + format: int32 + x-kubernetes-preserve-unknown-fields: true + generation: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + replyUri: + description: ReplyURI is the endpoint for the reply + type: string + subscriberUri: + description: SubscriberURI is the endpoint for the subscriber + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string + status: + description: Status represents the current state of the Channel. This data may be out of date. + type: object + properties: + address: + type: object + properties: + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + x-kubernetes-preserve-unknown-fields: true + channel: + description: Channel is an KReference to the Channel CRD backing this Channel. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. type: string severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. type: string status: - description: 'Status of the condition, one of True, False, Unknown.' + description: Status of the condition, one of True, False, Unknown. type: string type: - description: 'Type of condition.' + description: Type of condition. type: string + deadLetterChannel: + description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter sink that will be used as a fallback when not specified by Triggers. + type: string observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - - subresources: - status: {} - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1 + subscribers: + description: This is the list of subscription's statuses for this channel. + type: array + items: + type: object + properties: + message: + description: A human readable message indicating details of Ready status. + type: string + observedGeneration: + description: Generation of the origin of the subscriber with uid:UID. + type: integer + format: int64 + ready: + description: Status of the subscriber. + type: string + uid: + description: UID is used to understand the origin of the subscriber. + type: string + names: + kind: Channel + plural: channels + singular: channel + categories: + - all + - knative + - messaging + - channel + shortNames: + - ch + scope: Namespaced +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/release: "v1.2.4" + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing + name: containersources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 served: true storage: true + subresources: + status: {} schema: openAPIV3Schema: + description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' type: object - description: 'ApiServerSource is an event source that brings Kubernetes API server events into Knative.' properties: spec: type: object - description: 'ApiServerSourceSpec defines the desired state of ApiServerSource (from the client).' - required: - - resources properties: ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. type: object properties: extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. type: object - additionalProperties: - type: string - mode: - description: 'EventMode controls the format of the event. `Reference` sends a dataref event type for the resource under watch. `Resource` send the full resource lifecycle event. Defaults to `Reference`' - type: string - owner: - description: 'ResourceOwner is an additional filter to only track resources that are owned by a specific resource type. If ResourceOwner matches Resources[n] then Resources[n] is allowed to pass the ResourceOwner filter.' - type: object - properties: - apiVersion: - description: 'APIVersion - the API version of the resource to watch.' - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - resources: - description: 'Resource are the resources this source will track and send related lifecycle events from the Kubernetes ApiServer, with an optional label selector to help filter.' - type: array - items: - type: object - properties: - apiVersion: - description: 'APIVersion - the API version of the resource to watch.' - type: string - kind: - description: 'Kind of the resource to watch. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - selector: - description: 'LabelSelector filters this source to objects to those resources pass the label selector. More info: http://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' - type: object - properties: - matchExpressions: - description: 'matchExpressions is a list of label selector requirements. The requirements are ANDed.' - type: array - items: - type: object - properties: - key: - description: 'key is the label key that the selector applies to.' - type: string - operator: - description: 'operator represents a key''s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.' - type: string - values: - description: 'values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.' - type: array - items: - type: string - matchLabels: - description: 'matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.' - type: object - x-kubernetes-preserve-unknown-fields: true - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this source. Defaults to default if not set.' - type: string + x-kubernetes-preserve-unknown-fields: true sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' + description: Sink is a reference to an object that will resolve to a uri to use as the sink. type: object properties: ref: - description: 'Ref points to an Addressable.' + description: Ref points to an Addressable. type: object properties: apiVersion: - description: 'API version of the referent.' + description: API version of the referent. type: string kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' @@ -1377,30 +1518,33 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' type: string uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string + template: + type: object + x-kubernetes-preserve-unknown-fields: true + description: 'A template in the shape of `Deployment.spec.template` to be used for this ContainerSource. More info: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/' status: type: object - description: 'ApiServerSourceStatus defines the observed state of ApiServerSource (from the controller).' properties: annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. type: array items: type: object properties: source: - description: 'Source is the CloudEvents source attribute.' + description: Source is the CloudEvents source attribute. type: string type: - description: 'Type refers to the CloudEvent type attribute.' + description: Type refers to the CloudEvent type attribute. type: string conditions: - description: 'Conditions the latest available observations of a resource''s current state.' + description: Conditions the latest available observations of a resource's current state. type: array items: type: object @@ -1409,142 +1553,106 @@ spec: - status properties: lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). type: string message: - description: 'A human readable message indicating details about the transition.' + description: A human readable message indicating details about the transition. type: string reason: - description: 'The reason for the condition''s last transition.' + description: The reason for the condition's last transition. type: string severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. type: string status: - description: 'Status of the condition, one of True, False, Unknown.' + description: Status of the condition, one of True, False, Unknown. type: string type: - description: 'Type of condition.' + description: Type of condition. type: string observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer format: int64 sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' + description: SinkURI is the current active sink URI that has been configured for the Source. type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" names: categories: - all - knative - sources - kind: ApiServerSource - plural: apiserversources - singular: apiserversource + kind: ContainerSource + plural: containersources + singular: containersource scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: brokers.eventing.knative.dev + name: eventtypes.eventing.knative.dev labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev versions: - name: v1beta1 served: true - storage: false + storage: true subresources: status: {} schema: openAPIV3Schema: - description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' type: object + description: 'EventType represents a type of event that can be consumed from a Broker.' properties: spec: - description: Spec defines the desired state of the Broker. + description: 'Spec defines the desired state of the EventType.' type: object properties: - config: - description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - delivery: - description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 + broker: + type: string + description: + description: 'Description is an optional field used to describe the EventType, in any meaningful way.' + type: string + schema: + description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' + type: string + schemaData: + description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' + type: string + source: + description: 'Source is a URI, it represents the CloudEvents source.' + type: string + type: + description: 'Type represents the CloudEvents type. It is authoritative.' + type: string status: - description: Status represents the current state of the Broker. This data may be out of date. + description: 'Status represents the current state of the EventType. This data may be out of date.' type: object properties: - address: - description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. - type: object - properties: - url: - type: string annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' type: object x-kubernetes-preserve-unknown-fields: true conditions: - description: Conditions the latest available observations of a resource's current state. + description: 'Conditions the latest available observations of a resource''s current state.' type: array items: type: object @@ -1571,262 +1679,77 @@ spec: description: 'Type of condition.' type: string observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' type: integer format: int64 additionalPrinterColumns: - - name: URL + - name: Type type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready + jsonPath: ".spec.type" + - name: Source type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason + jsonPath: ".spec.source" + - name: Schema type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - subresources: - status: {} - additionalPrinterColumns: - - name: URL + jsonPath: ".spec.schema" + - name: Broker type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp + jsonPath: ".spec.broker" + - name: Description + type: string + jsonPath: ".spec.description" - name: Ready type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - name: Reason type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1 + names: + kind: EventType + plural: eventtypes + singular: eventtype + categories: + - all + - knative + - eventing + scope: Namespaced +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: parallels.flows.knative.dev + labels: + eventing.knative.dev/release: "v1.2.4" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +spec: + group: flows.knative.dev + versions: + - name: v1 served: true storage: true + subresources: + status: {} schema: openAPIV3Schema: - description: 'Broker collects a pool of events that are consumable using Triggers. Brokers provide a well-known endpoint for event delivery that senders can use with minimal knowledge of the event routing strategy. Subscribers use Triggers to request delivery of events from a Broker''s pool to a specific URL or Addressable endpoint.' + description: 'Parallel defines conditional branches that will be wired in series through Channels and Subscriptions.' type: object properties: spec: - description: Spec defines the desired state of the Broker. - type: object - properties: - config: - description: Config is a KReference to the configuration that specifies configuration options for this Broker. For example, this could be a pointer to a ConfigMap. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - delivery: - description: Delivery contains the delivery spec for each trigger to this Broker. Each trigger delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - status: - description: Status represents the current state of the Broker. This data may be out of date. + description: Spec defines the desired state of the Parallel. type: object properties: - address: - description: Broker is Addressable. It exposes the endpoint as an URI to get events delivered into the Broker mesh. - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - names: - kind: Broker - plural: brokers - singular: broker - categories: - - all - - knative - - eventing - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: channels.messaging.knative.dev - labels: - eventing.knative.dev/release: "v0.22.1" - knative.dev/crd-install: "true" - messaging.knative.dev/subscribable: "true" - duck.knative.dev/addressable: "true" -spec: - group: messaging.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - subscribers: - description: This is the list of subscriptions for this subscribable. + branches: + description: Branches is the list of Filter/Subscribers pairs. type: array items: type: object + x-kubernetes-preserve-unknown-fields: true properties: delivery: - description: DeliverySpec contains options controlling the event delivery + description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. type: object properties: backoffDelay: @@ -1862,1816 +1785,85 @@ spec: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer format: int32 - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the Channel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channel: - description: Channel is an KReference to the Channel CRD backing this Channel. + x-kubernetes-preserve-unknown-fields: true + filter: + description: Filter is the expression guarding the branch + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + reply: + description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + subscriber: + description: Subscriber receiving the event when the filter passes + type: object + properties: + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string + channelTemplate: + description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). type: object properties: apiVersion: - description: API version of the referent. + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use to create the CRD Channel backing this Channel. This is immutable after creation. Normally this is set by the Channel defaulter, not directly by the user. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the Channel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - channel: - description: Channel is an KReference to the Channel CRD backing this Channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - names: - kind: Channel - plural: channels - singular: channel - categories: - - all - - knative - - messaging - - channel - shortNames: - - ch - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/release: "v0.22.1" - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - name: containersources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1alpha2 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' - properties: - spec: - type: object - description: 'ContainerSourceSpec defines the desired state of ContainerSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - template: - description: 'Template describes the pods that will be created' - type: object - properties: - annotations: - description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - x-kubernetes-preserve-unknown-fields: true - clusterName: - description: 'The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.' - type: string - creationTimestamp: - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: string - deletionGracePeriodSeconds: - description: 'Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.' - type: integer - format: int64 - deletionTimestamp: - description: 'DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: string - finalizers: - description: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' - type: array - items: - type: string - generateName: - description: 'GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency' - type: string - generation: - description: 'A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.' - type: integer - format: int64 - labels: - description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - x-kubernetes-preserve-unknown-fields: true - managedFields: - description: 'ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn''t need to set or understand this field. A workflow can be the user''s name, a controller''s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. ' - type: array - items: - type: object - properties: - apiVersion: - description: 'APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.' - type: string - fieldsType: - description: 'FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"' - type: string - fieldsV1: - description: 'FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.' - type: string - manager: - description: 'Manager is an identifier of the workflow managing these fields.' - type: string - operation: - description: 'Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are "Apply" and "Update".' - type: string - time: - description: 'Time is timestamp of when these fields were set. It should always be empty if Operation is "Apply"' - type: string - name: - description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: 'Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces' - type: string - ownerReferences: - description: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' - type: array - items: - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - blockOwnerDeletion: - description: 'If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.' - type: boolean - controller: - description: 'If true, this reference points to the managing controller.' - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - resourceVersion: - description: 'An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: 'SelfLink is a URL representing this object. Populated by the system. Read-only. DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.' - type: string - spec: - description: 'Specification of the desired behavior of the pod. More info: Type ''kubectl explain pod.spec''. Also, https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - x-kubernetes-preserve-unknown-fields: true - uid: - description: 'UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - status: - type: object - description: 'ContainerSourceStatus defines the observed state of ContainerSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - subresources: - status: {} - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - name: v1beta1 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' - properties: - spec: - type: object - description: 'ContainerSourceSpec defines the desired state of ContainerSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - template: - description: 'Template describes the pods that will be created' - type: object - properties: - annotations: - description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - x-kubernetes-preserve-unknown-fields: true - clusterName: - description: 'The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.' - type: string - creationTimestamp: - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: string - deletionGracePeriodSeconds: - description: 'Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.' - type: integer - format: int64 - deletionTimestamp: - description: 'DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: string - finalizers: - description: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' - type: array - items: - type: string - generateName: - description: 'GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency' - type: string - generation: - description: 'A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.' - type: integer - format: int64 - labels: - description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - x-kubernetes-preserve-unknown-fields: true - managedFields: - description: 'ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn''t need to set or understand this field. A workflow can be the user''s name, a controller''s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. ' - type: array - items: - type: object - properties: - apiVersion: - description: 'APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.' - type: string - fieldsType: - description: 'FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"' - type: string - fieldsV1: - description: 'FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.' - type: string - manager: - description: 'Manager is an identifier of the workflow managing these fields.' - type: string - operation: - description: 'Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are "Apply" and "Update".' - type: string - time: - description: 'Time is timestamp of when these fields were set. It should always be empty if Operation is "Apply"' - type: string - name: - description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: 'Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces' - type: string - ownerReferences: - description: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' - type: array - items: - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - blockOwnerDeletion: - description: 'If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.' - type: boolean - controller: - description: 'If true, this reference points to the managing controller.' - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - resourceVersion: - description: 'An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: 'SelfLink is a URL representing this object. Populated by the system. Read-only. DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.' - type: string - spec: - description: 'Specification of the desired behavior of the pod. More info: Type ''kubectl explain pod.spec''. Also, https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - x-kubernetes-preserve-unknown-fields: true - uid: - description: 'UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - status: - type: object - description: 'ContainerSourceStatus defines the observed state of ContainerSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - - subresources: - status: {} - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - description: 'ContainerSource is an event source that starts a container image which generates events under certain situations and sends messages to a sink URI' - properties: - spec: - type: object - description: 'ContainerSourceSpec defines the desired state of ContainerSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - x-kubernetes-preserve-unknown-fields: true - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - template: - description: 'Template describes the pods that will be created' - type: object - properties: - annotations: - description: 'Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - x-kubernetes-preserve-unknown-fields: true - clusterName: - description: 'The name of the cluster which the object belongs to. This is used to distinguish resources with same name and namespace in different clusters. This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.' - type: string - creationTimestamp: - description: 'CreationTimestamp is a timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: string - deletionGracePeriodSeconds: - description: 'Number of seconds allowed for this object to gracefully terminate before it will be removed from the system. Only set when deletionTimestamp is also set. May only be shortened. Read-only.' - type: integer - format: int64 - deletionTimestamp: - description: 'DeletionTimestamp is RFC 3339 date and time at which this resource will be deleted. This field is set by the server when a graceful deletion is requested by the user, and is not directly settable by a client. The resource is expected to be deleted (no longer visible from resource lists, and not reachable by name) after the time in this field, once the finalizers list is empty. As long as the finalizers list contains items, deletion is blocked. Once the deletionTimestamp is set, this value may not be unset or be set further into the future, although it may be shortened or the resource may be deleted prior to this time. For example, a user may request that a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination signal to the containers in the pod. After that 30 seconds, the Kubelet will send a hard termination signal (SIGKILL) to the container and after cleanup, remove the pod from the API. In the presence of network partitions, this object may still exist after this timestamp, until an administrator or automated process can determine the resource is fully terminated. If not set, graceful deletion of the object has not been requested. Populated by the system when a graceful deletion is requested. Read-only. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: string - finalizers: - description: 'Must be empty before the object is deleted from the registry. Each entry is an identifier for the responsible component that will remove the entry from the list. If the deletionTimestamp of the object is non-nil, entries in this list can only be removed. Finalizers may be processed and removed in any order. Order is NOT enforced because it introduces significant risk of stuck finalizers. finalizers is a shared field, any actor with permission can reorder it. If the finalizer list is processed in order, then this can lead to a situation in which the component responsible for the first finalizer in the list is waiting for a signal (field value, external system, or other) produced by a component responsible for a finalizer later in the list, resulting in a deadlock. Without enforced ordering finalizers are free to order amongst themselves and are not vulnerable to ordering changes in the list.' - type: array - items: - type: string - generateName: - description: 'GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency' - type: string - generation: - description: 'A sequence number representing a specific generation of the desired state. Populated by the system. Read-only.' - type: integer - format: int64 - labels: - description: 'Map of string keys and values that can be used to organize and categorize (scope and select) objects. May match selectors of replication controllers and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - x-kubernetes-preserve-unknown-fields: true - managedFields: - description: 'ManagedFields maps workflow-id and version to the set of fields that are managed by that workflow. This is mostly for internal housekeeping, and users typically shouldn''t need to set or understand this field. A workflow can be the user''s name, a controller''s name, or the name of a specific apply path like "ci-cd". The set of fields is always in the version that the workflow used when modifying the object. ' - type: array - items: - type: object - properties: - apiVersion: - description: 'APIVersion defines the version of this resource that this field set applies to. The format is "group/version" just like the top-level APIVersion field. It is necessary to track the version of a field set because it cannot be automatically converted.' - type: string - fieldsType: - description: 'FieldsType is the discriminator for the different fields format and version. There is currently only one possible value: "FieldsV1"' - type: string - fieldsV1: - description: 'FieldsV1 holds the first JSON version format as described in the "FieldsV1" type.' - type: string - manager: - description: 'Manager is an identifier of the workflow managing these fields.' - type: string - operation: - description: 'Operation is the type of operation which lead to this ManagedFieldsEntry being created. The only valid values for this field are "Apply" and "Update".' - type: string - time: - description: 'Time is timestamp of when these fields were set. It should always be empty if Operation is "Apply"' - type: string - name: - description: 'Name must be unique within a namespace. Is required when creating resources, although some resources may allow a client to request the generation of an appropriate name automatically. Name is primarily intended for creation idempotence and configuration definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: 'Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces' - type: string - ownerReferences: - description: 'List of objects depended by this object. If ALL objects in the list have been deleted, this object will be garbage collected. If this object is managed by a controller, then an entry in this list will point to this controller, with the controller field set to true. There cannot be more than one managing controller.' - type: array - items: - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - blockOwnerDeletion: - description: 'If true, AND if the owner has the "foregroundDeletion" finalizer, then the owner cannot be deleted from the key-value store until this reference is removed. Defaults to false. To set this field, a user needs "delete" permission of the owner, otherwise 422 (Unprocessable Entity) will be returned.' - type: boolean - controller: - description: 'If true, this reference points to the managing controller.' - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - resourceVersion: - description: 'An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: 'SelfLink is a URL representing this object. Populated by the system. Read-only. DEPRECATED Kubernetes will stop propagating this field in 1.20 release and the field is planned to be removed in 1.21 release.' - type: string - spec: - description: 'Specification of the desired behavior of the pod. More info: Type ''kubectl explain pod.spec''. Also, https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - x-kubernetes-preserve-unknown-fields: true - uid: - description: 'UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - status: - type: object - description: 'ContainerSourceStatus defines the observed state of ContainerSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - names: - categories: - - all - - knative - - sources - kind: ContainerSource - plural: containersources - singular: containersource - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: eventtypes.eventing.knative.dev - labels: - eventing.knative.dev/release: "v0.22.1" - knative.dev/crd-install: "true" -spec: - group: eventing.knative.dev - versions: - - name: v1alpha1 - served: false - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'EventType represents a type of event that can be consumed from a Broker.' - properties: - spec: - description: 'Spec defines the desired state of the EventType.' - type: object - properties: - broker: - type: string - description: - description: 'Description is an optional field used to describe the EventType, in any meaningful way.' - type: string - schema: - description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' - type: string - schemaData: - description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' - type: string - source: - description: 'Source is a URI, it represents the CloudEvents source.' - type: string - type: - description: 'Type represents the CloudEvents type. It is authoritative.' - type: string - status: - description: 'Status represents the current state of the EventType. This data may be out of date.' - type: object - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' - type: integer - format: int64 - additionalPrinterColumns: - - name: Type - type: string - jsonPath: ".spec.type" - - name: Source - type: string - jsonPath: ".spec.source" - - name: Schema - type: string - jsonPath: ".spec.schema" - - name: Broker - type: string - jsonPath: ".spec.broker" - - name: Description - type: string - jsonPath: ".spec.description" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - subresources: - status: {} - additionalPrinterColumns: - - name: Type - type: string - jsonPath: ".spec.type" - - name: Source - type: string - jsonPath: ".spec.source" - - name: Schema - type: string - jsonPath: ".spec.schema" - - name: Broker - type: string - jsonPath: ".spec.broker" - - name: Description - type: string - jsonPath: ".spec.description" - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1beta1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - description: 'EventType represents a type of event that can be consumed from a Broker.' - properties: - spec: - description: 'Spec defines the desired state of the EventType.' - type: object - properties: - broker: - type: string - description: - description: 'Description is an optional field used to describe the EventType, in any meaningful way.' - type: string - schema: - description: 'Schema is a URI, it represents the CloudEvents schemaurl extension attribute. It may be a JSON schema, a protobuf schema, etc. It is optional.' - type: string - schemaData: - description: 'SchemaData allows the CloudEvents schema to be stored directly in the EventType. Content is dependent on the encoding. Optional attribute. The contents are not validated or manipulated by the system.' - type: string - source: - description: 'Source is a URI, it represents the CloudEvents source.' - type: string - type: - description: 'Type represents the CloudEvents type. It is authoritative.' - type: string - status: - description: 'Status represents the current state of the EventType. This data may be out of date.' - type: object - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' - type: integer - format: int64 - names: - kind: EventType - plural: eventtypes - singular: eventtype - categories: - - all - - knative - - eventing - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: parallels.flows.knative.dev - labels: - eventing.knative.dev/release: "v0.22.1" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" -spec: - group: flows.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - properties: - spec: - description: Spec defines the desired state of the Parallel. - type: object - properties: - branches: - description: Branches is the list of Filter/Subscribers pairs. - type: array - items: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - filter: - description: Filter is the expression guarding the branch - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - reply: - description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subscriber: - description: Subscriber receiving the event when the filter passes - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. - type: object - x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of a case Subscriber gets sent to when the case does not have a Reply - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Parallel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - branchStatuses: - description: BranchStatuses is an array of corresponding to branch statuses. Matches the Spec.Branches array in the order. - type: array - items: - type: object - properties: - filterChannelStatus: - description: FilterChannelStatus corresponds to the filter channel status. - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - filterSubscriptionStatus: - description: FilterSubscriptionStatus corresponds to the filter subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - subscriberSubscriptionStatus: - description: SubscriptionStatus corresponds to the subscriber subscription status. - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - ingressChannelStatus: - description: IngressChannelStatus corresponds to the ingress channel status. - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - description: Spec defines the desired state of the Parallel. - type: object - properties: - branches: - description: Branches is the list of Filter/Subscribers pairs. - type: array - items: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - filter: - description: Filter is the expression guarding the branch - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - reply: - description: Reply is a Reference to where the result of Subscriber of this case gets sent to. If not specified, sent the result to the Parallel Reply - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - subscriber: - description: Subscriber receiving the event when the filter passes - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string spec: description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. @@ -3868,290 +2060,36 @@ spec: description: Conditions the latest available observations of a resource's current state. type: array items: - type: object - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - ingressChannelStatus: - description: IngressChannelStatus corresponds to the ingress channel status. - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - names: - kind: Parallel - plural: parallels - singular: parallel - categories: - - all - - knative - - flows - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/release: "v0.22.1" - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - knative.dev/crd-install: "true" - annotations: - registry.knative.dev/eventTypes: | - [ - { "type": "dev.knative.sources.ping" } - ] - name: pingsources.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1alpha2 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' - properties: - spec: - type: object - description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - additionalProperties: - type: string - x-kubernetes-preserve-unknown-fields: true - jsonData: - description: 'JsonData is json encoded data used as the body of the event posted to the sink. Default is empty. If set, datacontenttype will also be set to "application/json".' - type: string - schedule: - description: 'Schedule is the cronjob schedule. Defaults to `* * * * *`.' - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - status: - type: object - description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status + type: object properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string message: - description: 'A human readable message indicating details about the transition.' + description: A human readable message indicating details about the transition. type: string reason: - description: 'The reason for the condition''s last transition.' + description: The reason for the condition's last transition. type: string severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. type: string status: - description: 'Status of the condition, one of True, False, Unknown.' + description: Status of the condition, one of True, False, Unknown. type: string type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' - type: integer - format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: .status.sinkUri - - name: Schedule - type: string - jsonPath: .spec.schedule - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - subresources: - status: {} - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: .status.sinkUri - - name: Schedule - type: string - jsonPath: .spec.schedule - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - name: v1beta1 - served: true - storage: false - schema: - openAPIV3Schema: - type: object - description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' - properties: - spec: - type: object - description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' - properties: - ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' - type: object - properties: - extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' - type: object - additionalProperties: + description: Type of condition. type: string - x-kubernetes-preserve-unknown-fields: true - jsonData: - description: 'JsonData is json encoded data used as the body of the event posted to the sink. Default is empty. If set, datacontenttype will also be set to "application/json".' - type: string - schedule: - description: 'Schedule is the cronjob schedule. Defaults to `* * * * *`.' - type: string - sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' + ingressChannelStatus: + description: IngressChannelStatus corresponds to the ingress channel status. type: object properties: - ref: - description: 'Ref points to an Addressable.' + channel: + description: Channel is the reference to the underlying channel. type: object properties: apiVersion: - description: 'API version of the referent.' + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' type: string kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' @@ -4160,89 +2098,85 @@ spec: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + ready: + description: ReadyCondition indicates whether the Channel is ready or not. + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - timezone: - description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' - type: string - status: - type: object - description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' - type: array - items: - type: object - properties: - source: - description: 'Source is the CloudEvents source attribute.' - type: string - type: - description: 'Type refers to the CloudEvent type attribute.' - type: string - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string observedGeneration: - description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer format: int64 - sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' - type: string - - subresources: - status: {} additionalPrinterColumns: - - name: Sink - type: string - jsonPath: .status.sinkUri - - name: Schedule + - name: URL type: string - jsonPath: .spec.schedule + jsonPath: .status.address.url - name: Age type: date jsonPath: .metadata.creationTimestamp - name: Ready type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - name: Reason type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - name: v1beta2 + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Parallel + plural: parallels + singular: parallel + categories: + - all + - knative + - flows + scope: Namespaced +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/release: "v1.2.4" + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing + annotations: + registry.knative.dev/eventTypes: | + [ + { "type": "dev.knative.sources.ping" } + ] + name: pingsources.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1beta2 served: true - storage: true + storage: false + subresources: + status: {} schema: openAPIV3Schema: type: object @@ -4354,72 +2288,65 @@ spec: sinkUri: description: 'SinkURI is the current active sink URI that has been configured for the Source.' type: string - names: - categories: - - all - - knative - - sources - kind: PingSource - plural: pingsources - singular: pingsource - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: sequences.flows.knative.dev - labels: - eventing.knative.dev/release: "v0.22.1" - knative.dev/crd-install: "true" - duck.knative.dev/addressable: "true" -spec: - group: flows.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: .status.sinkUri + - name: Schedule + type: string + jsonPath: .spec.schedule + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + - subresources: status: {} schema: openAPIV3Schema: type: object + description: 'PingSource describes an event source with a fixed payload produced on a specified cron schedule.' properties: spec: - description: Spec defines the desired state of the Sequence. type: object + description: 'PingSourceSpec defines the desired state of the PingSource (from the client).' properties: - channelTemplate: - description: ChannelTemplate specifies which Channel CRD to use. If left unspecified, it is set to the default Channel CRD for the namespace (or cluster, in case there are no defaults for the namespace). + ceOverrides: + description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' type: object properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - spec: - description: Spec defines the Spec to use for each channel created. Passed in verbatim to the Channel CRD as Spec section. + extensions: + description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' type: object + additionalProperties: + type: string x-kubernetes-preserve-unknown-fields: true - reply: - description: Reply is a Reference to where the result of the last Subscriber gets sent to. + contentType: + description: 'ContentType is the media type of `data` or `dataBase64`. Default is empty.' + type: string + data: + description: 'Data is data used as the body of the event posted to the sink. Default is empty. Mutually exclusive with `dataBase64`.' + type: string + dataBase64: + description: "DataBase64 is the base64-encoded string of the actual event's body posted to the sink. Default is empty. Mutually exclusive with `data`." + type: string + schedule: + description: 'Schedule is the cron schedule. Defaults to `* * * * *`.' + type: string + sink: + description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' type: object properties: ref: - description: Ref points to an Addressable. + description: 'Ref points to an Addressable.' type: object properties: apiVersion: - description: API version of the referent. + description: 'API version of the referent.' type: string kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' @@ -4431,241 +2358,123 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' type: string uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' type: string - steps: - description: Steps is the list of Destinations (processors / functions) that will be called in the order provided. Each step has its own delivery options - type: array - items: - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - delivery: - description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 + timezone: + description: 'Timezone modifies the actual time relative to the specified timezone. Defaults to the system time zone. More general information about time zones: https://www.iana.org/time-zones List of valid timezone values: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones' + type: string status: - description: Status represents the current state of the Sequence. This data may be out of date. type: object + description: 'PingSourceStatus defines the observed state of PingSource (from the controller).' properties: - address: - type: object - properties: - url: - type: string annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' type: object - channelStatuses: - description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - channel: - description: Channel is the reference to the underlying channel. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - ready: - description: ReadyCondition indicates whether the Channel is ready or not. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriptionStatuses: - description: SubscriptionStatuses is an array of corresponding Subscription statuses. Matches the Spec.Steps array in the order. - type: array - items: - type: object - properties: - ready: - description: ReadyCondition indicates whether the Subscription is ready or not. - type: object - properties: - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - subscription: - description: Subscription is the reference to the underlying Subscription. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string + x-kubernetes-preserve-unknown-fields: true + ceAttributes: + description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' + type: array + items: + type: object + properties: + source: + description: 'Source is the CloudEvents source attribute.' + type: string + type: + description: 'Type refers to the CloudEvent type attribute.' + type: string + conditions: + description: 'Conditions the latest available observations of a resource''s current state.' + type: array + items: + type: object + required: + - type + - status + properties: + lastTransitionTime: + description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + type: string + message: + description: 'A human readable message indicating details about the transition.' + type: string + reason: + description: 'The reason for the condition''s last transition.' + type: string + severity: + description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + type: string + status: + description: 'Status of the condition, one of True, False, Unknown.' + type: string + type: + description: 'Type of condition.' + type: string + observedGeneration: + description: 'ObservedGeneration is the "Generation" of the Service that was last processed by the controller.' + type: integer + format: int64 + sinkUri: + description: 'SinkURI is the current active sink URI that has been configured for the Source.' + type: string additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason + - name: Sink type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - subresources: - status: {} - additionalPrinterColumns: - - name: URL + jsonPath: .status.sinkUri + - name: Schedule type: string - jsonPath: .status.address.url + jsonPath: .spec.schedule - name: Age type: date jsonPath: .metadata.creationTimestamp - name: Ready type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + jsonPath: ".status.conditions[?(@.type=='Ready')].status" - name: Reason type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" name: v1 served: true storage: true + names: + categories: + - all + - knative + - sources + kind: PingSource + plural: pingsources + singular: pingsource + scope: Namespaced + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: eventing-webhook + namespace: knative-eventing +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: sequences.flows.knative.dev + labels: + eventing.knative.dev/release: "v1.2.4" + knative.dev/crd-install: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +spec: + group: flows.knative.dev + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} schema: openAPIV3Schema: + description: 'Sequence defines a sequence of Subscribers that will be wired in series through Channels and Subscriptions.' type: object properties: spec: @@ -4715,25 +2524,6 @@ spec: items: type: object properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string delivery: description: Delivery is the delivery specification for events to the subscriber This includes things like retries, DLQ, etc. type: object @@ -4771,6 +2561,26 @@ spec: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer format: int32 + x-kubernetes-preserve-unknown-fields: true + ref: + description: Ref points to an Addressable. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + uri: + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. + type: string status: description: Status represents the current state of the Sequence. This data may be out of date. type: object @@ -4783,6 +2593,7 @@ spec: annotations: description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object + x-kubernetes-preserve-unknown-fields: true channelStatuses: description: ChannelStatuses is an array of corresponding Channel statuses. Matches the Spec.Steps array in the order. type: array @@ -4817,8 +2628,13 @@ spec: ready: description: ReadyCondition indicates whether the Channel is ready or not. type: object - x-kubernetes-preserve-unknown-fields: true + required: + - type + - status properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string message: description: A human readable message indicating details about the transition. type: string @@ -4839,7 +2655,13 @@ spec: type: array items: type: object + required: + - type + - status properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string message: description: A human readable message indicating details about the transition. type: string @@ -4868,7 +2690,13 @@ spec: ready: description: ReadyCondition indicates whether the Subscription is ready or not. type: object + required: + - type + - status properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string message: description: A human readable message indicating details about the transition. type: string @@ -4909,149 +2737,75 @@ spec: uid: description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string - names: - kind: Sequence - plural: sequences - singular: sequence - categories: - - all - - knative - - flows - scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - labels: - eventing.knative.dev/release: "v0.22.1" - eventing.knative.dev/source: "true" - duck.knative.dev/source: "true" - duck.knative.dev/binding: "true" - knative.dev/crd-install: "true" - name: sinkbindings.sources.knative.dev -spec: - group: sources.knative.dev - versions: - - name: v1alpha1 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - name: v1alpha2 - served: true - storage: false - - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: Sink - type: string - jsonPath: ".status.sinkUri" - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - name: v1beta1 - served: true - storage: false - - subresources: - status: {} additionalPrinterColumns: - - name: Sink + - name: URL type: string - jsonPath: ".status.sinkUri" + jsonPath: .status.address.url - name: Age type: date jsonPath: .metadata.creationTimestamp - name: Ready type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - name: Reason type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - name: v1 + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" + names: + kind: Sequence + plural: sequences + singular: sequence + categories: + - all + - knative + - flows + scope: Namespaced +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + labels: + eventing.knative.dev/release: "v1.2.4" + eventing.knative.dev/source: "true" + duck.knative.dev/source: "true" + duck.knative.dev/binding: "true" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing + name: sinkbindings.sources.knative.dev +spec: + group: sources.knative.dev + versions: + - name: v1 served: true storage: true + subresources: + status: {} schema: openAPIV3Schema: - type: object description: 'SinkBinding describes a Binding that is also a Source. The `sink` (from the Source duck) is resolved to a URL and then projected into the `subject` by augmenting the runtime contract of the referenced containers to have a `K_SINK` environment variable holding the endpoint to which to send cloud events.' + type: object properties: spec: type: object - description: 'SinkBindingSpec holds the desired state of the SinkBinding (from the client).' properties: ceOverrides: - description: 'CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink.' + description: CloudEventOverrides defines overrides to control the output format and modifications of the event sent to the sink. type: object properties: extensions: - description: 'Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently.' + description: Extensions specify what attribute are added or overridden on the outbound event. Each `Extensions` key-value pair are set on the event as an attribute extension independently. type: object - additionalProperties: - type: string + x-kubernetes-preserve-unknown-fields: true sink: - description: 'Sink is a reference to an object that will resolve to a uri to use as the sink.' + description: Sink is a reference to an object that will resolve to a uri to use as the sink. type: object properties: ref: - description: 'Ref points to an Addressable.' + description: Ref points to an Addressable. type: object properties: apiVersion: - description: 'API version of the referent.' + description: API version of the referent. type: string kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' @@ -5063,71 +2817,70 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' type: string uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string subject: - description: 'Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations.' + description: Subject references the resource(s) whose "runtime contract" should be augmented by Binding implementations. type: object properties: apiVersion: - description: 'API version of the referent.' + description: API version of the referent. type: string kind: - description: 'Kind of the referent.' + description: Kind of the referent. type: string name: - description: 'Name of the referent. Mutually exclusive with Selector.' + description: Name of the referent. Mutually exclusive with Selector. type: string namespace: - description: 'Namespace of the referent.' + description: Namespace of the referent. type: string selector: - description: 'Selector of the referents. Mutually exclusive with Name.' + description: Selector of the referents. Mutually exclusive with Name. type: object properties: matchExpressions: - description: 'matchExpressions is a list of label selector requirements. The requirements are ANDed.' + description: matchExpressions is a list of label selector requirements. The requirements are ANDed. type: array items: type: object properties: key: - description: 'key is the label key that the selector applies to.' + description: key is the label key that the selector applies to. type: string operator: - description: 'operator represents a key''s relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.' + description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: 'values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.' + description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. type: array items: type: string matchLabels: - description: 'matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.' + description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. type: object x-kubernetes-preserve-unknown-fields: true status: type: object - description: 'SinkBindingStatus communicates the observed state of the SinkBinding (from the controller).' properties: annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true ceAttributes: - description: 'CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents.' + description: CloudEventAttributes are the specific attributes that the Source uses as part of its CloudEvents. type: array items: type: object properties: source: - description: 'Source is the CloudEvents source attribute.' + description: Source is the CloudEvents source attribute. type: string type: - description: 'Type refers to the CloudEvent type attribute.' + description: Type refers to the CloudEvent type attribute. type: string conditions: - description: 'Conditions the latest available observations of a resource''s current state.' + description: Conditions the latest available observations of a resource's current state. type: array items: type: object @@ -5136,30 +2889,43 @@ spec: - status properties: lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). type: string message: - description: 'A human readable message indicating details about the transition.' + description: A human readable message indicating details about the transition. type: string reason: - description: 'The reason for the condition''s last transition.' + description: The reason for the condition's last transition. type: string severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. type: string status: - description: 'Status of the condition, one of True, False, Unknown.' + description: Status of the condition, one of True, False, Unknown. type: string type: - description: 'Type of condition.' + description: Type of condition. type: string observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer format: int64 sinkUri: - description: 'SinkURI is the current active sink URI that has been configured for the Source.' + description: SinkURI is the current active sink URI that has been configured for the Source. type: string + additionalPrinterColumns: + - name: Sink + type: string + jsonPath: ".status.sinkUri" + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" names: categories: - all @@ -5170,243 +2936,38 @@ spec: plural: sinkbindings singular: sinkbinding scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.messaging.knative.dev - labels: - eventing.knative.dev/release: "v0.22.1" - knative.dev/crd-install: "true" -spec: - group: messaging.knative.dev - versions: - - name: v1beta1 - served: true - storage: false - subresources: - status: {} - schema: - openAPIV3Schema: - type: object - description: 'Subscription routes events received on a Channel to a DNS name and corresponds to the subscriptions.channels.knative.dev CRD.' - properties: - spec: - type: object - description: 'Specifies the Channel for incoming events, a Subscriber target for processing those events and where to put the result of the processing. Only From (where the events are coming from) is always required. You can optionally only Process the events (results in no output events) by leaving out the Result. You can also perform an identity transformation on the incoming events by leaving out the Subscriber and only specifying Result. - - The following are all valid specifications: channel --[subscriber]--> reply Sink, no outgoing events: channel -- subscriber no-op function (identity transformation): channel --> reply' - properties: - channel: - description: 'Reference to a channel that will be used to create the subscription You can specify only the following fields of the ObjectReference: - Kind - APIVersion - Name The resource pointed by this ObjectReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - delivery: - description: 'Delivery configuration' - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: 'BackoffPolicy is the retry backoff policy (linear, exponential).' - type: string - deadLetterSink: - description: 'DeadLetterSink is the sink receiving event that could not be sent to a destination.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - retry: - description: 'Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.' - type: integer - format: int32 - reply: - description: 'Reply specifies (optionally) how to handle events returned from the Subscriber target.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - subscriber: - description: 'Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply.' - type: object - properties: - ref: - description: 'Ref points to an Addressable.' - type: object - properties: - apiVersion: - description: 'API version of the referent.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' - type: string - status: - type: object - description: Status (computed) for a subscription - properties: - annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: 'Conditions the latest available observations of a resource''s current state.' - type: array - items: - type: object - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' - type: integer - format: int64 - physicalSubscription: - description: 'PhysicalSubscription is the fully resolved values that this Subscription represents.' - type: object - properties: - deadLetterSinkUri: - description: 'ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink.' - type: string - replyUri: - description: 'ReplyURI is the fully resolved URI for the spec.reply.' - type: string - subscriberUri: - description: 'SubscriberURI is the fully resolved URI for spec.subscriber.' - type: string - additionalPrinterColumns: - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - subresources: - status: {} - additionalPrinterColumns: - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1 +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: subscriptions.messaging.knative.dev + labels: + eventing.knative.dev/release: "v1.2.4" + knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +spec: + group: messaging.knative.dev + versions: + - name: v1 served: true storage: true + subresources: + status: {} schema: openAPIV3Schema: - type: object description: 'Subscription routes events received on a Channel to a DNS name and corresponds to the subscriptions.channels.knative.dev CRD.' + type: object properties: spec: type: object - description: 'Specifies the Channel for incoming events, a Subscriber target for processing those events and where to put the result of the processing. Only From (where the events are coming from) is always required. You can optionally only Process the events (results in no output events) by leaving out the Result. You can also perform an identity transformation on the incoming events by leaving out the Subscriber and only specifying Result. - - The following are all valid specifications: channel --[subscriber]--> reply Sink, no outgoing events: channel -- subscriber no-op function (identity transformation): channel --> reply' properties: channel: - description: 'Reference to a channel that will be used to create the subscription You can specify only the following fields of the ObjectReference: - Kind - APIVersion - Name The resource pointed by this ObjectReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' + description: 'Reference to a channel that will be used to create the subscription. You can specify only the following fields of the KReference: kind, apiVersion and name. The resource pointed by this KReference must meet the contract to the ChannelableSpec duck type. If the resource does not meet this contract it will be reflected in the Subscription''s status. This field is immutable. We have no good answer on what happens to the events that are currently in the channel being consumed from and what the semantics there should be. For now, you can always delete the Subscription and recreate it to point to a different channel, giving the user more control over what semantics should be used (drain the channel first, possibly have events dropped, etc.)' type: object properties: apiVersion: - description: 'API version of the referent.' - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object.' + description: API version of the referent. type: string kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' @@ -5414,35 +2975,27 @@ spec: name: description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string + x-kubernetes-preserve-unknown-fields: true delivery: - description: 'Delivery configuration' + description: Delivery configuration type: object properties: backoffDelay: description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' type: string backoffPolicy: - description: 'BackoffPolicy is the retry backoff policy (linear, exponential).' + description: BackoffPolicy is the retry backoff policy (linear, exponential). type: string deadLetterSink: - description: 'DeadLetterSink is the sink receiving event that could not be sent to a destination.' + description: DeadLetterSink is the sink receiving event that could not be sent to a destination. type: object properties: ref: - description: 'Ref points to an Addressable.' + description: Ref points to an Addressable. type: object properties: apiVersion: - description: 'API version of the referent.' + description: API version of the referent. type: string kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' @@ -5454,22 +3007,23 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' type: string uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string retry: - description: 'Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink.' + description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer format: int32 + x-kubernetes-preserve-unknown-fields: true reply: - description: 'Reply specifies (optionally) how to handle events returned from the Subscriber target.' + description: Reply specifies (optionally) how to handle events returned from the Subscriber target. type: object properties: ref: - description: 'Ref points to an Addressable.' + description: Ref points to an Addressable. type: object properties: apiVersion: - description: 'API version of the referent.' + description: API version of the referent. type: string kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' @@ -5481,18 +3035,18 @@ spec: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' type: string uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string subscriber: - description: 'Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply.' + description: Subscriber is reference to (optional) function for processing events. Events from the Channel will be delivered here and replies are sent to a Destination as specified by the Reply. type: object properties: ref: - description: 'Ref points to an Addressable.' + description: Ref points to an Addressable. type: object properties: apiVersion: - description: 'API version of the referent.' + description: API version of the referent. type: string kind: description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' @@ -5503,58 +3057,71 @@ spec: namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' type: string + x-kubernetes-preserve-unknown-fields: true uri: - description: 'URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref.' + description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. type: string status: type: object - description: Status (computed) for a subscription properties: annotations: - description: 'Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards.' + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. type: object x-kubernetes-preserve-unknown-fields: true conditions: - description: 'Conditions the latest available observations of a resource''s current state.' + description: Conditions the latest available observations of a resource's current state. type: array items: type: object + required: + - type + - status properties: lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). type: string message: - description: 'A human readable message indicating details about the transition.' + description: A human readable message indicating details about the transition. type: string reason: - description: 'The reason for the condition''s last transition.' + description: The reason for the condition's last transition. type: string severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. type: string status: - description: 'Status of the condition, one of True, False, Unknown.' + description: Status of the condition, one of True, False, Unknown. type: string type: - description: 'Type of condition.' + description: Type of condition. type: string observedGeneration: - description: 'ObservedGeneration is the ''Generation'' of the Service that was last processed by the controller.' + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer format: int64 physicalSubscription: - description: 'PhysicalSubscription is the fully resolved values that this Subscription represents.' + description: PhysicalSubscription is the fully resolved values that this Subscription represents. type: object properties: deadLetterSinkUri: - description: 'ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink.' + description: ReplyURI is the fully resolved URI for the spec.delivery.deadLetterSink. type: string replyUri: - description: 'ReplyURI is the fully resolved URI for the spec.reply.' + description: ReplyURI is the fully resolved URI for the spec.reply. type: string subscriberUri: - description: 'SubscriberURI is the fully resolved URI for spec.subscriber.' + description: SubscriberURI is the fully resolved URI for spec.subscriber. type: string + additionalPrinterColumns: + - name: Age + type: date + jsonPath: .metadata.creationTimestamp + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" names: kind: Subscription plural: subscriptions @@ -5566,28 +3133,22 @@ spec: shortNames: - sub scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: triggers.eventing.knative.dev labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" knative.dev/crd-install: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing spec: group: eventing.knative.dev versions: - - name: v1beta1 + - name: v1 served: true - storage: false + storage: true subresources: status: {} additionalPrinterColumns: @@ -5606,148 +3167,6 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - schema: - openAPIV3Schema: - type: object - properties: - spec: - description: Spec defines the desired state of the Trigger. - type: object - properties: - broker: - description: Broker is the broker that this trigger receives events from. If not specified, will default to ''default''.' - type: string - delivery: - description: Delivery contains the delivery spec for this specific trigger. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - filter: - description: 'Filter is the filter to apply against all events from the Broker. Only events that pass this filter will be sent to the Subscriber. If not specified, will default to allowing all events. ' - type: object - properties: - attributes: - description: 'Attributes filters events by exact match on event context attributes. Each key in the map is compared with the equivalent key in the event context. An event passes the filter if all values are equal to the specified values. Nested context attributes are not supported as keys. Only string values are supported. ' - type: object - x-kubernetes-preserve-unknown-fields: true - subscriber: - description: Subscriber is the addressable that receives events from the Broker that pass the Filter. It is required. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - status: - description: Status represents the current state of the Trigger. This data may be out of date. - type: object - properties: - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - required: - - type - - status - properties: - lastTransitionTime: - description: 'LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant).' - type: string - message: - description: 'A human readable message indicating details about the transition.' - type: string - reason: - description: 'The reason for the condition''s last transition.' - type: string - severity: - description: 'Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error.' - type: string - status: - description: 'Status of the condition, one of True, False, Unknown.' - type: string - type: - description: 'Type of condition.' - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscriberUri: - description: SubscriberURI is the resolved URI of the receiver for this Trigger. - type: string - - subresources: - status: {} - additionalPrinterColumns: - - name: Broker - type: string - jsonPath: .spec.broker - - name: Subscriber_URI - type: string - jsonPath: .status.subscriberUri - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1 - served: true - storage: true schema: openAPIV3Schema: description: 'Trigger represents a request to have events delivered to a subscriber from a Broker''s event pool.' @@ -5756,6 +3175,7 @@ spec: spec: description: Spec defines the desired state of the Trigger. type: object + x-kubernetes-preserve-unknown-fields: true properties: broker: description: Broker is the broker that this trigger receives events from. @@ -5763,6 +3183,7 @@ spec: delivery: description: Delivery contains the delivery spec for this specific trigger. type: object + x-kubernetes-preserve-unknown-fields: true properties: backoffDelay: description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' @@ -5863,6 +3284,9 @@ spec: type: description: 'Type of condition.' type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter sink for this Trigger, in case there is none this will fallback to it's Broker status DeadLetterSinkURI. + type: string observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer @@ -5879,21 +3303,15 @@ spec: - knative - eventing scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: addressable-resolver labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: - matchLabels: @@ -5905,8 +3323,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: service-addressable-resolver labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - "" @@ -5922,8 +3342,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: serving-addressable-resolver labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - serving.knative.dev @@ -5942,8 +3364,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: channel-addressable-resolver labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - messaging.knative.dev @@ -5966,8 +3390,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: broker-addressable-resolver labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - eventing.knative.dev @@ -5981,31 +3407,13 @@ rules: --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: messaging-addressable-resolver - labels: - eventing.knative.dev/release: "v0.22.1" - duck.knative.dev/addressable: "true" -rules: - - apiGroups: - - messaging.knative.dev - resources: - - sequences - - sequences/status - - parallels - - parallels/status - verbs: - - get - - list - - watch ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 metadata: name: flows-addressable-resolver labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - flows.knative.dev @@ -6024,7 +3432,9 @@ kind: ClusterRole metadata: name: eventing-broker-filter labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - "" @@ -6049,7 +3459,9 @@ kind: ClusterRole metadata: name: eventing-broker-ingress labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - "" @@ -6065,7 +3477,9 @@ kind: ClusterRole metadata: name: eventing-config-reader labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - "" @@ -6081,7 +3495,9 @@ kind: ClusterRole metadata: name: channelable-manipulator labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: - matchLabels: @@ -6093,8 +3509,10 @@ kind: ClusterRole metadata: name: meta-channelable-manipulator labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" duck.knative.dev/channelable: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - messaging.knative.dev @@ -6108,14 +3526,17 @@ rules: - watch - update - patch + - delete --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-eventing-namespaced-admin labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev"] resources: ["*"] @@ -6126,8 +3547,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-messaging-namespaced-admin labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["messaging.knative.dev"] resources: ["*"] @@ -6138,8 +3561,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-flows-namespaced-admin labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["flows.knative.dev"] resources: ["*"] @@ -6150,8 +3575,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-sources-namespaced-admin labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["sources.knative.dev"] resources: ["*"] @@ -6162,8 +3589,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-bindings-namespaced-admin labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" rbac.authorization.k8s.io/aggregate-to-admin: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["bindings.knative.dev"] resources: ["*"] @@ -6175,7 +3604,9 @@ metadata: name: knative-eventing-namespaced-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] resources: ["*"] @@ -6187,7 +3618,9 @@ metadata: name: knative-eventing-namespaced-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: ["eventing.knative.dev", "messaging.knative.dev", "sources.knative.dev", "flows.knative.dev", "bindings.knative.dev"] resources: ["*"] @@ -6198,7 +3631,9 @@ kind: ClusterRole metadata: name: knative-eventing-controller labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - "" @@ -6348,7 +3783,9 @@ kind: ClusterRole metadata: name: knative-eventing-pingsource-mt-adapter labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - "" @@ -6398,7 +3835,9 @@ kind: ClusterRole metadata: name: podspecable-binding labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: - matchLabels: @@ -6410,8 +3849,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: builtin-podspecable-binding labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" duck.knative.dev/podspecable: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - "apps" @@ -6438,7 +3879,9 @@ kind: ClusterRole metadata: name: source-observer labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing aggregationRule: clusterRoleSelectors: - matchLabels: @@ -6450,8 +3893,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: eventing-sources-source-observer labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" duck.knative.dev/source: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - sources.knative.dev @@ -6470,7 +3915,9 @@ kind: ClusterRole metadata: name: knative-eventing-sources-controller labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - "" @@ -6569,7 +4016,9 @@ kind: ClusterRole metadata: name: knative-eventing-webhook labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - "" @@ -6590,6 +4039,12 @@ rules: - "list" - "watch" - "patch" + - apiGroups: + - "" + resources: + - "namespaces/finalizers" + verbs: + - "update" - apiGroups: - "apps" resources: @@ -6651,7 +4106,9 @@ metadata: namespace: knative-eventing name: knative-eventing-webhook labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - "" @@ -6670,7 +4127,9 @@ kind: ValidatingWebhookConfiguration metadata: name: config.webhook.eventing.knative.dev labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -6691,7 +4150,9 @@ kind: MutatingWebhookConfiguration metadata: name: webhook.eventing.knative.dev labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -6708,7 +4169,9 @@ kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.eventing.knative.dev labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -6726,14 +4189,18 @@ metadata: name: eventing-webhook-certs namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: sinkbindings.webhook.sources.knative.dev labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: diff --git a/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml b/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml index 08df3fb3ee..ee1bfbdeeb 100644 --- a/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml +++ b/common/knative/knative-eventing/base/upstream/in-memory-channel.yaml @@ -1,160 +1,11 @@ apiVersion: v1 -kind: ConfigMap -metadata: - name: config-imc-event-dispatcher - namespace: knative-eventing - labels: - eventing.knative.dev/release: "v0.22.1" -data: - MaxIdleConnections: "1000" - MaxIdleConnectionsPerHost: "100" ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-addressable-resolver - labels: - eventing.knative.dev/release: "v0.22.1" - duck.knative.dev/addressable: "true" -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-channelable-manipulator - labels: - eventing.knative.dev/release: "v0.22.1" - duck.knative.dev/channelable: "true" -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - create - - get - - list - - watch - - update - - patch ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole +kind: Namespace metadata: - name: imc-controller + name: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch - - update - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - verbs: - - update - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - - inmemorychannels/status - - inmemorychannels - verbs: - - patch - - apiGroups: - - "" - resources: - - services - - serviceaccounts - verbs: - - get - - list - - watch - - create - - update - - patch - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - "rbac.authorization.k8s.io" - resources: - - rolebindings - verbs: - - get - - list - - watch - - create - - update - - patch - - apiGroups: - - apps - resources: - - deployments - verbs: - - get - - list - - watch - - create - - update - - patch - - apiGroups: - - apps - resources: - - deployments/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing --- apiVersion: v1 kind: ServiceAccount @@ -162,107 +13,80 @@ metadata: name: imc-controller namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: imc-dispatcher - labels: - eventing.knative.dev/release: "v0.22.1" -rules: - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels - - inmemorychannels/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - - apiGroups: - - messaging.knative.dev - resources: - - inmemorychannels/finalizers - - inmemorychannels/status - - inmemorychannels - verbs: - - patch - - apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - get - - list - - watch - - create - - update - - patch ---- -apiVersion: v1 -kind: Service +kind: ClusterRoleBinding metadata: - name: imc-dispatcher - namespace: knative-eventing + name: imc-controller labels: - eventing.knative.dev/release: "v0.22.1" - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher -spec: - selector: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - ports: - - name: http-dispatcher - port: 80 - protocol: TCP - targetPort: 8080 + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: imc-controller + namespace: knative-eventing +roleRef: + kind: ClusterRole + name: imc-controller + apiGroup: rbac.authorization.k8s.io --- -apiVersion: v1 -kind: ServiceAccount +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding metadata: - name: imc-dispatcher namespace: knative-eventing + name: imc-controller labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +subjects: + - kind: ServiceAccount + name: imc-controller + namespace: knative-eventing +roleRef: + kind: Role + name: knative-inmemorychannel-webhook + apiGroup: rbac.authorization.k8s.io --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: imc-controller + name: imc-controller-resolver labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: imc-controller namespace: knative-eventing roleRef: kind: ClusterRole - name: imc-controller + name: addressable-resolver apiGroup: rbac.authorization.k8s.io --- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: imc-dispatcher + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: imc-dispatcher labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: imc-dispatcher @@ -272,25 +96,385 @@ roleRef: name: imc-dispatcher apiGroup: rbac.authorization.k8s.io --- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition +apiVersion: v1 +kind: ConfigMap metadata: - name: inmemorychannels.messaging.knative.dev + name: config-imc-event-dispatcher + namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" - knative.dev/crd-install: "true" - messaging.knative.dev/subscribable: "true" - duck.knative.dev/addressable: "true" -spec: - group: messaging.knative.dev + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/component: imc-controller + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +data: + MaxIdleConnections: "1000" + MaxIdleConnectionsPerHost: "100" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-observability + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.2.4" + knative.dev/config-propagation: original + knative.dev/config-category: eventing + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing + annotations: + knative.dev/example-checksum: "f46cf09d" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + + # metrics.backend-destination field specifies the system metrics destination. + # It supports either prometheus (the default) or stackdriver. + # Note: Using stackdriver will incur additional charges + metrics.backend-destination: prometheus + + # metrics.request-metrics-backend-destination specifies the request metrics + # destination. If non-empty, it enables queue proxy to send request metrics. + # Currently supported values: prometheus, stackdriver. + metrics.request-metrics-backend-destination: prometheus + + # metrics.stackdriver-project-id field specifies the stackdriver project ID. This + # field is optional. When running on GCE, application default credentials will be + # used if this field is not provided. + metrics.stackdriver-project-id: "" + + # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to + # Stackdriver using "global" resource type and custom metric type if the + # metrics are not supported by "knative_broker", "knative_trigger", and "knative_source" resource types. + # Setting this flag to "true" could cause extra Stackdriver charge. + # If metrics.backend-destination is not Stackdriver, this is ignored. + metrics.allow-stackdriver-custom-metrics: "false" + + # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from + # the pods via an HTTP server in the format expected by the pprof visualization tool. When + # enabled, the Knative Eventing pods expose the profiling data on an alternate HTTP port 8008. + # The HTTP context root for profiling is then /debug/pprof/. + profiling.enable: "false" + + # sink-event-error-reporting.enable whether the adapter reports a kube event to the CRD indicating + # a failure to send a cloud event to the sink. + sink-event-error-reporting.enable: "false" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: config-tracing + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.2.4" + knative.dev/config-propagation: original + knative.dev/config-category: eventing + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing + annotations: + knative.dev/example-checksum: "c8f8c47b" +data: + _example: | + ################################ + # # + # EXAMPLE CONFIGURATION # + # # + ################################ + # This block is not actually functional configuration, + # but serves to illustrate the available configuration + # options and document them in a way that is accessible + # to users that `kubectl edit` this config map. + # + # These sample configuration options may be copied out of + # this example block and unindented to be in the data block + # to actually change the configuration. + # + # This may be "zipkin" or "none", the default is "none" + backend: "none" + + # URL to zipkin collector where traces are sent. + # This must be specified when backend is "zipkin" + zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" + + # Enable zipkin debug mode. This allows all spans to be sent to the server + # bypassing sampling. + debug: "false" + + # Percentage (0-1) of requests to trace + sample-rate: "0.1" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: imc-controller + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.2.4" + knative.dev/high-availability: "true" + app.kubernetes.io/component: imc-controller + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +spec: + selector: + matchLabels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: controller + template: + metadata: + labels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: controller + app.kubernetes.io/component: imc-controller + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: controller + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: imc-controller + enableServiceLinks: false + containers: + - name: controller + image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_controller@sha256:a602de59eab2140a9a7639e221b777aa1bd5b9b4203e09dacdc32850f4414e4f + env: + - name: WEBHOOK_NAME + value: inmemorychannel-webhook + - name: WEBHOOK_PORT + value: "8443" + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/inmemorychannel-controller + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: DISPATCHER_IMAGE + value: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:cd4502677aedc0779be980c5e7186cdc8e7557a036048480f8a3431ec1b3b873 + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + readinessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + livenessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + initialDelaySeconds: 20 + terminationGracePeriodSeconds: 300 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app.kubernetes.io/component: imc-controller + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing + eventing.knative.dev/release: "v1.2.4" + name: inmemorychannel-webhook + namespace: knative-eventing +spec: + ports: + - name: https-webhook + port: 443 + targetPort: 8443 + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + selector: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: controller +--- +apiVersion: v1 +kind: Service +metadata: + name: imc-dispatcher + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.2.4" + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher + app.kubernetes.io/component: imc-dispatcher + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +spec: + selector: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher + ports: + - name: http-dispatcher + port: 80 + protocol: TCP + targetPort: 8080 + - name: http-metrics + port: 9090 + targetPort: 9090 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: imc-dispatcher + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.2.4" + knative.dev/high-availability: "true" + app.kubernetes.io/component: imc-dispatcher + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +spec: + selector: + matchLabels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher + template: + metadata: + labels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher + app.kubernetes.io/component: imc-dispatcher + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + messaging.knative.dev/channel: in-memory-channel + messaging.knative.dev/role: dispatcher + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: imc-dispatcher + enableServiceLinks: false + containers: + - name: dispatcher + image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:cd4502677aedc0779be980c5e7186cdc8e7557a036048480f8a3431ec1b3b873 + readinessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8080 + scheme: HTTP + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + initialDelaySeconds: 5 + env: + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/inmemorychannel-dispatcher + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: CONTAINER_NAME + value: dispatcher + - name: MAX_IDLE_CONNS + value: "1000" + - name: MAX_IDLE_CONNS_PER_HOST + value: "1000" + ports: + - containerPort: 8080 + name: http + protocol: TCP + - containerPort: 9090 + name: metrics + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: inmemorychannels.messaging.knative.dev + labels: + eventing.knative.dev/release: "v1.2.4" + knative.dev/crd-install: "true" + messaging.knative.dev/subscribable: "true" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +spec: + group: messaging.knative.dev versions: - - name: v1beta1 + - name: v1 served: true - storage: false + storage: true subresources: status: {} schema: openAPIV3Schema: + description: 'InMemoryChannel is a resource representing an in memory channel' type: object properties: spec: @@ -334,6 +518,7 @@ spec: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer format: int32 + x-kubernetes-preserve-unknown-fields: true subscribers: description: This is the list of subscriptions for this subscribable. type: array @@ -377,6 +562,7 @@ spec: description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. type: integer format: int32 + x-kubernetes-preserve-unknown-fields: true generation: description: Generation of the origin of the subscriber with uid:UID. type: integer @@ -408,6 +594,9 @@ spec: type: array items: type: object + required: + - type + - status properties: lastTransitionTime: description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). @@ -443,6 +632,9 @@ spec: namespace: description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' type: string + deadLetterSinkUri: + description: DeadLetterSinkURI is the resolved URI of the dead letter ref if one is specified in the Spec.Delivery. + type: string observedGeneration: description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. type: integer @@ -479,201 +671,6 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - - subresources: - status: {} - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.address.url - - name: Age - type: date - jsonPath: .metadata.creationTimestamp - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type==\"Ready\")].reason" - name: v1 - served: true - storage: true - schema: - openAPIV3Schema: - type: object - properties: - spec: - description: Spec defines the desired state of the Channel. - type: object - properties: - delivery: - description: DeliverySpec contains the default delivery spec for each subscription to this Channelable. Each subscription delivery spec, if any, overrides this global delivery spec. - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - subscribers: - description: This is the list of subscriptions for this subscribable. - type: array - items: - type: object - properties: - delivery: - description: DeliverySpec contains options controlling the event delivery - type: object - properties: - backoffDelay: - description: 'BackoffDelay is the delay before retrying. More information on Duration format: - https://www.iso.org/iso-8601-date-and-time-format.html - https://en.wikipedia.org/wiki/ISO_8601 For linear policy, backoff delay is backoffDelay*. For exponential policy, backoff delay is backoffDelay*2^.' - type: string - backoffPolicy: - description: BackoffPolicy is the retry backoff policy (linear, exponential). - type: string - deadLetterSink: - description: DeadLetterSink is the sink receiving event that could not be sent to a destination. - type: object - properties: - ref: - description: Ref points to an Addressable. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - uri: - description: URI can be an absolute URL(non-empty scheme and non-empty host) pointing to the target or a relative URI. Relative URIs will be resolved using the base URI retrieved from Ref. - type: string - retry: - description: Retry is the minimum number of retries the sender should attempt when sending an event before moving it to the dead letter sink. - type: integer - format: int32 - generation: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - replyUri: - description: ReplyURI is the endpoint for the reply - type: string - subscriberUri: - description: SubscriberURI is the endpoint for the subscriber - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string - status: - description: Status represents the current state of the Channel. This data may be out of date. - type: object - properties: - address: - type: object - properties: - url: - type: string - annotations: - description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. - type: object - x-kubernetes-preserve-unknown-fields: true - conditions: - description: Conditions the latest available observations of a resource's current state. - type: array - items: - type: object - properties: - lastTransitionTime: - description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). - type: string - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - severity: - description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - deadLetterChannel: - description: DeadLetterChannel is a KReference and is set by the channel when it supports native error handling via a channel Failed messages are delivered here. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' - type: string - observedGeneration: - description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. - type: integer - format: int64 - subscribers: - description: This is the list of subscription's statuses for this channel. - type: array - items: - type: object - properties: - message: - description: A human readable message indicating details of Ready status. - type: string - observedGeneration: - description: Generation of the origin of the subscriber with uid:UID. - type: integer - format: int64 - ready: - description: Status of the subscriber. - type: string - uid: - description: UID is used to understand the origin of the subscriber. - type: string names: kind: InMemoryChannel plural: inmemorychannels @@ -686,143 +683,312 @@ spec: shortNames: - imc scope: Namespaced - conversion: - strategy: Webhook - webhook: - conversionReviewVersions: ["v1", "v1beta1"] - clientConfig: - service: - name: eventing-webhook - namespace: knative-eventing --- -apiVersion: apps/v1 -kind: Deployment +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: imc-addressable-resolver + labels: + eventing.knative.dev/release: "v1.2.4" + duck.knative.dev/addressable: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels + - inmemorychannels/status + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: imc-channelable-manipulator + labels: + eventing.knative.dev/release: "v1.2.4" + duck.knative.dev/channelable: "true" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels + - inmemorychannels/status + verbs: + - create + - get + - list + - watch + - update + - patch + - delete +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: name: imc-controller - namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" - knative.dev/high-availability: "true" -spec: - selector: - matchLabels: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: controller - template: - metadata: - labels: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: controller - spec: - serviceAccountName: imc-controller - enableServiceLinks: false - containers: - - name: controller - image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_controller@sha256:904f42a768a9bc64999e7302d2bc7c1c48a08e74a82355cf57be513e6a124b82 - env: - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/inmemorychannel-controller - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: DISPATCHER_IMAGE - value: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:a6983f71c04619928199cc21e07ee6f1e1c87586621bc03b10c9ba1abd92bfa8 - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - securityContext: - allowPrivilegeEscalation: false - ports: - - name: metrics - containerPort: 9090 - - name: profiling - containerPort: 8008 + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels + - inmemorychannels/status + verbs: + - get + - list + - watch + - update + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels/finalizers + verbs: + - update + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels/finalizers + - inmemorychannels/status + - inmemorychannels + verbs: + - patch + - apiGroups: + - "" + resources: + - services + - serviceaccounts + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - list + - watch + - apiGroups: + - "rbac.authorization.k8s.io" + resources: + - rolebindings + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - apps + resources: + - deployments + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - apps + resources: + - deployments/status + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - apiGroups: + - "admissionregistration.k8s.io" + resources: + - "mutatingwebhookconfigurations" + - "validatingwebhookconfigurations" + verbs: + - "get" + - "list" + - "create" + - "update" + - "delete" + - "patch" + - "watch" + - apiGroups: + - "" + resources: + - "namespaces" + verbs: + - "get" + - "create" + - "update" + - "list" + - "watch" + - "patch" + - apiGroups: + - "" + resources: + - "namespaces/finalizers" + verbs: + - "update" --- -apiVersion: apps/v1 -kind: Deployment +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole metadata: name: imc-dispatcher + labels: + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels + - inmemorychannels/status + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - events + verbs: + - create + - patch + - apiGroups: + - messaging.knative.dev + resources: + - inmemorychannels/finalizers + - inmemorychannels/status + - inmemorychannels + verbs: + - patch + - apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: namespace: knative-eventing + name: knative-inmemorychannel-webhook labels: - eventing.knative.dev/release: "v0.22.1" - knative.dev/high-availability: "true" -spec: - selector: - matchLabels: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - template: - metadata: - labels: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - spec: - affinity: - podAntiAffinity: - preferredDuringSchedulingIgnoredDuringExecution: - - podAffinityTerm: - labelSelector: - matchLabels: - messaging.knative.dev/channel: in-memory-channel - messaging.knative.dev/role: dispatcher - topologyKey: kubernetes.io/hostname - weight: 100 - serviceAccountName: imc-dispatcher - enableServiceLinks: false - containers: - - name: dispatcher - image: gcr.io/knative-releases/knative.dev/eventing/cmd/in_memory/channel_dispatcher@sha256:a6983f71c04619928199cc21e07ee6f1e1c87586621bc03b10c9ba1abd92bfa8 - readinessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - livenessProbe: - failureThreshold: 3 - httpGet: - path: /healthz - port: 8080 - scheme: HTTP - periodSeconds: 2 - successThreshold: 1 - timeoutSeconds: 1 - initialDelaySeconds: 5 - env: - - name: CONFIG_LOGGING_NAME - value: config-logging - - name: CONFIG_OBSERVABILITY_NAME - value: config-observability - - name: METRICS_DOMAIN - value: knative.dev/inmemorychannel-dispatcher - - name: SYSTEM_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: CONTAINER_NAME - value: dispatcher - - name: MAX_IDLE_CONNS - value: "1000" - - name: MAX_IDLE_CONNS_PER_HOST - value: "1000" - ports: - - containerPort: 8080 - name: http - protocol: TCP - - containerPort: 9090 - name: metrics + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +rules: + - apiGroups: + - "" + resources: + - "secrets" + verbs: + - "get" + - "create" + - "update" + - "list" + - "watch" + - "patch" +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: inmemorychannel.eventing.knative.dev + labels: + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: inmemorychannel-webhook + namespace: knative-eventing + sideEffects: None + failurePolicy: Fail + name: inmemorychannel.eventing.knative.dev + timeoutSeconds: 10 +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.inmemorychannel.eventing.knative.dev + labels: + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing +webhooks: + - admissionReviewVersions: ["v1"] + clientConfig: + service: + name: inmemorychannel-webhook + namespace: knative-eventing + sideEffects: None + failurePolicy: Fail + name: validation.inmemorychannel.eventing.knative.dev + timeoutSeconds: 10 +--- +apiVersion: v1 +kind: Secret +metadata: + name: inmemorychannel-webhook-certs + namespace: knative-eventing + labels: + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing --- diff --git a/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml b/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml index 86d80f2a85..df13879476 100644 --- a/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml +++ b/common/knative/knative-eventing/base/upstream/mt-channel-broker.yaml @@ -3,7 +3,9 @@ kind: ClusterRole metadata: name: knative-eventing-mt-channel-broker-controller labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - "" @@ -29,7 +31,9 @@ kind: ClusterRole metadata: name: knative-eventing-mt-broker-filter labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - eventing.knative.dev @@ -55,14 +59,18 @@ metadata: name: mt-broker-filter namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: knative-eventing-mt-broker-ingress labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing rules: - apiGroups: - eventing.knative.dev @@ -87,14 +95,18 @@ metadata: name: mt-broker-ingress namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: eventing-mt-channel-broker-controller labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: eventing-controller @@ -109,7 +121,9 @@ kind: ClusterRoleBinding metadata: name: knative-eventing-mt-broker-filter labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: mt-broker-filter @@ -124,7 +138,9 @@ kind: ClusterRoleBinding metadata: name: knative-eventing-mt-broker-ingress labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing subjects: - kind: ServiceAccount name: mt-broker-ingress @@ -140,7 +156,10 @@ metadata: name: mt-broker-filter namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/component: broker-filter + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing spec: selector: matchLabels: @@ -149,14 +168,17 @@ spec: metadata: labels: eventing.knative.dev/brokerRole: filter - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/component: broker-filter + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing spec: serviceAccountName: mt-broker-filter enableServiceLinks: false containers: - name: filter terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/filter@sha256:0e25aa1613a3a1779b3f7b7f863e651e5f37520a7f6808ccad2164cc2b6a9b12 + image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/filter@sha256:f4bda104202557a75fce024329fc1f0e2d4ac43f4362007ed4201290f79c1d82 readinessProbe: failureThreshold: 3 httpGet: @@ -215,13 +237,21 @@ spec: value: "8080" securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all --- apiVersion: v1 kind: Service metadata: labels: eventing.knative.dev/brokerRole: filter - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/component: broker-filter + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing name: broker-filter namespace: knative-eventing spec: @@ -243,7 +273,10 @@ metadata: name: mt-broker-ingress namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/component: broker-ingress + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing spec: selector: matchLabels: @@ -252,14 +285,17 @@ spec: metadata: labels: eventing.knative.dev/brokerRole: ingress - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/component: broker-ingress + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing spec: serviceAccountName: mt-broker-ingress enableServiceLinks: false containers: - name: ingress terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/ingress@sha256:cf579f88aa2a37c240e25bb886c1ef5404e326e12c7caf571e49308612243eee + image: gcr.io/knative-releases/knative.dev/eventing/cmd/broker/ingress@sha256:1bbbdea02b6fc01f316addefe56fa33f583cd332d7213cbc2e4937234bfc3d1b readinessProbe: failureThreshold: 3 httpGet: @@ -318,13 +354,21 @@ spec: value: "8080" securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all --- apiVersion: v1 kind: Service metadata: labels: eventing.knative.dev/brokerRole: ingress - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/component: broker-ingress + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing name: broker-ingress namespace: knative-eventing spec: @@ -346,7 +390,10 @@ metadata: name: mt-broker-controller namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/component: mt-broker-controller + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing spec: selector: matchLabels: @@ -355,7 +402,10 @@ spec: metadata: labels: app: mt-broker-controller - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/component: broker-controller + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing spec: affinity: podAntiAffinity: @@ -371,7 +421,7 @@ spec: containers: - name: mt-broker-controller terminationMessagePolicy: FallbackToLogsOnError - image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtchannel_broker@sha256:a2678934d280ea19b0804cc7757d559a0312e2acea221b17a99bd830cd9eeaac + image: gcr.io/knative-releases/knative.dev/eventing/cmd/mtchannel_broker@sha256:90e2b9413519d0634508ff848180fb50a341da09e53ac0408848f0663c7c8c3b resources: requests: cpu: 100m @@ -395,6 +445,11 @@ spec: fieldPath: metadata.name securityContext: allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all ports: - name: metrics containerPort: 9090 @@ -407,7 +462,10 @@ metadata: name: broker-ingress-hpa namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/component: broker-ingress + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing spec: scaleTargetRef: apiVersion: apps/v1 @@ -429,7 +487,10 @@ metadata: name: broker-filter-hpa namespace: knative-eventing labels: - eventing.knative.dev/release: "v0.22.1" + eventing.knative.dev/release: "v1.2.4" + app.kubernetes.io/component: broker-filter + app.kubernetes.io/version: "1.2.4" + app.kubernetes.io/name: knative-eventing spec: scaleTargetRef: apiVersion: apps/v1 diff --git a/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml b/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml index f1732a157f..c2bbc7396f 100644 --- a/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml +++ b/common/knative/knative-serving-post-install-jobs/base/serving-post-install-jobs.yaml @@ -4,8 +4,11 @@ metadata: generateName: storage-version-migration-serving- namespace: knative-serving labels: - app: "storage-version-migration-serving" - serving.knative.dev/release: "v0.22.1" + app: storage-version-migration-serving + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: storage-version-migration-job + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" name: storage-version-migration-serving spec: ttlSecondsAfterFinished: 600 @@ -15,15 +18,29 @@ spec: annotations: sidecar.istio.io/inject: "false" labels: - app: "storage-version-migration-serving" + app: storage-version-migration-serving + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: storage-version-migration-job + app.kubernetes.io/version: "1.2.5" spec: serviceAccountName: controller restartPolicy: OnFailure containers: - name: migrate - image: gcr.io/knative-releases/knative.dev/serving/vendor/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:dce9002c02d7abda2f7d4b656c28029ec172d085bb116f22936cb1e096c3d1c7 + image: gcr.io/knative-releases/knative.dev/pkg/apiextensions/storageversion/cmd/migrate@sha256:bf8ef91c3caccfcde8aa59d15f9fe9a06053134a0172cc7c18c4787fdcfbc77e args: - "services.serving.knative.dev" - "configurations.serving.knative.dev" - "revisions.serving.knative.dev" - "routes.serving.knative.dev" + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 1000m + memory: 1000Mi + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true diff --git a/common/knative/knative-serving/base/istio-authorization-policy.yaml b/common/knative/knative-serving/base/istio-authorization-policy.yaml index 0e993f63b4..a22b5471c5 100644 --- a/common/knative/knative-serving/base/istio-authorization-policy.yaml +++ b/common/knative/knative-serving/base/istio-authorization-policy.yaml @@ -60,7 +60,7 @@ spec: action: ALLOW selector: matchLabels: - app: istio-webhook + app: net-istio-webhook rules: - {} --- diff --git a/common/knative/knative-serving/base/upstream/net-istio.yaml b/common/knative/knative-serving/base/upstream/net-istio.yaml index 7672c4fbba..23c5bb20a3 100644 --- a/common/knative/knative-serving/base/upstream/net-istio.yaml +++ b/common/knative/knative-serving/base/upstream/net-istio.yaml @@ -3,7 +3,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-istio labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" serving.knative.dev/controller: "true" networking.knative.dev/ingress-provider: istio rules: @@ -17,7 +20,10 @@ metadata: name: knative-local-gateway namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" networking.knative.dev/ingress-provider: istio spec: selector: @@ -36,8 +42,12 @@ metadata: name: knative-local-gateway namespace: istio-system labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" networking.knative.dev/ingress-provider: istio + experimental.istio.io/disable-gateway-port-translation: "true" spec: type: ClusterIP selector: @@ -47,113 +57,16 @@ spec: port: 80 targetPort: 8081 --- -apiVersion: "security.istio.io/v1beta1" -kind: "PeerAuthentication" -metadata: - name: "webhook" - namespace: "knative-serving" - labels: - serving.knative.dev/release: "v0.22.1" - networking.knative.dev/ingress-provider: istio -spec: - selector: - matchLabels: - app: webhook - portLevelMtls: - "8443": - mode: PERMISSIVE ---- -apiVersion: "security.istio.io/v1beta1" -kind: "PeerAuthentication" -metadata: - name: "domainmapping-webhook" - namespace: "knative-serving" - labels: - serving.knative.dev/release: "v0.22.1" - networking.knative.dev/ingress-provider: istio -spec: - selector: - matchLabels: - app: domainmapping-webhook - portLevelMtls: - "8443": - mode: PERMISSIVE ---- -apiVersion: "security.istio.io/v1beta1" -kind: "PeerAuthentication" -metadata: - name: "istio-webhook" - namespace: "knative-serving" - labels: - serving.knative.dev/release: "v0.22.1" - networking.knative.dev/ingress-provider: istio -spec: - selector: - matchLabels: - app: istio-webhook - portLevelMtls: - "8443": - mode: PERMISSIVE ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: MutatingWebhookConfiguration -metadata: - name: webhook.istio.networking.internal.knative.dev - labels: - serving.knative.dev/release: "v0.22.1" - networking.knative.dev/ingress-provider: istio -webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: istio-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - objectSelector: - matchExpressions: - - {key: "serving.knative.dev/configuration", operator: Exists} - name: webhook.istio.networking.internal.knative.dev ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - name: config.webhook.istio.networking.internal.knative.dev - labels: - serving.knative.dev/release: "v0.22.1" - networking.knative.dev/ingress-provider: istio -webhooks: - - admissionReviewVersions: - - v1beta1 - clientConfig: - service: - name: istio-webhook - namespace: knative-serving - failurePolicy: Fail - sideEffects: None - name: config.webhook.istio.networking.internal.knative.dev - namespaceSelector: - matchExpressions: - - key: serving.knative.dev/release - operator: Exists ---- -apiVersion: v1 -kind: Secret -metadata: - name: istio-webhook-certs - namespace: knative-serving - labels: - serving.knative.dev/release: "v0.22.1" - networking.knative.dev/ingress-provider: istio ---- apiVersion: v1 kind: ConfigMap metadata: name: config-istio namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" networking.knative.dev/ingress-provider: istio data: _example: | @@ -172,12 +85,10 @@ data: # this example block and unindented to be in the data block # to actually change the configuration. - # Default Knative Gateway after v0.3. It points to the Istio - # standard istio-ingressgateway, instead of a custom one that we - # used pre-0.3. The configuration format should be `gateway. - # {{gateway_namespace}}.{{gateway_name}}: "{{ingress_name}}. - # {{ingress_namespace}}.svc.cluster.local"`. The {{gateway_namespace}} - # is optional; when it is omitted, the system will search for + # A gateway and Istio service to serve external traffic. + # The configuration format should be + # `gateway.{{gateway_namespace}}.{{gateway_name}}: "{{ingress_name}}.{{ingress_namespace}}.svc.cluster.local"`. + # The {{gateway_namespace}} is optional; when it is omitted, the system will search for # the gateway in the serving system namespace `knative-serving` gateway.knative-serving.knative-ingress-gateway: "istio-ingressgateway.istio-system.svc.cluster.local" @@ -197,39 +108,106 @@ data: # `knative-serving` local-gateway.knative-serving.knative-local-gateway: "knative-local-gateway.istio-system.svc.cluster.local" + # DEPRECATED: local-gateway.mesh is deprecated. + # See: https://github.com/knative/serving/issues/11523 + # # To use only Istio service mesh and no knative-local-gateway, replace # all local-gateway.* entries by the following entry. local-gateway.mesh: "mesh" # If true, knative will use the Istio VirtualService's status to determine # endpoint readiness. Otherwise, probe as usual. + # NOTE: This feature is currently experimental and should not be used in production. enable-virtualservice-status: "false" --- +apiVersion: "security.istio.io/v1beta1" +kind: "PeerAuthentication" +metadata: + name: "webhook" + namespace: "knative-serving" + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" + networking.knative.dev/ingress-provider: istio +spec: + selector: + matchLabels: + app: webhook + portLevelMtls: + "8443": + mode: PERMISSIVE +--- +apiVersion: "security.istio.io/v1beta1" +kind: "PeerAuthentication" +metadata: + name: "domainmapping-webhook" + namespace: "knative-serving" + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" + networking.knative.dev/ingress-provider: istio +spec: + selector: + matchLabels: + app: domainmapping-webhook + portLevelMtls: + "8443": + mode: PERMISSIVE +--- +apiVersion: "security.istio.io/v1beta1" +kind: "PeerAuthentication" +metadata: + name: "net-istio-webhook" + namespace: "knative-serving" + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" + networking.knative.dev/ingress-provider: istio +spec: + selector: + matchLabels: + app: net-istio-webhook + portLevelMtls: + "8443": + mode: PERMISSIVE +--- apiVersion: apps/v1 kind: Deployment metadata: - name: networking-istio + name: net-istio-controller namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" networking.knative.dev/ingress-provider: istio spec: selector: matchLabels: - app: networking-istio + app: net-istio-controller template: metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "true" sidecar.istio.io/inject: "false" labels: - app: networking-istio - serving.knative.dev/release: "v0.22.1" + app: net-istio-controller + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" spec: serviceAccountName: controller containers: - - name: networking-istio - image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:ff8680da52ef47b8573ebc3393cbfa2f0f14b05c1e02232807f22699adbef57a + - name: controller + image: gcr.io/knative-releases/knative.dev/net-istio/cmd/controller@sha256:f253b82941c2220181cee80d7488fe1cefce9d49ab30bdb54bcb8c76515f7a26 resources: requests: cpu: 30m @@ -264,29 +242,35 @@ spec: apiVersion: apps/v1 kind: Deployment metadata: - name: istio-webhook + name: net-istio-webhook namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" networking.knative.dev/ingress-provider: istio spec: selector: matchLabels: - app: istio-webhook - role: istio-webhook + app: net-istio-webhook + role: net-istio-webhook template: metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "false" labels: - app: istio-webhook - role: istio-webhook - serving.knative.dev/release: "v0.22.1" + app: net-istio-webhook + role: net-istio-webhook + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" spec: serviceAccountName: controller containers: - name: webhook - image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:1e371db6b1a9f9265fc7a55d15d98c935c0c28925ffde351fb3b93f331c5a08e + image: gcr.io/knative-releases/knative.dev/net-istio/cmd/webhook@sha256:a705c1ea8e9e556f860314fe055082fbe3cde6a924c29291955f98d979f8185e resources: requests: cpu: 20m @@ -306,7 +290,7 @@ spec: - name: METRICS_DOMAIN value: knative.dev/net-istio - name: WEBHOOK_NAME - value: istio-webhook + value: net-istio-webhook securityContext: allowPrivilegeEscalation: false ports: @@ -318,13 +302,28 @@ spec: containerPort: 8443 --- apiVersion: v1 +kind: Secret +metadata: + name: net-istio-webhook-certs + namespace: knative-serving + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" + networking.knative.dev/ingress-provider: istio +--- +apiVersion: v1 kind: Service metadata: - name: istio-webhook + name: net-istio-webhook namespace: knative-serving labels: - role: istio-webhook - serving.knative.dev/release: "v0.22.1" + role: net-istio-webhook + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" networking.knative.dev/ingress-provider: istio spec: ports: @@ -338,4 +337,56 @@ spec: port: 443 targetPort: 8443 selector: - app: istio-webhook + app: net-istio-webhook +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.istio.networking.internal.knative.dev + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" + networking.knative.dev/ingress-provider: istio +webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: net-istio-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + objectSelector: + matchExpressions: + - {key: "serving.knative.dev/configuration", operator: Exists} + name: webhook.istio.networking.internal.knative.dev +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: config.webhook.istio.networking.internal.knative.dev + labels: + app.kubernetes.io/component: net-istio + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.0" + serving.knative.dev/release: "v1.2.0" + networking.knative.dev/ingress-provider: istio +webhooks: + - admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: net-istio-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: config.webhook.istio.networking.internal.knative.dev + namespaceSelector: + matchExpressions: + - key: serving.knative.dev/release + operator: Exists +--- \ No newline at end of file diff --git a/common/knative/knative-serving/base/upstream/serving-core.yaml b/common/knative/knative-serving/base/upstream/serving-core.yaml index b2cab4681d..f4b997cbbc 100644 --- a/common/knative/knative-serving/base/upstream/serving-core.yaml +++ b/common/knative/knative-serving/base/upstream/serving-core.yaml @@ -3,14 +3,31 @@ kind: Namespace metadata: name: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: knative-serving-aggregated-addressable-resolver + labels: + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving +aggregationRule: + clusterRoleSelectors: + - matchLabels: + duck.knative.dev/addressable: "true" --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-addressable-resolver labels: - serving.knative.dev/release: "v0.22.1" + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving duck.knative.dev/addressable: "true" rules: - apiGroups: @@ -31,7 +48,9 @@ metadata: name: knative-serving-namespaced-admin labels: rbac.authorization.k8s.io/aggregate-to-admin: "true" - serving.knative.dev/release: "v0.22.1" + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving rules: - apiGroups: ["serving.knative.dev"] resources: ["*"] @@ -46,7 +65,9 @@ metadata: name: knative-serving-namespaced-edit labels: rbac.authorization.k8s.io/aggregate-to-edit: "true" - serving.knative.dev/release: "v0.22.1" + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving rules: - apiGroups: ["serving.knative.dev"] resources: ["*"] @@ -61,7 +82,9 @@ metadata: name: knative-serving-namespaced-view labels: rbac.authorization.k8s.io/aggregate-to-view: "true" - serving.knative.dev/release: "v0.22.1" + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving rules: - apiGroups: ["serving.knative.dev", "networking.internal.knative.dev", "autoscaling.internal.knative.dev", "caching.internal.knative.dev"] resources: ["*"] @@ -72,8 +95,10 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-core labels: - serving.knative.dev/release: "v0.22.1" serving.knative.dev/controller: "true" + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving rules: - apiGroups: [""] resources: ["pods", "namespaces", "secrets", "configmaps", "endpoints", "services", "events", "serviceaccounts"] @@ -81,6 +106,9 @@ rules: - apiGroups: [""] resources: ["endpoints/restricted"] verbs: ["create"] + - apiGroups: [""] + resources: ["namespaces/finalizers"] + verbs: ["update"] - apiGroups: ["apps"] resources: ["deployments", "deployments/finalizers"] verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] @@ -108,7 +136,9 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-podspecable-binding labels: - serving.knative.dev/release: "v0.22.1" + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving duck.knative.dev/podspecable: "true" rules: - apiGroups: @@ -127,26 +157,33 @@ metadata: name: controller namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: knative-serving-admin labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" aggregationRule: clusterRoleSelectors: - matchLabels: serving.knative.dev/controller: "true" -rules: [] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: knative-serving-controller-admin labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" subjects: - kind: ServiceAccount name: controller @@ -156,11 +193,31 @@ roleRef: name: knative-serving-admin apiGroup: rbac.authorization.k8s.io --- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: knative-serving-controller-addressable-resolver + labels: + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +subjects: + - kind: ServiceAccount + name: controller + namespace: knative-serving +roleRef: + kind: ClusterRole + name: knative-serving-aggregated-addressable-resolver + apiGroup: rbac.authorization.k8s.io +--- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: images.caching.internal.knative.dev labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" knative.dev/crd-install: "true" spec: group: caching.internal.knative.dev @@ -194,7 +251,9 @@ kind: CustomResourceDefinition metadata: name: certificates.networking.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -231,21 +290,31 @@ kind: CustomResourceDefinition metadata: name: configurations.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" knative.dev/crd-install: "true" duck.knative.dev/podspecable: "true" spec: group: serving.knative.dev + names: + kind: Configuration + plural: configurations + singular: configuration + categories: + - all + - knative + - serving + shortNames: + - config + - cfg + scope: Namespaced versions: - name: v1 served: true storage: true subresources: status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: LatestCreated type: string @@ -259,17 +328,938 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + schema: + openAPIV3Schema: + description: 'Configuration represents the "floating HEAD" of a linear history of Revisions. Users create new Revisions by updating the Configuration''s spec. The "latest created" revision''s name is available under status, as is the "latest ready" revision''s name. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#configuration' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConfigurationSpec holds the desired state of the Configuration (from the client). + type: object + properties: + template: + description: Template holds the latest specification for the Revision to be stamped out. + type: object + properties: + metadata: + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + finalizers: + type: array + items: + type: string + labels: + type: object + additionalProperties: + type: string + name: + type: string + namespace: + type: string + x-kubernetes-preserve-unknown-fields: true + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + env: + description: List of environment variables to set in the container. Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-preserve-unknown-fields: true + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + required: + - containerPort + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + default: TCP + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + type: object + properties: + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + type: object + properties: + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-preserve-unknown-fields: true + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: integer + format: int64 + x-kubernetes-preserve-unknown-fields: true + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + x-kubernetes-preserve-unknown-fields: true + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' + type: boolean + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + type: array + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + timeoutSeconds: + description: TimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin replying (send network traffic). If unspecified, a system default will be provided. + type: integer + format: int64 + volumes: + description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: ConfigMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + projected: + description: Items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: list of volume projections + type: array + items: + description: Projection that may be projected along with other supported volume types + type: object + properties: + configMap: + description: information about the configMap data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + secret: + description: information about the secret data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + serviceAccountToken: + description: information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + type: integer + format: int64 + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-preserve-unknown-fields: true + status: + description: ConfigurationStatus communicates the observed state of the Configuration (from the controller). + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + latestCreatedRevisionName: + description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + type: string + latestReadyRevisionName: + description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: clusterdomainclaims.networking.internal.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" +spec: + group: networking.internal.knative.dev + versions: + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + type: object + x-kubernetes-preserve-unknown-fields: true names: - kind: Configuration - plural: configurations - singular: configuration + kind: ClusterDomainClaim + plural: clusterdomainclaims + singular: clusterdomainclaim + categories: + - knative-internal + - networking + shortNames: + - cdc + scope: Cluster +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: domainmappings.serving.knative.dev + labels: + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + knative.dev/crd-install: "true" +spec: + group: serving.knative.dev + versions: + - name: v1beta1 + served: true + storage: false + subresources: + status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + "schema": + "openAPIV3Schema": + description: DomainMapping is a mapping from a custom hostname to an Addressable. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + required: + - ref + properties: + ref: + description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." + type: object + required: + - kind + - name + properties: + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + tls: + description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. + type: object + required: + - secretName + properties: + secretName: + description: SecretName is the name of the existing secret used to terminate TLS traffic. + type: string + status: + description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + properties: + address: + description: Address holds the information needed for a DomainMapping to be the target of an event. + type: object + properties: + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + url: + description: URL is the URL of this DomainMapping. + type: string + - name: v1alpha1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: DomainMapping is a mapping from a custom hostname to an Addressable. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: 'Spec is the desired state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + required: + - ref + properties: + ref: + description: "Ref specifies the target of the Domain Mapping. \n The object identified by the Ref must be an Addressable with a URL of the form `{name}.{namespace}.{domain}` where `{domain}` is the cluster domain, and `{name}` and `{namespace}` are the name and namespace of a Kubernetes Service. \n This contract is satisfied by Knative types such as Knative Services and Knative Routes, and by Kubernetes Services." + type: object + required: + - kind + - name + properties: + apiVersion: + description: API version of the referent. + type: string + group: + description: 'Group of the API, without the version of the group. This can be used as an alternative to the APIVersion, and then resolved using ResolveGroup. Note: This API is EXPERIMENTAL and might break anytime. For more details: https://github.com/knative/eventing/issues/5086' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ This is optional field, it gets defaulted to the object holding it if left out.' + type: string + tls: + description: TLS allows the DomainMapping to terminate TLS traffic with an existing secret. + type: object + required: + - secretName + properties: + secretName: + description: SecretName is the name of the existing secret used to terminate TLS traffic. + type: string + status: + description: 'Status is the current state of the DomainMapping. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' + type: object + properties: + address: + description: Address holds the information needed for a DomainMapping to be the target of an event. + type: object + properties: + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + url: + description: URL is the URL of this DomainMapping. + type: string + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" + names: + kind: DomainMapping + plural: domainmappings + singular: domainmapping categories: - all - knative - serving shortNames: - - config - - cfg + - dm scope: Namespaced --- apiVersion: apiextensions.k8s.io/v1 @@ -277,7 +1267,9 @@ kind: CustomResourceDefinition metadata: name: ingresses.networking.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -315,20 +1307,26 @@ kind: CustomResourceDefinition metadata: name: metrics.autoscaling.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev + names: + kind: Metric + plural: metrics + singular: metric + categories: + - knative-internal + - autoscaling + scope: Namespaced versions: - name: v1alpha1 served: true storage: true subresources: status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: Ready type: string @@ -336,34 +1334,109 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Metric - plural: metrics - singular: metric - categories: - - knative-internal - - autoscaling - scope: Namespaced + schema: + openAPIV3Schema: + description: Metric represents a resource to configure the metric collector with. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Metric (from the client). + type: object + required: + - panicWindow + - scrapeTarget + - stableWindow + properties: + panicWindow: + description: PanicWindow is the aggregation window for metrics where quick reactions are needed. + type: integer + format: int64 + scrapeTarget: + description: ScrapeTarget is the K8s service that publishes the metric endpoint. + type: string + stableWindow: + description: StableWindow is the aggregation window for metrics in a stable state. + type: integer + format: int64 + status: + description: Status communicates the observed state of the Metric (from the controller). + type: object + properties: + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: podautoscalers.autoscaling.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" knative.dev/crd-install: "true" spec: group: autoscaling.internal.knative.dev + names: + kind: PodAutoscaler + plural: podautoscalers + singular: podautoscaler + categories: + - knative-internal + - autoscaling + shortNames: + - kpa + - pa + scope: Namespaced versions: - name: v1alpha1 served: true storage: true subresources: status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: DesiredScale type: integer @@ -377,37 +1450,137 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: PodAutoscaler - plural: podautoscalers - singular: podautoscaler - categories: - - knative-internal - - autoscaling - shortNames: - - kpa - - pa - scope: Namespaced + schema: + openAPIV3Schema: + description: 'PodAutoscaler is a Knative abstraction that encapsulates the interface by which Knative components instantiate autoscalers. This definition is an abstraction that may be backed by multiple definitions. For more information, see the Knative Pluggability presentation: https://docs.google.com/presentation/d/10KWynvAJYuOEWy69VBa6bHJVCqIsz1TNdEKosNvcpPY/edit' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the PodAutoscaler (from the client). + type: object + required: + - protocolType + - scaleTargetRef + properties: + containerConcurrency: + description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means unlimited concurrency. + type: integer + format: int64 + protocolType: + description: The application-layer protocol. Matches `ProtocolType` inferred from the revision spec. + type: string + reachability: + description: Reachability specifies whether or not the `ScaleTargetRef` can be reached (ie. has a route). Defaults to `ReachabilityUnknown` + type: string + scaleTargetRef: + description: ScaleTargetRef defines the /scale-able resource that this PodAutoscaler is responsible for quickly right-sizing. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + status: + description: Status communicates the observed state of the PodAutoscaler (from the controller). + type: object + required: + - metricsServiceName + - serviceName + properties: + actualScale: + description: ActualScale shows the actual number of replicas for the revision. + type: integer + format: int32 + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + desiredScale: + description: DesiredScale shows the current desired number of replicas for the revision. + type: integer + format: int32 + metricsServiceName: + description: MetricsServiceName is the K8s Service name that provides revision metrics. The service is managed by the PA object. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + serviceName: + description: ServiceName is the K8s Service name that serves the revision, scaled by this PA. The service is created and owned by the ServerlessService object owned by this PA. + type: string --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: revisions.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" knative.dev/crd-install: "true" spec: group: serving.knative.dev + names: + kind: Revision + plural: revisions + singular: revision + categories: + - all + - knative + - serving + shortNames: + - rev + scope: Namespaced versions: - name: v1 served: true storage: true subresources: status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: Config Name type: string @@ -424,38 +1597,686 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Revision - plural: revisions - singular: revision - categories: - - all - - knative - - serving - shortNames: - - rev - scope: Namespaced + - name: Actual Replicas + type: integer + jsonPath: ".status.actualReplicas" + - name: Desired Replicas + type: integer + jsonPath: ".status.desiredReplicas" + schema: + openAPIV3Schema: + description: "Revision is an immutable snapshot of code and configuration. A revision references a container image. Revisions are created by updates to a Configuration. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#revision" + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + env: + description: List of environment variables to set in the container. Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-preserve-unknown-fields: true + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + required: + - containerPort + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + default: TCP + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + type: object + properties: + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + type: object + properties: + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-preserve-unknown-fields: true + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: integer + format: int64 + x-kubernetes-preserve-unknown-fields: true + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + x-kubernetes-preserve-unknown-fields: true + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' + type: boolean + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + type: array + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + timeoutSeconds: + description: TimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin replying (send network traffic). If unspecified, a system default will be provided. + type: integer + format: int64 + volumes: + description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: ConfigMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + projected: + description: Items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: list of volume projections + type: array + items: + description: Projection that may be projected along with other supported volume types + type: object + properties: + configMap: + description: information about the configMap data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + secret: + description: information about the secret data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + serviceAccountToken: + description: information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + type: integer + format: int64 + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-preserve-unknown-fields: true + status: + description: RevisionStatus communicates the observed state of the Revision (from the controller). + type: object + properties: + actualReplicas: + description: ActualReplicas reflects the amount of ready pods running this revision. + type: integer + format: int32 + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + containerStatuses: + description: 'ContainerStatuses is a slice of images present in .Spec.Container[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' + type: array + items: + description: ContainerStatus holds the information of container name and image digest value + type: object + properties: + imageDigest: + type: string + name: + type: string + desiredReplicas: + description: DesiredReplicas reflects the desired amount of pods running this revision. + type: integer + format: int32 + initContainerStatuses: + description: 'InitContainerStatuses is a slice of images present in .Spec.InitContainer[*].Image to their respective digests and their container name. The digests are resolved during the creation of Revision. ContainerStatuses holds the container name and image digests for both serving and non serving containers. ref: http://bit.ly/image-digests' + type: array + items: + description: ContainerStatus holds the information of container name and image digest value + type: object + properties: + imageDigest: + type: string + name: + type: string + logUrl: + description: LogURL specifies the generated logging url for this particular revision based on the revision url template specified in the controller's config. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: routes.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" spec: group: serving.knative.dev + names: + kind: Route + plural: routes + singular: route + categories: + - all + - knative + - serving + shortNames: + - rt + scope: Namespaced versions: - name: v1 served: true storage: true subresources: status: {} - schema: - openAPIV3Schema: - type: object - x-kubernetes-preserve-unknown-fields: true additionalPrinterColumns: - name: URL type: string @@ -466,24 +2287,135 @@ spec: - name: Reason type: string jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Route - plural: routes - singular: route - categories: - - all - - knative - - serving - shortNames: - - rt - scope: Namespaced + schema: + openAPIV3Schema: + description: 'Route is responsible for configuring ingress over a collection of Revisions. Some of the Revisions a Route distributes traffic over may be specified by referencing the Configuration responsible for creating them; in these cases the Route is additionally responsible for monitoring the Configuration for "latest ready revision" changes, and smoothly rolling out latest revisions. See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#route' + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec holds the desired state of the Route (from the client). + type: object + properties: + traffic: + description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. + type: string + latestRevision: + description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' + type: integer + format: int64 + revisionName: + description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + type: string + url: + description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + status: + description: Status communicates the observed state of the Route (from the controller). + type: object + properties: + address: + description: Address holds the information needed for a Route to be the target of an event. + type: object + properties: + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + traffic: + description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. + type: string + latestRevision: + description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' + type: integer + format: int64 + revisionName: + description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + type: string + url: + description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + url: + description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + type: string --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: serverlessservices.networking.internal.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" knative.dev/crd-install: "true" spec: group: networking.internal.knative.dev @@ -532,116 +2464,754 @@ kind: CustomResourceDefinition metadata: name: services.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" knative.dev/crd-install: "true" duck.knative.dev/addressable: "true" duck.knative.dev/podspecable: "true" spec: group: serving.knative.dev + names: + kind: Service + plural: services + singular: service + categories: + - all + - knative + - serving + shortNames: + - kservice + - ksvc + scope: Namespaced versions: - name: v1 served: true storage: true subresources: status: {} + additionalPrinterColumns: + - name: URL + type: string + jsonPath: .status.url + - name: LatestCreated + type: string + jsonPath: .status.latestCreatedRevisionName + - name: LatestReady + type: string + jsonPath: .status.latestReadyRevisionName + - name: Ready + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].status" + - name: Reason + type: string + jsonPath: ".status.conditions[?(@.type=='Ready')].reason" schema: openAPIV3Schema: + description: "Service acts as a top-level container that manages a Route and Configuration which implement a network service. Service exists to provide a singular abstraction which can be access controlled, reasoned about, and which encapsulates software lifecycle decisions such as rollout policy and team resource ownership. Service acts only as an orchestrator of the underlying Routes and Configurations (much as a kubernetes Deployment orchestrates ReplicaSets), and its usage is optional but recommended. \n The Service's controller will track the statuses of its owned Configuration and Route, reflecting their statuses and conditions as its own. \n See also: https://github.com/knative/serving/blob/main/docs/spec/overview.md#service" type: object - x-kubernetes-preserve-unknown-fields: true properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object spec: + description: ServiceSpec represents the configuration for the Service object. A Service's specification is the union of the specifications for a Route and Configuration. The Service restricts what can be expressed in these fields, e.g. the Route must reference the provided Configuration; however, these limitations also enable friendlier defaulting, e.g. Route never needs a Configuration name, and may be defaulted to the appropriate "run latest" spec. type: object - x-kubernetes-preserve-unknown-fields: true properties: template: + description: Template holds the latest specification for the Revision to be stamped out. type: object - x-kubernetes-preserve-unknown-fields: true - description: | - A template for the current desired application state. - Changes to `template` will cause a new Revision to be created as - defined in the lifecycle section. The contents of the Service's - RevisionTemplateSpec is used to create a corresponding Configuration. + properties: + metadata: + type: object + properties: + annotations: + type: object + additionalProperties: + type: string + finalizers: + type: array + items: + type: string + labels: + type: object + additionalProperties: + type: string + name: + type: string + namespace: + type: string + x-kubernetes-preserve-unknown-fields: true + spec: + description: RevisionSpec holds the desired state of the Revision (from the client). + type: object + required: + - containers + properties: + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. + type: boolean + containerConcurrency: + description: ContainerConcurrency specifies the maximum allowed in-flight (concurrent) requests per container of the Revision. Defaults to `0` which means concurrency to the application is not limited, and the system decides the target concurrency for the autoscaler. + type: integer + format: int64 + containers: + description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. + type: array + items: + description: A single application container that you want to run within a pod. + type: object + properties: + args: + description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + command: + description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' + type: array + items: + type: string + env: + description: List of environment variables to set in the container. Cannot be updated. + type: array + items: + description: EnvVar represents an environment variable present in a Container. + type: object + required: + - name + properties: + name: + description: Name of the environment variable. Must be a C_IDENTIFIER. + type: string + value: + description: 'Variable references $(VAR_NAME) are expanded using the previously defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + type: object + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + type: object + required: + - key + properties: + key: + description: The key to select. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + x-kubernetes-preserve-unknown-fields: true + envFrom: + description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. + type: array + items: + description: EnvFromSource represents the source of a set of ConfigMaps + type: object + properties: + configMapRef: + description: The ConfigMap to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap must be defined + type: boolean + prefix: + description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. + type: string + secretRef: + description: The Secret to select from + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret must be defined + type: boolean + image: + description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' + type: string + imagePullPolicy: + description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' + type: string + livenessProbe: + description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + name: + description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. + type: string + ports: + description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. + type: array + items: + description: ContainerPort represents a network port in a single container. + type: object + required: + - containerPort + properties: + containerPort: + description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. + type: integer + format: int32 + name: + description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. + type: string + protocol: + description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". + type: string + default: TCP + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: object + properties: + exec: + description: One and only one of the following should be specified. Exec specifies the action to take. + type: object + properties: + command: + description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + type: array + items: + type: string + failureThreshold: + description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. + type: integer + format: int32 + httpGet: + description: HTTPGet specifies the http request to perform. + type: object + properties: + host: + description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. + type: string + httpHeaders: + description: Custom headers to set in the request. HTTP allows repeated headers. + type: array + items: + description: HTTPHeader describes a custom header to be used in HTTP probes + type: object + required: + - name + - value + properties: + name: + description: The header field name + type: string + value: + description: The header field value + type: string + path: + description: Path to access on the HTTP server. + type: string + scheme: + description: Scheme to use for connecting to the host. Defaults to HTTP. + type: string + x-kubernetes-preserve-unknown-fields: true + initialDelaySeconds: + description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + periodSeconds: + description: How often (in seconds) to perform the probe. + type: integer + format: int32 + successThreshold: + description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. + type: integer + format: int32 + tcpSocket: + description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' + type: object + properties: + host: + description: 'Optional: Host name to connect to, defaults to the pod IP.' + type: string + x-kubernetes-preserve-unknown-fields: true + timeoutSeconds: + description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' + type: integer + format: int32 + resources: + description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + properties: + limits: + description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + securityContext: + description: 'SecurityContext defines the security options the container should be run with. If set, the fields of SecurityContext override the equivalent fields of PodSecurityContext. More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' + type: object + properties: + capabilities: + description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. + type: object + properties: + drop: + description: Removed capabilities + type: array + items: + description: Capability represent POSIX capabilities type + type: string + x-kubernetes-preserve-unknown-fields: true + readOnlyRootFilesystem: + description: Whether this container has a read-only root filesystem. Default is false. + type: boolean + runAsUser: + description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. + type: integer + format: int64 + x-kubernetes-preserve-unknown-fields: true + terminationMessagePath: + description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' + type: string + terminationMessagePolicy: + description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. + type: string + volumeMounts: + description: Pod volumes to mount into the container's filesystem. Cannot be updated. + type: array + items: + description: VolumeMount describes a mounting of a Volume within a container. + type: object + required: + - mountPath + - name + properties: + mountPath: + description: Path within the container at which the volume should be mounted. Must not contain ':'. + type: string + name: + description: This must match the Name of a Volume. + type: string + readOnly: + description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. + type: boolean + subPath: + description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). + type: string + workingDir: + description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. + type: string + x-kubernetes-preserve-unknown-fields: true + enableServiceLinks: + description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' + type: boolean + imagePullSecrets: + description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' + type: array + items: + description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. + type: object + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + serviceAccountName: + description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' + type: string + timeoutSeconds: + description: TimeoutSeconds is the maximum duration in seconds that the request routing layer will wait for a request delivered to a container to begin replying (send network traffic). If unspecified, a system default will be provided. + type: integer + format: int64 + volumes: + description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' + type: array + items: + description: Volume represents a named volume in a pod that may be accessed by any container in the pod. + type: object + required: + - name + properties: + configMap: + description: ConfigMap represents a configMap that should populate this volume + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + name: + description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + projected: + description: Items for all in one resources secrets, configmaps, and downward API + type: object + properties: + defaultMode: + description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. + type: integer + format: int32 + sources: + description: list of volume projections + type: array + items: + description: Projection that may be projected along with other supported volume types + type: object + properties: + configMap: + description: information about the configMap data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the ConfigMap or its keys must be defined + type: boolean + secret: + description: information about the secret data to project + type: object + properties: + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + serviceAccountToken: + description: information about the serviceAccountToken data to project + type: object + required: + - path + properties: + audience: + description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. + type: string + expirationSeconds: + description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. + type: integer + format: int64 + path: + description: Path is the path relative to the mount point of the file to project the token into. + type: string + secret: + description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: object + properties: + defaultMode: + description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + items: + description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. + type: array + items: + description: Maps a string key to a path within a volume. + type: object + required: + - key + - path + properties: + key: + description: The key to project. + type: string + mode: + description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' + type: integer + format: int32 + path: + description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. + type: string + optional: + description: Specify whether the Secret or its keys must be defined + type: boolean + secretName: + description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' + type: string + x-kubernetes-preserve-unknown-fields: true + x-kubernetes-preserve-unknown-fields: true traffic: - x-kubernetes-preserve-unknown-fields: true + description: Traffic specifies how to distribute traffic over a collection of revisions and configurations. type: array - description: | - Traffic specifies how to distribute traffic over a - collection of Revisions belonging to the Service. If traffic is - empty or not provided, defaults to 100% traffic to the latest - `Ready` Revision. The contents of the Service's TrafficTarget is - used to create a corresponding Route. items: + description: TrafficTarget holds a single entry of the routing table for a Route. type: object - x-kubernetes-preserve-unknown-fields: true properties: - revisionName: - type: string - description: | - A specific revision to which to send this portion - of traffic. - This is mutually exclusive with configurationName. configurationName: + description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. type: string - description: | - ConfigurationName of a configuration to whose latest revision we will send - this portion of traffic. When the "status.latestReadyRevisionName" of the - referenced configuration changes, we will automatically migrate traffic - from the prior "latest ready" revision to the new one. This field is never - set in Route's status, only its spec. - This is mutually exclusive with RevisionName. latestRevision: + description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. type: boolean - description: | - `latestRevision` may be optionally provided to indicate - that the latest ready Revision of the Configuration should be used - for this traffic target. When provided latestRevision MUST be true - if revisionName is empty, and it MUST be false when revisionName is non-empty. - tag: - type: string - description: | - Tag is optionally used to expose a dedicated URL for - referencing this target exclusively. The dedicated URL MUST include - in it the string provided by tag. percent: + description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' type: integer - description: | - The percentage of requests which should be allocated - from the main Route domain name to the specified `revisionName` or - `configurationName`. - All `percent` values in `traffic` MUST sum to 100. - minimum: 0 - maximum: 100 + format: int64 + revisionName: + description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + type: string + url: + description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string status: + description: ServiceStatus represents the Status stanza of the Service resource. type: object - x-kubernetes-preserve-unknown-fields: true - additionalPrinterColumns: - - name: URL - type: string - jsonPath: .status.url - - name: LatestCreated - type: string - jsonPath: .status.latestCreatedRevisionName - - name: LatestReady - type: string - jsonPath: .status.latestReadyRevisionName - - name: Ready - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].status" - - name: Reason - type: string - jsonPath: ".status.conditions[?(@.type=='Ready')].reason" - names: - kind: Service - plural: services - singular: service - categories: - - all - - knative - - serving - shortNames: - - kservice - - ksvc - scope: Namespaced + properties: + address: + description: Address holds the information needed for a Route to be the target of an event. + type: object + properties: + url: + type: string + annotations: + description: Annotations is additional Status fields for the Resource to save some additional State as well as convey more information to the user. This is roughly akin to Annotations on any k8s resource, just the reconciler conveying richer information outwards. + type: object + additionalProperties: + type: string + conditions: + description: Conditions the latest available observations of a resource's current state. + type: array + items: + description: 'Condition defines a readiness condition for a Knative resource. See: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + type: object + required: + - status + - type + properties: + lastTransitionTime: + description: LastTransitionTime is the last time the condition transitioned from one status to another. We use VolatileTime in place of metav1.Time to exclude this from creating equality.Semantic differences (all other things held constant). + type: string + format: date-time + message: + description: A human readable message indicating details about the transition. + type: string + reason: + description: The reason for the condition's last transition. + type: string + severity: + description: Severity with which to treat failures of this type of condition. When this is not specified, it defaults to Error. + type: string + status: + description: Status of the condition, one of True, False, Unknown. + type: string + type: + description: Type of condition. + type: string + latestCreatedRevisionName: + description: LatestCreatedRevisionName is the last revision that was created from this Configuration. It might not be ready yet, for that use LatestReadyRevisionName. + type: string + latestReadyRevisionName: + description: LatestReadyRevisionName holds the name of the latest Revision stamped out from this Configuration that has had its "Ready" condition become "True". + type: string + observedGeneration: + description: ObservedGeneration is the 'Generation' of the Service that was last processed by the controller. + type: integer + format: int64 + traffic: + description: Traffic holds the configured traffic distribution. These entries will always contain RevisionName references. When ConfigurationName appears in the spec, this will hold the LatestReadyRevisionName that we last observed. + type: array + items: + description: TrafficTarget holds a single entry of the routing table for a Route. + type: object + properties: + configurationName: + description: ConfigurationName of a configuration to whose latest revision we will send this portion of traffic. When the "status.latestReadyRevisionName" of the referenced configuration changes, we will automatically migrate traffic from the prior "latest ready" revision to the new one. This field is never set in Route's status, only its spec. This is mutually exclusive with RevisionName. + type: string + latestRevision: + description: LatestRevision may be optionally provided to indicate that the latest ready Revision of the Configuration should be used for this traffic target. When provided LatestRevision must be true if RevisionName is empty; it must be false when RevisionName is non-empty. + type: boolean + percent: + description: 'Percent indicates that percentage based routing should be used and the value indicates the percent of traffic that is be routed to this Revision or Configuration. `0` (zero) mean no traffic, `100` means all traffic. When percentage based routing is being used the follow rules apply: - the sum of all percent values must equal 100 - when not specified, the implied value for `percent` is zero for that particular Revision or Configuration' + type: integer + format: int64 + revisionName: + description: RevisionName of a specific revision to which to send this portion of traffic. This is mutually exclusive with ConfigurationName. + type: string + tag: + description: Tag is optionally used to expose a dedicated url for referencing this target exclusively. + type: string + url: + description: URL displays the URL for accessing named traffic targets. URL is displayed in status, and is disallowed on spec. URL must contain a scheme (e.g. http://) and a hostname, but may not contain anything else (e.g. basic auth, url path, etc.) + type: string + url: + description: URL holds the url that will distribute traffic over the provided traffic targets. It generally has the form http[s]://{route-name}.{route-namespace}.{cluster-level-suffix} + type: string --- apiVersion: caching.internal.knative.dev/v1alpha1 kind: Image @@ -649,9 +3219,12 @@ metadata: name: queue-proxy namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: queue-proxy + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" spec: - image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:0b8e031170354950f3395876961452af1c62f7ab5161c9e71867392c11881962 + image: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:14415b204ea8d0567235143a6c3377f49cbd35f18dc84dfa4baa7695c2a9b53d --- apiVersion: v1 kind: ConfigMap @@ -659,9 +3232,12 @@ metadata: name: config-autoscaler namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" annotations: - knative.dev/example-checksum: "604cb513" + knative.dev/example-checksum: "16af78ce" data: _example: | ################################ @@ -803,8 +3379,8 @@ data: scale-to-zero-pod-retention-period: "0s" # pod-autoscaler-class specifies the default pod autoscaler class - # that should be used if none is specified. If omitted, the Knative - # Horizontal Pod Autoscaler (KPA) is used by default. + # that should be used if none is specified. If omitted, + # the Knative Pod Autoscaler (KPA) is used by default. pod-autoscaler-class: "kpa.autoscaling.knative.dev" # The capacity of a single activator task. @@ -825,6 +3401,10 @@ data: # or the "autoscaling.knative.dev/initialScale" annotation, can be set to 0. allow-zero-initial-scale: "false" + # min-scale is the cluster-wide default value for the min scale of a revision, + # unless overridden by the "autoscaling.knative.dev/minScale" annotation. + min-scale: "0" + # max-scale is the cluster-wide default value for the max scale of a revision, # unless overridden by the "autoscaling.knative.dev/maxScale" annotation. # If set to 0, the revision has no maximum scale. @@ -849,9 +3429,12 @@ metadata: name: config-defaults namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" annotations: - knative.dev/example-checksum: "cdabec96" + knative.dev/example-checksum: "a0feb4c6" data: _example: | ################################ @@ -928,6 +3511,13 @@ data: # {{.Name}} are also valid. container-name-template: "user-container" + # init-container-name-template contains a template for the default + # init container name, if none is specified. This field supports + # Go templating and is supplied with the ObjectMeta of the + # enclosing Service or Configuration, so values such as + # {{.Name}} are also valid. + init-container-name-template: "init-container" + # container-concurrency specifies the maximum number # of requests the Container can handle at once, and requests # above this threshold are queued. Setting a value of zero @@ -968,12 +3558,15 @@ metadata: name: config-deployment namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" annotations: - knative.dev/example-checksum: "fa67b403" + knative.dev/example-checksum: "dd7ee769" data: - queueSidecarImage: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:0b8e031170354950f3395876961452af1c62f7ab5161c9e71867392c11881962 - _example: | + queueSidecarImage: gcr.io/knative-releases/knative.dev/serving/cmd/queue@sha256:14415b204ea8d0567235143a6c3377f49cbd35f18dc84dfa4baa7695c2a9b53d + _example: |- ################################ # # # EXAMPLE CONFIGURATION # @@ -990,41 +3583,60 @@ data: # to actually change the configuration. # List of repositories for which tag to digest resolving should be skipped - registriesSkippingTagResolving: "kind.local,ko.local,dev.local" + registries-skipping-tag-resolving: "kind.local,ko.local,dev.local" - # digestResolutionTimeout is the maximum time allowed for an image's - # digests to be resolved. - digestResolutionTimeout: "10s" + # Maximum time allowed for an image's digests to be resolved. + digest-resolution-timeout: "10s" - # ProgressDeadline is the duration we wait for the deployment to - # be ready before considering it failed. - progressDeadline: "600s" + # Duration we wait for the deployment to be ready before considering it failed. + progress-deadline: "600s" - # queueSidecarCPURequest is the requests.cpu to set for the queue proxy sidecar container. + # Sets the queue proxy's CPU request. # If omitted, a default value (currently "25m"), is used. - queueSidecarCPURequest: "25m" + queue-sidecar-cpu-request: "25m" - # queueSidecarCPULimit is the limits.cpu to set for the queue proxy sidecar container. + # Sets the queue proxy's CPU limit. # If omitted, no value is specified and the system default is used. - queueSidecarCPULimit: "1000m" + queue-sidecar-cpu-limit: "1000m" - # queueSidecarMemoryRequest is the requests.memory to set for the queue proxy container. + # Sets the queue proxy's memory request. # If omitted, no value is specified and the system default is used. - queueSidecarMemoryRequest: "400Mi" + queue-sidecar-memory-request: "400Mi" - # queueSidecarMemoryLimit is the limits.memory to set for the queue proxy container. + # Sets the queue proxy's memory limit. # If omitted, no value is specified and the system default is used. - queueSidecarMemoryLimit: "800Mi" + queue-sidecar-memory-limit: "800Mi" - # queueSidecarEphemeralStorageRequest is the requests.ephemeral-storage to - # set for the queue proxy sidecar container. + # Sets the queue proxy's ephemeral storage request. # If omitted, no value is specified and the system default is used. - queueSidecarEphemeralStorageRequest: "512Mi" + queue-sidecar-ephemeral-storage-request: "512Mi" - # queueSidecarEphemeralStorageLimit is the limits.ephemeral-storage to set - # for the queue proxy sidecar container. + # Sets the queue proxy's ephemeral storage limit. # If omitted, no value is specified and the system default is used. - queueSidecarEphemeralStorageLimit: "1024Mi" + queue-sidecar-ephemeral-storage-limit: "1024Mi" + + # The freezer service endpoint that queue-proxy calls when its traffic drops to zero or + # scales up from zero. + # + # Freezer service is available at: https://github.com/knative-sandbox/container-freezer + # or users may write their own service. + # + # The value will need to include both the host and the port that will be accessed. + # For the host, $HOST_IP can be passed, and the appropriate host IP value will be swapped + # in at runtime, which will enable the freezer daemonset to be reachable via the node IP. + # + # As an example: + # concurrency-state-endpoint: "http://$HOST_IP:9696" + # + # If not set, queue proxy takes no action (this is the default behavior). + # + # When enabled, a serviceAccountToken will be mounted to queue-proxy using + # a projected volume. This requires the Service Account Token Volume Projection feature + # to be enabled. For details, see this link: + # https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection + # + # NOTE THAT THIS IS AN EXPERIMENTAL / ALPHA FEATURE + concurrency-state-endpoint: "" --- apiVersion: v1 kind: ConfigMap @@ -1032,9 +3644,12 @@ metadata: name: config-domain namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" annotations: - knative.dev/example-checksum: "74c3fc6a" + knative.dev/example-checksum: "81552d0b" data: _example: | ################################ @@ -1067,7 +3682,7 @@ data: # will not be exposed through Ingress. You can define your own label # selector to assign that domain suffix to your Route here, or you can set # the label - # "serving.knative.dev/visibility=cluster-local" + # "networking.knative.dev/visibility=cluster-local" # to achieve the same effect. This shows how to make routes having # the label app=secret only exposed to the local cluster. svc.cluster.local: | @@ -1080,9 +3695,12 @@ metadata: name: config-features namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" annotations: - knative.dev/example-checksum: "2cf73688" + knative.dev/example-checksum: "d9e300ba" data: _example: |- ################################ @@ -1143,7 +3761,6 @@ data: kubernetes.podspec-runtimeclassname: "disabled" # This feature allows end-users to set a subset of fields on the Pod's SecurityContext - # in addition to expanding the allowable fields within a Container's SecurityContext. # # When set to "enabled" or "allowed" it allows the following # PodSecurityContext properties: @@ -1153,12 +3770,6 @@ data: # - SupplementalGroups # - RunAsUser # - # When set to "enabled" or "allowed" it allows the following - # Container SecurityContext properties: - # - RunAsNonRoot - # - RunAsGroup - # - RunAsUser (already allowed without this flag) - # # This feature flag should be used with caution as the PodSecurityContext # properties may have a side-effect on non-user sidecar containers that come # from Knative or your service mesh @@ -1167,6 +3778,24 @@ data: # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-security-context kubernetes.podspec-securitycontext: "disabled" + # Indicates whether Kubernetes PriorityClassName support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-priority-class-name + kubernetes.podspec-priorityclassname: "disabled" + + # Indicates whether Kubernetes SchedulerName support is enabled + # + # WARNING: Cannot safely be disabled once enabled. + # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-scheduler-name + kubernetes.podspec-schedulername: "disabled" + + # This feature flag allows end-users to add a subset of capabilities on the Pod's SecurityContext. + # + # When set to "enabled" or "allowed" it allows capabilities to be added to the container. + # For a list of possible capabilities, see https://man7.org/linux/man-pages/man7/capabilities.7.html + kubernetes.containerspec-addcapabilities: "disabled" + # This feature validates PodSpecs from the validating webhook # against the K8s API Server. # @@ -1177,13 +3806,6 @@ data: # See: https://knative.dev/docs/serving/feature-flags/#kubernetes-dry-run kubernetes.podspec-dryrun: "allowed" - # Indicates whether new responsive garbage collection is enabled. This - # feature labels revisions in real-time as they become referenced and - # dereferenced by Routes. This allows us to reap revisions shortly after - # they are no longer active. - # See: https://knative.dev/docs/serving/feature-flags/#responsive-revision-garbage-collector - responsive-revision-gc: "enabled" - # Controls whether tag header based routing feature are enabled or not. # 1. Enabled: enabling tag header based routing # 2. Disabled: disabling tag header based routing @@ -1194,6 +3816,26 @@ data: # 1. Enabled: http2 connection will be attempted via upgrade. # 2. Disabled: http2 connection will only be attempted when port name is set to "h2c". autodetect-http2: "disabled" + + # Controls whether volume support for EmptyDir is enabled or not. + # 1. Enabled: enabling EmptyDir volume support + # 2. Disabled: disabling EmptyDir volume support + kubernetes.podspec-volumes-emptydir: "disabled" + + # Controls whether init containers support is enabled or not. + # 1. Enabled: enabling init containers support + # 2. Disabled: disabling init containers support + kubernetes.podspec-init-containers: "disabled" + + # Controls whether persistent volume claim support is enabled or not. + # 1. Enabled: enabling persistent volume claim support + # 2. Disabled: disabling persistent volume claim support + kubernetes.podspec-persistent-volume-claim: "disabled" + + # Controls whether write access for persistent volumes is enabled or not. + # 1. Enabled: enabling write access for persistent volumes + # 2. Disabled: disabling write access for persistent volumes + kubernetes.podspec-persistent-volume-write: "disabled" --- apiVersion: v1 kind: ConfigMap @@ -1201,9 +3843,12 @@ metadata: name: config-gc namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" annotations: - knative.dev/example-checksum: "e6149382" + knative.dev/example-checksum: "51b4d68a" data: _example: | ################################ @@ -1229,7 +3874,7 @@ data: # Active # * Revisions which are referenced by a Route are considered active. # * Individual revisions may be marked with the annotation - # "knative.dev/no-gc":"true" to be permanently considered active. + # "serving.knative.dev/no-gc":"true" to be permanently considered active. # * Active revisions are not considered for GC. # Retention # * Revisions are retained if they are any of the following: @@ -1284,9 +3929,12 @@ metadata: name: config-leader-election namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/component: controller + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" annotations: - knative.dev/example-checksum: "96896b00" + knative.dev/example-checksum: "f4b71f57" data: _example: | ################################ @@ -1304,17 +3952,17 @@ data: # this example block and unindented to be in the data block # to actually change the configuration. - # leaseDuration is how long non-leaders will wait to try to acquire the + # lease-duration is how long non-leaders will wait to try to acquire the # lock; 15 seconds is the value used by core kubernetes controllers. - leaseDuration: "15s" + lease-duration: "60s" - # renewDeadline is how long a leader will try to renew the lease before + # renew-deadline is how long a leader will try to renew the lease before # giving up; 10 seconds is the value used by core kubernetes controllers. - renewDeadline: "10s" + renew-deadline: "40s" - # retryPeriod is how long the leader election client waits between tries of + # retry-period is how long the leader election client waits between tries of # actions; 2 seconds is the value used by core kubernetes controllers. - retryPeriod: "2s" + retry-period: "10s" # buckets is the number of buckets used to partition key space of each # Reconciler. If this number is M and the replica number of the controller @@ -1329,9 +3977,11 @@ metadata: name: config-logging namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving annotations: - knative.dev/example-checksum: "d9570453" + knative.dev/example-checksum: "be93ff10" data: _example: | ################################ @@ -1382,9 +4032,8 @@ data: loglevel.webhook: "info" loglevel.activator: "info" loglevel.hpaautoscaler: "info" - loglevel.certcontroller: "info" - loglevel.istiocontroller: "info" - loglevel.nscontroller: "info" + loglevel.net-certmanager-controller: "info" + loglevel.net-istio-controller: "info" --- apiVersion: v1 kind: ConfigMap @@ -1392,9 +4041,11 @@ metadata: name: config-network namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" annotations: - knative.dev/example-checksum: "15954d34" + knative.dev/example-checksum: "6e2033e0" data: _example: | ################################ @@ -1412,7 +4063,7 @@ data: # this example block and unindented to be in the data block # to actually change the configuration. - # ingress.class specifies the default ingress class + # ingress-class specifies the default ingress class # to use when not dictated by Route annotation. # # If not specified, will use the Istio ingress. @@ -1421,9 +4072,9 @@ data: # will result in undefined behavior. Therefore it is best to only # update this value during the setup of Knative, to avoid getting # undefined behavior. - ingress.class: "istio.ingress.networking.knative.dev" + ingress-class: "istio.ingress.networking.knative.dev" - # certificate.class specifies the default Certificate class + # certificate-class specifies the default Certificate class # to use when not dictated by Route annotation. # # If not specified, will use the Cert-Manager Certificate. @@ -1432,9 +4083,30 @@ data: # will result in undefined behavior. Therefore it is best to only # update this value during the setup of Knative, to avoid getting # undefined behavior. - certificate.class: "cert-manager.certificate.networking.knative.dev" + certificate-class: "cert-manager.certificate.networking.knative.dev" + + # namespace-wildcard-cert-selector specifies a LabelSelector which + # determines which namespaces should have a wildcard certificate + # provisioned. + # + # Use an empty value to disable the feature (this is the default): + # namespace-wildcard-cert-selector: "" + # + # Use an empty object to enable for all namespaces + # namespace-wildcard-cert-selector: {} + # + # Useful labels include the "kubernetes.io/metadata.name" label to + # avoid provisioning a certifcate for the "kube-system" namespaces. + # Use the following selector to match pre-1.0 behavior of using + # "networking.knative.dev/disableWildcardCert" to exclude namespaces: + # + # matchExpressions: + # - key: "networking.knative.dev/disableWildcardCert" + # operator: "NotIn" + # values: ["true"] + namespace-wildcard-cert-selector: "" - # domainTemplate specifies the golang text template string to use + # domain-template specifies the golang text template string to use # when constructing the Knative service's DNS name. The default # value is "{{.Name}}.{{.Namespace}}.{{.Domain}}". # @@ -1457,42 +4129,46 @@ data: # eg. '{{.Name}}-{{.Namespace}}.{{ index .Annotations "sub"}}.{{.Domain}}' # and you have an annotation {"sub":"foo"}, then the generated template # would be {Name}-{Namespace}.foo.{Domain} - domainTemplate: "{{.Name}}.{{.Namespace}}.{{.Domain}}" + domain-template: "{{.Name}}.{{.Namespace}}.{{.Domain}}" # tagTemplate specifies the golang text template string to use # when constructing the DNS name for "tags" within the traffic blocks # of Routes and Configuration. This is used in conjunction with the # domainTemplate above to determine the full URL for the tag. - tagTemplate: "{{.Tag}}-{{.Name}}" + tag-template: "{{.Tag}}-{{.Name}}" # Controls whether TLS certificates are automatically provisioned and # installed in the Knative ingress to terminate external TLS connection. # 1. Enabled: enabling auto-TLS feature. # 2. Disabled: disabling auto-TLS feature. - autoTLS: "Disabled" + auto-tls: "Disabled" # Controls the behavior of the HTTP endpoint for the Knative ingress. # It requires autoTLS to be enabled. # 1. Enabled: The Knative ingress will be able to serve HTTP connection. - # 2. Disabled: The Knative ingress will reject HTTP traffic. - # 3. Redirected: The Knative ingress will send a 302 redirect for all + # 2. Redirected: The Knative ingress will send a 301 redirect for all # http connections, asking the clients to use HTTPS. - httpProtocol: "Enabled" + # + # "Disabled" option is deprecated. + http-protocol: "Enabled" - # rolloutDuration contains the minimal duration in seconds over which the + # rollout-duration contains the minimal duration in seconds over which the # Configuration traffic targets are rolled out to the newest revision. - rolloutDuration: "0" + rollout-duration: "0" - # autocreateClusterDomainClaims controls whether ClusterDomainClaims should + # autocreate-cluster-domain-claims controls whether ClusterDomainClaims should # be automatically created (and deleted) as needed when DomainMappings are # reconciled. # - # If this is "false", the cluster administrator is responsible for creating - # ClusterDomainClaims and delegating them to namespaces via their - # spec.Namespace field. This is useful for multitenant environments - # which need to control which namespace can use a particular domain name in - # a domain mapping. - autocreateClusterDomainClaims: "true" + # If this is "false" (the default), the cluster administrator is + # responsible for creating ClusterDomainClaims and delegating them to + # namespaces via their spec.Namespace field. This setting should be used in + # multitenant environments which need to control which namespace can use a + # particular domain name in a domain mapping. + # + # If this is "true", users are able to associate arbitrary names with their + # services via the DomainMapping feature. + autocreate-cluster-domain-claims: "false" # If true, networking plugins can add additional information to deployed # applications to make their pods directly accessible via their IPs even if mesh is @@ -1503,6 +4179,22 @@ data: # NOTE: This flag is in an alpha state and is mostly here to enable internal testing # for now. Use with caution. enable-mesh-pod-addressability: "false" + + # mesh-compatibility-mode indicates whether consumers of network plugins + # should directly contact Pod IPs (most efficient), or should use the + # Cluster IP (less efficient, needed when mesh is enabled unless + # `enable-mesh-pod-addressability`, above, is set). + # Permitted values are: + # - "auto" (default): automatically determine which mesh mode to use by trying Pod IP and falling back to Cluster IP as needed. + # - "enabled": always use Cluster IP and do not attempt to use Pod IPs. + # - "disabled": always use Pod IPs and do not fall back to Cluster IP on failure. + mesh-compatibility-mode: "auto" + + # Defines the scheme used for external URLs if autoTLS is not enabled. + # This can be used for making Knative report all URLs as "HTTPS" for example, if you're + # fronting Knative with an external loadbalancer that deals with TLS termination and + # Knative doesn't know about that otherwise. + default-external-scheme: "http" --- apiVersion: v1 kind: ConfigMap @@ -1510,9 +4202,11 @@ metadata: name: config-observability namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" annotations: - knative.dev/example-checksum: "97c1d10b" + knative.dev/example-checksum: "fed4756e" data: _example: | ################################ @@ -1582,27 +4276,14 @@ data: logging.enable-probe-request-log: "false" # metrics.backend-destination field specifies the system metrics destination. - # It supports either prometheus (the default) or stackdriver. - # Note: Using stackdriver will incur additional charges + # It supports either prometheus (the default) or opencensus. metrics.backend-destination: prometheus # metrics.request-metrics-backend-destination specifies the request metrics # destination. It enables queue proxy to send request metrics. - # Currently supported values: prometheus (the default), stackdriver. + # Currently supported values: prometheus (the default), opencensus. metrics.request-metrics-backend-destination: prometheus - # metrics.stackdriver-project-id field specifies the stackdriver project ID. This - # field is optional. When running on GCE, application default credentials will be - # used if this field is not provided. - metrics.stackdriver-project-id: "" - - # metrics.allow-stackdriver-custom-metrics indicates whether it is allowed to send metrics to - # Stackdriver using "global" resource type and custom metric type if the - # metrics are not supported by "knative_revision" resource type. Setting this - # flag to "true" could cause extra Stackdriver charge. - # If metrics.backend-destination is not Stackdriver, this is ignored. - metrics.allow-stackdriver-custom-metrics: "false" - # profiling.enable indicates whether it is allowed to retrieve runtime profiling data from # the pods via an HTTP server in the format expected by the pprof visualization tool. When # enabled, the Knative Serving pods expose the profiling data on an alternate HTTP port 8008. @@ -1615,9 +4296,11 @@ metadata: name: config-tracing namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" annotations: - knative.dev/example-checksum: "4002b4c2" + knative.dev/example-checksum: "26614636" data: _example: | ################################ @@ -1635,18 +4318,13 @@ data: # this example block and unindented to be in the data block # to actually change the configuration. # - # This may be "zipkin" or "stackdriver", the default is "none" + # This may be "zipkin" or "none" (default) backend: "none" # URL to zipkin collector where traces are sent. # This must be specified when backend is "zipkin" zipkin-endpoint: "http://zipkin.istio-system.svc.cluster.local:9411/api/v2/spans" - # The GCP project into which stackdriver metrics will be written - # when backend is "stackdriver". If unspecified, the project-id - # is read from GCP metadata when running on GCP. - stackdriver-project-id: "my-project" - # Enable zipkin debug mode. This allows all spans to be sent to the server # bypassing sampling. debug: "false" @@ -1660,7 +4338,10 @@ metadata: name: activator namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" spec: minReplicas: 1 maxReplicas: 20 @@ -1676,13 +4357,16 @@ spec: type: Utilization averageUtilization: 100 --- -apiVersion: policy/v1beta1 +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: activator-pdb namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" spec: minAvailable: 80% selector: @@ -1695,7 +4379,10 @@ metadata: name: activator namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: activator + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving + serving.knative.dev/release: "v1.2.5" spec: selector: matchLabels: @@ -1708,12 +4395,15 @@ spec: labels: app: activator role: activator - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: activator + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" spec: serviceAccountName: controller containers: - name: activator - image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:fed92af8b9779c97482906db8857f27b5d4826708b75d0298aa30fad8900671f + image: gcr.io/knative-releases/knative.dev/serving/cmd/activator@sha256:93ff6e69357785ff97806945b284cbd1d37e50402b876a320645be8877c0d7b7 resources: requests: cpu: 300m @@ -1764,13 +4454,15 @@ spec: httpHeaders: - name: k-kubelet-probe value: "activator" - failureThreshold: 12 + periodSeconds: 5 + failureThreshold: 5 livenessProbe: httpGet: port: 8012 httpHeaders: - name: k-kubelet-probe value: "activator" + periodSeconds: 10 failureThreshold: 12 initialDelaySeconds: 15 terminationGracePeriodSeconds: 600 @@ -1782,7 +4474,10 @@ metadata: namespace: knative-serving labels: app: activator - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: activator + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving + serving.knative.dev/release: "v1.2.5" spec: selector: app: activator @@ -1807,19 +4502,29 @@ metadata: name: autoscaler namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" spec: replicas: 1 selector: matchLabels: app: autoscaler + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 template: metadata: annotations: cluster-autoscaler.kubernetes.io/safe-to-evict: "false" labels: app: autoscaler - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" spec: affinity: podAntiAffinity: @@ -1833,7 +4538,7 @@ spec: serviceAccountName: controller containers: - name: autoscaler - image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:bc5ae3090ab0322ed0e4f9efddb60fa85f6ff3a29156411d24d0e4764b18eba7 + image: gcr.io/knative-releases/knative.dev/serving/cmd/autoscaler@sha256:007820fdb75b60e6fd5a25e65fd6ad9744082a6bf195d72795561c91b425d016 resources: requests: cpu: 100m @@ -1893,7 +4598,10 @@ kind: Service metadata: labels: app: autoscaler - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: autoscaler + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" name: autoscaler namespace: knative-serving spec: @@ -1916,7 +4624,10 @@ metadata: name: controller namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" spec: selector: matchLabels: @@ -1927,7 +4638,10 @@ spec: cluster-autoscaler.kubernetes.io/safe-to-evict: "true" labels: app: controller - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" spec: affinity: podAntiAffinity: @@ -1941,7 +4655,7 @@ spec: serviceAccountName: controller containers: - name: controller - image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:bd7c6350e5d5c4edaa197a86fb96cff78bdd3e61f33fcb77aa60930de0ec0827 + image: gcr.io/knative-releases/knative.dev/serving/cmd/controller@sha256:75cfdcfa050af9522e798e820ba5483b9093de1ce520207a3fedf112d73a4686 resources: requests: cpu: 100m @@ -1982,7 +4696,10 @@ kind: Service metadata: labels: app: controller - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: controller + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" name: controller namespace: knative-serving spec: @@ -1996,13 +4713,208 @@ spec: selector: app: controller --- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: domain-mapping + namespace: knative-serving + labels: + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +spec: + selector: + matchLabels: + app: domain-mapping + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "true" + labels: + app: domain-mapping + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: domain-mapping + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: controller + containers: + - name: domain-mapping + image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping@sha256:23baa19322320f25a462568eded1276601ef67194883db9211e1ea24f21a0beb + resources: + requests: + cpu: 30m + memory: 40Mi + limits: + cpu: 300m + memory: 400Mi + env: + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: METRICS_DOMAIN + value: knative.dev/serving + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: domainmapping-webhook + namespace: knative-serving + labels: + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +spec: + selector: + matchLabels: + app: domainmapping-webhook + role: domainmapping-webhook + template: + metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" + labels: + app: domainmapping-webhook + role: domainmapping-webhook + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + spec: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - podAffinityTerm: + labelSelector: + matchLabels: + app: domainmapping-webhook + topologyKey: kubernetes.io/hostname + weight: 100 + serviceAccountName: controller + containers: + - name: domainmapping-webhook + image: gcr.io/knative-releases/knative.dev/serving/cmd/domain-mapping-webhook@sha256:847bb97e38440c71cb4bcc3e430743e18b328ad1e168b6fca35b10353b9a2c22 + resources: + requests: + cpu: 100m + memory: 100Mi + limits: + cpu: 500m + memory: 500Mi + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: SYSTEM_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: CONFIG_LOGGING_NAME + value: config-logging + - name: CONFIG_OBSERVABILITY_NAME + value: config-observability + - name: WEBHOOK_PORT + value: "8443" + - name: METRICS_DOMAIN + value: knative.dev/serving + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: true + capabilities: + drop: + - all + ports: + - name: metrics + containerPort: 9090 + - name: profiling + containerPort: 8008 + - name: https-webhook + containerPort: 8443 + readinessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + livenessProbe: + periodSeconds: 1 + httpGet: + scheme: HTTPS + port: 8443 + httpHeaders: + - name: k-kubelet-probe + value: "webhook" + failureThreshold: 6 + initialDelaySeconds: 20 + terminationGracePeriodSeconds: 300 +--- +apiVersion: v1 +kind: Service +metadata: + labels: + role: domainmapping-webhook + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" + name: domainmapping-webhook + namespace: knative-serving +spec: + ports: + - name: http-metrics + port: 9090 + targetPort: 9090 + - name: http-profiling + port: 8008 + targetPort: 8008 + - name: https-webhook + port: 443 + targetPort: 8443 + selector: + role: domainmapping-webhook +--- apiVersion: autoscaling/v2beta2 kind: HorizontalPodAutoscaler metadata: name: webhook namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" spec: minReplicas: 1 maxReplicas: 5 @@ -2018,13 +4930,16 @@ spec: type: Utilization averageUtilization: 100 --- -apiVersion: policy/v1beta1 +apiVersion: policy/v1 kind: PodDisruptionBudget metadata: name: webhook-pdb namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" spec: minAvailable: 80% selector: @@ -2037,7 +4952,10 @@ metadata: name: webhook namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/component: webhook + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving spec: selector: matchLabels: @@ -2050,7 +4968,10 @@ spec: labels: app: webhook role: webhook - serving.knative.dev/release: "v0.22.1" + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/component: webhook + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving spec: affinity: podAntiAffinity: @@ -2064,7 +4985,7 @@ spec: serviceAccountName: controller containers: - name: webhook - image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:6f41d379f1aacdfbb8f6d4f539e1769040e4f01bff3ad9c249b427e54dc56ea8 + image: gcr.io/knative-releases/knative.dev/serving/cmd/webhook@sha256:9084ea8498eae3c6c4364a397d66516a25e48488f4a9871ef765fa554ba483f0 resources: requests: cpu: 100m @@ -2130,7 +5051,10 @@ kind: Service metadata: labels: role: webhook - serving.knative.dev/release: "v0.22.1" + serving.knative.dev/release: "v1.2.5" + app.kubernetes.io/component: webhook + app.kubernetes.io/version: "1.2.5" + app.kubernetes.io/name: knative-serving name: webhook namespace: knative-serving spec: @@ -2152,7 +5076,10 @@ kind: ValidatingWebhookConfiguration metadata: name: config.webhook.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -2173,7 +5100,10 @@ kind: MutatingWebhookConfiguration metadata: name: webhook.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -2184,13 +5114,113 @@ webhooks: sideEffects: None name: webhook.serving.knative.dev timeoutSeconds: 10 + rules: + - apiGroups: + - autoscaling.internal.knative.dev + - networking.internal.knative.dev + - serving.knative.dev + apiVersions: + - "*" + operations: + - CREATE + - UPDATE + scope: "*" + resources: + - metrics + - podautoscalers + - certificates + - ingresses + - serverlessservices + - configurations + - revisions + - routes + - services +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: webhook.domainmapping.serving.knative.dev + labels: + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: domainmapping-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: webhook.domainmapping.serving.knative.dev + timeoutSeconds: 10 + rules: + - apiGroups: + - serving.knative.dev + apiVersions: + - v1alpha1 + - v1beta1 + operations: + - CREATE + - UPDATE + scope: "*" + resources: + - domainmappings +--- +apiVersion: v1 +kind: Secret +metadata: + name: domainmapping-webhook-certs + namespace: knative-serving + labels: + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: validation.webhook.domainmapping.serving.knative.dev + labels: + app.kubernetes.io/component: domain-mapping + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +webhooks: + - admissionReviewVersions: ["v1", "v1beta1"] + clientConfig: + service: + name: domainmapping-webhook + namespace: knative-serving + failurePolicy: Fail + sideEffects: None + name: validation.webhook.domainmapping.serving.knative.dev + timeoutSeconds: 10 + rules: + - apiGroups: + - serving.knative.dev + apiVersions: + - v1alpha1 + - v1beta1 + operations: + - CREATE + - UPDATE + - DELETE + scope: "*" + resources: + - domainmappings --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: validation.webhook.serving.knative.dev labels: - serving.knative.dev/release: "v0.22.1" + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" webhooks: - admissionReviewVersions: ["v1", "v1beta1"] clientConfig: @@ -2201,6 +5231,28 @@ webhooks: sideEffects: None name: validation.webhook.serving.knative.dev timeoutSeconds: 10 + rules: + - apiGroups: + - autoscaling.internal.knative.dev + - networking.internal.knative.dev + - serving.knative.dev + apiVersions: + - "*" + operations: + - CREATE + - UPDATE + - DELETE + scope: "*" + resources: + - metrics + - podautoscalers + - certificates + - ingresses + - serverlessservices + - configurations + - revisions + - routes + - services --- apiVersion: v1 kind: Secret @@ -2208,6 +5260,8 @@ metadata: name: webhook-certs namespace: knative-serving labels: - serving.knative.dev/release: "v0.22.1" ---- - + app.kubernetes.io/component: webhook + app.kubernetes.io/name: knative-serving + app.kubernetes.io/version: "1.2.5" + serving.knative.dev/release: "v1.2.5" +--- \ No newline at end of file diff --git a/contrib/kserve/kserve/kserve-runtimes.yaml b/contrib/kserve/kserve/kserve-runtimes.yaml new file mode 100644 index 0000000000..0da06f38bf --- /dev/null +++ b/contrib/kserve/kserve/kserve-runtimes.yaml @@ -0,0 +1,256 @@ +apiVersion: serving.kserve.io/v1alpha1 +kind: ClusterServingRuntime +metadata: + name: kserve-lgbserver +spec: + containers: + - args: + - --model_name={{.Name}} + - --model_dir=/mnt/models + - --http_port=8080 + - --nthread=1 + image: kserve/lgbserver:v0.8.0 + name: kserve-container + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 2Gi + supportedModelFormats: + - autoSelect: true + name: lightgbm + version: "2" +--- +apiVersion: serving.kserve.io/v1alpha1 +kind: ClusterServingRuntime +metadata: + name: kserve-mlserver +spec: + containers: + - env: + - name: MLSERVER_MODEL_IMPLEMENTATION + value: '{{.Labels.modelClass}}' + - name: MLSERVER_HTTP_PORT + value: "8080" + - name: MLSERVER_GRPC_PORT + value: "9000" + - name: MODELS_DIR + value: /mnt/models + image: docker.io/seldonio/mlserver:0.5.3 + name: kserve-container + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 2Gi + supportedModelFormats: + - name: sklearn + version: "0" + - name: xgboost + version: "1" + - name: lightgbm + version: "3" + - autoSelect: true + name: mlflow + version: "1" +--- +apiVersion: serving.kserve.io/v1alpha1 +kind: ClusterServingRuntime +metadata: + name: kserve-paddleserver +spec: + containers: + - args: + - --model_name={{.Name}} + - --model_dir=/mnt/models + - --http_port=8080 + image: kserve/paddleserver:v0.8.0 + name: kserve-container + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 2Gi + supportedModelFormats: + - autoSelect: true + name: paddle + version: "2" +--- +apiVersion: serving.kserve.io/v1alpha1 +kind: ClusterServingRuntime +metadata: + name: kserve-pmmlserver +spec: + containers: + - args: + - --model_name={{.Name}} + - --model_dir=/mnt/models + - --http_port=8080 + image: kserve/pmmlserver:v0.8.0 + name: kserve-container + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 2Gi + supportedModelFormats: + - autoSelect: true + name: pmml + version: "3" + - autoSelect: true + name: pmml + version: "4" +--- +apiVersion: serving.kserve.io/v1alpha1 +kind: ClusterServingRuntime +metadata: + name: kserve-sklearnserver +spec: + containers: + - args: + - --model_name={{.Name}} + - --model_dir=/mnt/models + - --http_port=8080 + image: kserve/sklearnserver:v0.8.0 + name: kserve-container + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 2Gi + supportedModelFormats: + - autoSelect: true + name: sklearn + version: "1" +--- +apiVersion: serving.kserve.io/v1alpha1 +kind: ClusterServingRuntime +metadata: + name: kserve-tensorflow-serving +spec: + containers: + - args: + - --model_name={{.Name}} + - --port=9000 + - --rest_api_port=8080 + - --model_base_path=/mnt/models + - --rest_api_timeout_in_ms=60000 + command: + - /usr/bin/tensorflow_model_server + image: tensorflow/serving:2.6.2 + name: kserve-container + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 2Gi + supportedModelFormats: + - autoSelect: true + name: tensorflow + version: "1" + - autoSelect: true + name: tensorflow + version: "2" +--- +apiVersion: serving.kserve.io/v1alpha1 +kind: ClusterServingRuntime +metadata: + name: kserve-torchserve +spec: + containers: + - args: + - torchserve + - --start + - --model-store=/mnt/models/model-store + - --ts-config=/mnt/models/config/config.properties + env: + - name: TS_SERVICE_ENVELOPE + value: '{{.Labels.serviceEnvelope}}' + image: kserve/torchserve-kfs:0.5.3 + name: kserve-container + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 2Gi + supportedModelFormats: + - autoSelect: true + name: pytorch + version: "1" +--- +apiVersion: serving.kserve.io/v1alpha1 +kind: ClusterServingRuntime +metadata: + name: kserve-tritonserver +spec: + containers: + - args: + - tritonserver + - --model-store=/mnt/models + - --grpc-port=9000 + - --http-port=8080 + - --allow-grpc=true + - --allow-http=true + image: nvcr.io/nvidia/tritonserver:21.09-py3 + name: kserve-container + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 2Gi + supportedModelFormats: + - name: tensorrt + version: "8" + - name: tensorflow + version: "1" + - name: tensorflow + version: "2" + - autoSelect: true + name: onnx + version: "1" + - name: pytorch + version: "1" + - autoSelect: true + name: triton + version: "2" +--- +apiVersion: serving.kserve.io/v1alpha1 +kind: ClusterServingRuntime +metadata: + name: kserve-xgbserver +spec: + containers: + - args: + - --model_name={{.Name}} + - --model_dir=/mnt/models + - --http_port=8080 + - --nthread=1 + image: kserve/xgbserver:v0.8.0 + name: kserve-container + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 2Gi + supportedModelFormats: + - autoSelect: true + name: xgboost + version: "1" diff --git a/contrib/kserve/kserve/kserve.yaml b/contrib/kserve/kserve/kserve.yaml index c97a93a757..e182d34d70 100644 --- a/contrib/kserve/kserve/kserve.yaml +++ b/contrib/kserve/kserve/kserve.yaml @@ -11,55 +11,32 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cert-manager.io/inject-ca-from: kserve/serving-cert controller-gen.kubebuilder.io/version: v0.4.0 - name: inferenceservices.serving.kserve.io + creationTimestamp: null + name: clusterservingruntimes.serving.kserve.io spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - caBundle: Cg== - service: - name: kserve-webhook-server-service - namespace: kserve - path: /convert - conversionReviewVersions: - - v1beta1 group: serving.kserve.io names: - kind: InferenceService - listKind: InferenceServiceList - plural: inferenceservices - shortNames: - - isvc - singular: inferenceservice - preserveUnknownFields: false - scope: Namespaced + kind: ClusterServingRuntime + listKind: ClusterServingRuntimeList + plural: clusterservingruntimes + singular: clusterservingruntime + scope: Cluster versions: - additionalPrinterColumns: - - jsonPath: .status.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.components.predictor.traffic[?(@.tag=='prev')].percent - name: Prev - type: integer - - jsonPath: .status.components.predictor.traffic[?(@.latestRevision==true)].percent - name: Latest - type: integer - - jsonPath: .status.components.predictor.traffic[?(@.tag=='prev')].revisionName - name: PrevRolledoutRevision + - jsonPath: .spec.disabled + name: Disabled + type: boolean + - jsonPath: .spec.supportedModelFormats[*].name + name: ModelType type: string - - jsonPath: .status.components.predictor.traffic[?(@.latestRevision==true)].revisionName - name: LatestReadyRevision + - jsonPath: .spec.containers[*].name + name: Containers type: string - jsonPath: .metadata.creationTimestamp name: Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -71,19 +48,107 @@ spec: type: object spec: properties: - explainer: + affinity: properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: + nodeAffinity: properties: - nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: properties: - preferredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: items: properties: - preference: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: properties: matchExpressions: items: @@ -101,7 +166,14 @@ spec: - operator type: object type: array - matchFields: + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: items: properties: key: @@ -117,19 +189,96 @@ spec: - operator type: object type: array + matchLabels: + additionalProperties: + type: string + type: object type: object - weight: - format: int32 - type: integer + namespaces: + items: + type: string + type: array + topologyKey: + type: string required: - - preference - - weight + - topologyKey type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: properties: matchExpressions: items: @@ -147,7 +296,14 @@ spec: - operator type: object type: array - matchFields: + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: items: properties: key: @@ -163,84 +319,10 @@ spec: - operator type: object type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: + matchLabels: + additionalProperties: type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object + type: object type: object namespaces: items: @@ -251,681 +333,1413 @@ spec: required: - topologyKey type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: + matchExpressions: + items: + properties: + key: type: string - type: array - topologyKey: - type: string - required: - - topologyKey + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: + namespaceSelector: properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: + matchExpressions: items: - type: string + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - aix: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - config: - additionalProperties: - type: string - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key + matchLabels: + additionalProperties: + type: string type: object type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: + namespaces: + items: + type: string + type: array + topologyKey: type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object + required: + - topologyKey type: object type: array - image: + type: object + type: object + builtInAdapter: + properties: + memBufferBytes: + type: integer + modelLoadingTimeoutMillis: + type: integer + runtimeManagementPort: + type: integer + serverType: + enum: + - triton + - mlserver + type: string + type: object + containers: + items: + properties: + args: + items: type: string - imagePullPolicy: + type: array + command: + items: type: string - lifecycle: + type: array + env: + items: properties: - postStart: + name: + type: string + value: + type: string + valueFrom: properties: - exec: + configMapKeyRef: properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: + key: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: + name: type: string + optional: + type: boolean required: - - port + - key type: object - tcpSocket: + fieldRef: properties: - host: + apiVersion: + type: string + fieldPath: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array + - fieldPath type: object - httpGet: + resourceFieldRef: properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: + containerName: type: string - port: + divisor: anyOf: - type: integer - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - scheme: + resource: type: string required: - - port + - resource type: object - tcpSocket: + secretKeyRef: properties: - host: + key: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true + name: + type: string + optional: + type: boolean required: - - port + - key type: object type: object + required: + - name type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: + type: array + image: + type: string + imagePullPolicy: + type: string + livenessProbe: + properties: + exec: + properties: + command: + items: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: + host: type: string - protocol: - default: TCP + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: + port: anyOf: - type: integer - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: anyOf: - type: integer - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - storageUri: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - type: - type: string - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string required: - - devicePath - - name + - port type: object - type: array - volumeMounts: - items: + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + readinessProbe: + properties: + exec: properties: - mountPath: - type: string - mountPropagation: - type: string - name: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: type: string - readOnly: - type: boolean - subPath: + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: type: string - subPathExpr: + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string required: - - mountPath - - name + - port type: object - type: array - workingDir: - type: string - type: object - alibi: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - config: - additionalProperties: - type: string - type: object - env: - items: + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: properties: - name: - type: string - value: + host: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + workingDir: + type: string + type: object + type: array + disabled: + type: boolean + grpcDataEndpoint: + type: string + grpcEndpoint: + type: string + httpDataEndpoint: + type: string + multiModel: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + type: integer + storageHelper: + properties: + disabled: + type: boolean + type: object + supportedModelFormats: + items: + properties: + autoSelect: + type: boolean + name: + type: string + version: + type: string + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + required: + - containers + type: object + status: + type: object + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: kserve/serving-cert + controller-gen.kubebuilder.io/version: v0.4.0 + name: inferenceservices.serving.kserve.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: kserve-webhook-server-service + namespace: kserve + path: /convert + conversionReviewVersions: + - v1beta1 + group: serving.kserve.io + names: + kind: InferenceService + listKind: InferenceServiceList + plural: inferenceservices + shortNames: + - isvc + singular: inferenceservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.components.predictor.traffic[?(@.tag=='prev')].percent + name: Prev + type: integer + - jsonPath: .status.components.predictor.traffic[?(@.latestRevision==true)].percent + name: Latest + type: integer + - jsonPath: .status.components.predictor.traffic[?(@.tag=='prev')].revisionName + name: PrevRolledoutRevision + type: string + - jsonPath: .status.components.predictor.traffic[?(@.latestRevision==true)].revisionName + name: LatestReadyRevision + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + explainer: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + aix: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + config: + additionalProperties: + type: string + type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + storageUri: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + type: + type: string + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + type: object + alibi: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + config: + additionalProperties: + type: string + type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: properties: containerName: type: string @@ -1141,6 +1955,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1228,6 +2045,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1308,6 +2128,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -1373,6 +2195,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1628,7 +2453,243 @@ spec: type: object type: object type: object - livenessProbe: + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: properties: exec: properties: @@ -1647,1185 +2708,1495 @@ spec: httpHeaders: items: properties: - name: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + storageUri: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + type: + type: string + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + type: object + automountServiceAccountToken: + type: boolean + batcher: + properties: + maxBatchSize: + type: integer + maxLatency: + type: integer + timeout: + type: integer + type: object + canaryTrafficPercent: + format: int64 + type: integer + containerConcurrency: + format: int64 + type: integer + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: type: string - value: + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string required: - - name - - value + - port type: object - type: array - path: + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: + hostPort: + format: int32 + type: integer + name: type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: + protocol: + default: TCP type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true + required: + - containerPort type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: properties: - containerPort: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: format: int32 type: integer - hostIP: - type: string - hostPort: + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: format: int32 type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: anyOf: - type: integer - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: + type: object + requests: + additionalProperties: anyOf: - type: integer - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: type: string - type: array - drop: - items: + role: type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: properties: - localhostProfile: + devicePath: type: string - type: + name: type: string required: - - type + - devicePath + - name type: object - windowsOptions: + type: array + volumeMounts: + items: properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: + mountPath: type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: + mountPropagation: type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: + name: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: + readOnly: + type: boolean + subPath: type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: + subPathExpr: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true required: - - port + - mountPath + - name type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - storageUri: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - type: - type: string - volumeDevices: + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: items: properties: - devicePath: - type: string name: type: string - required: - - devicePath - - name + value: + type: string type: object type: array - volumeMounts: + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + logger: + properties: + mode: + enum: + - all + - request + - response + type: string + url: + type: string + type: object + maxReplicas: + type: integer + minReplicas: + type: integer + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: items: properties: - mountPath: - type: string - mountPropagation: - type: string name: type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: + value: type: string required: - - mountPath - name + - value type: object type: array - workingDir: - type: string + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object type: object - automountServiceAccountToken: + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: type: boolean - batcher: - properties: - maxBatchSize: - type: integer - maxLatency: - type: integer - timeout: - type: integer - type: object - canaryTrafficPercent: + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: format: int64 type: integer - containerConcurrency: + timeout: format: int64 type: integer - containers: + tolerations: items: properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: properties: - exec: - properties: - command: - items: + matchExpressions: + items: + properties: + key: type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string type: object - timeoutSeconds: - format: int32 - type: integer type: object - name: + maxSkew: + format: int32 + type: integer + topologyKey: type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: + fsType: + type: string + partition: format: int32 type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID type: object - resources: + azureDisk: properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string type: object + user: + type: string + required: + - monitors type: object - securityContext: + cinder: properties: - allowPrivilegeEscalation: + fsType: + type: string + readOnly: type: boolean - capabilities: + secretRef: properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array + name: + type: string type: object - privileged: - type: boolean - procMount: + volumeID: type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 type: integer - runAsNonRoot: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: properties: - localhostProfile: - type: string - type: + name: type: string - required: - - type type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string type: object + required: + - driver type: object - startupProbe: + downwardAPI: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: + defaultMode: format: int32 type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: + items: + items: + properties: + fieldRef: properties: - name: + apiVersion: type: string - value: + fieldPath: type: string required: - - name - - value + - fieldPath type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object required: - - port + - spec type: object - timeoutSeconds: + type: object + fc: + properties: + fsType: + type: string + lun: format: int32 type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: + readOnly: + type: boolean + targetWWNs: + items: type: string - subPathExpr: + type: array + wwids: + items: type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: + type: array + type: object + flexVolume: properties: - name: + driver: type: string - value: + fsType: type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - logger: - properties: - mode: - enum: - - all - - request - - response - type: string - url: - type: string - type: object - maxReplicas: - type: integer - minReplicas: - type: integer - nodeName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - preemptionPolicy: - type: string - priority: - format: int32 - type: integer - priorityClassName: - type: string - readinessGates: - items: - properties: - conditionType: - type: string - required: - - conditionType - type: object - type: array - restartPolicy: - type: string - runtimeClassName: - type: string - schedulerName: - type: string - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: properties: - name: + fsType: type: string - value: + partition: + format: int32 + type: integer + pdName: type: string + readOnly: + type: boolean required: - - name - - value + - pdName type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - serviceAccount: - type: string - serviceAccountName: - type: string - setHostnameAsFQDN: - type: boolean - shareProcessNamespace: - type: boolean - subdomain: - type: string - terminationGracePeriodSeconds: - format: int64 - type: integer - timeout: - format: int64 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: type: string - type: object - type: array - topologySpreadConstraints: - items: - properties: - labelSelector: + nfs: properties: - matchExpressions: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: items: properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object type: object type: array - matchLabels: - additionalProperties: - type: string - type: object type: object - maxSkew: - format: int32 - type: integer - topologyKey: - type: string - whenUnsatisfiable: - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: + quobyte: properties: - fsType: + group: type: string - partition: - format: int32 - type: integer readOnly: type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: + registry: type: string - diskURI: + tenant: type: string - fsType: + user: type: string - kind: + volume: type: string - readOnly: - type: boolean required: - - diskName - - diskURI + - registry + - volume type: object - azureFile: + rbd: properties: - readOnly: - type: boolean - secretName: + fsType: type: string - shareName: + image: + type: string + keyring: type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: monitors: items: type: string type: array - path: + pool: type: string readOnly: type: boolean - secretFile: - type: string secretRef: properties: name: @@ -2834,12 +4205,17 @@ spec: user: type: string required: + - image - monitors type: object - cinder: + scaleIO: properties: fsType: type: string + gateway: + type: string + protectionDomain: + type: string readOnly: type: boolean secretRef: @@ -2847,12 +4223,22 @@ spec: name: type: string type: object - volumeID: + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: type: string required: - - volumeID + - gateway + - secretRef + - system type: object - configMap: + secret: properties: defaultMode: format: int32 @@ -2872,130 +4258,304 @@ spec: - path type: object type: array - name: - type: string optional: type: boolean + secretName: + type: string type: object - csi: + storageos: properties: - driver: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: type: string + type: object + vsphereVolume: + properties: fsType: type: string - nodePublishSecretRef: + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + predictor: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer + type: array + requiredDuringSchedulingIgnoredDuringExecution: items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - readOnly: - type: boolean - volumeClaimTemplate: properties: - metadata: - type: object - spec: + labelSelector: properties: - accessModes: + matchExpressions: items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name + matchLabels: + additionalProperties: + type: string type: object - resources: + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true + type: string type: object type: object - selector: + namespaceSelector: properties: matchExpressions: items: @@ -3018,1305 +4578,1271 @@ spec: type: string type: object type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: + namespaces: + items: + type: string + type: array + topologyKey: type: string + required: + - topologyKey type: object + weight: + format: int32 + type: integer required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string + - podAffinityTerm + - weight type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: properties: - name: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: type: string + required: + - topologyKey type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + batcher: + properties: + maxBatchSize: + type: integer + maxLatency: + type: integer + timeout: + type: integer + type: object + canaryTrafficPercent: + format: int64 + type: integer + containerConcurrency: + format: int64 + type: integer + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: properties: - configMap: + configMapKeyRef: properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array + key: + type: string name: type: string optional: type: boolean + required: + - key type: object - downwardAPI: + fieldRef: properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath type: object - secret: + resourceFieldRef: properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: + containerName: type: string - optional: - type: boolean + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource type: object - serviceAccountToken: + secretKeyRef: properties: - audience: + key: type: string - expirationSeconds: - format: int64 - type: integer - path: + name: type: string + optional: + type: boolean required: - - path + - key type: object type: object - type: array - required: - - sources - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: - type: string - required: - - image - - monitors - type: object - scaleIO: - properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - predictor: - properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + postStart: properties: - preference: + exec: properties: - matchExpressions: + command: items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object + type: string type: array - matchFields: + type: object + httpGet: + properties: + host: + type: string + httpHeaders: items: properties: - key: + name: type: string - operator: + value: type: string - values: - items: - type: string - type: array required: - - key - - operator + - name + - value type: object type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port type: object - weight: - format: int32 - type: integer - required: - - preference - - weight type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: + preStop: + properties: + exec: properties: - matchExpressions: + command: items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object + type: string type: array - matchFields: + type: object + httpGet: + properties: + host: + type: string + httpHeaders: items: properties: - key: + name: type: string - operator: + value: type: string - values: - items: - type: string - type: array required: - - key - - operator + - name + - value type: object type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port type: object - type: array + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string required: - - nodeSelectorTerms + - containerPort type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true required: - - podAffinityTerm - - weight + - port type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: + add: items: type: string type: array - topologyKey: + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: type: string - required: - - topologyKey type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + seccompProfile: properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer + localhostProfile: + type: string + type: + type: string required: - - podAffinityTerm - - weight + - type type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: + windowsOptions: properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: items: type: string type: array - topologyKey: - type: string - required: - - topologyKey type: object - type: array - type: object - type: object - automountServiceAccountToken: - type: boolean - batcher: - properties: - maxBatchSize: - type: integer - maxLatency: - type: integer - timeout: - type: integer - type: object - canaryTrafficPercent: - format: int64 - type: integer - containerConcurrency: - format: int64 - type: integer - containers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: properties: - key: - type: string name: type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: + value: type: string - optional: - type: boolean required: - - key + - name + - value type: object - type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string required: + - devicePath - name type: object type: array - envFrom: + volumeMounts: items: properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: + mountPath: type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name type: object type: array - image: + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: + items: + properties: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: type: string - imagePullPolicy: + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: type: string - lifecycle: + type: object + type: array + lightgbm: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: properties: - postStart: + name: + type: string + value: + type: string + valueFrom: properties: - exec: + configMapKeyRef: properties: - command: - items: - type: string - type: array + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key type: object - httpGet: + fieldRef: properties: - host: + apiVersion: type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: + fieldPath: type: string - port: + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: anyOf: - type: integer - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - scheme: + resource: type: string required: - - port + - resource type: object - tcpSocket: + secretKeyRef: properties: - host: + key: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true + name: + type: string + optional: + type: boolean required: - - port + - key type: object type: object - preStop: + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: + name: type: string - required: - - port - type: object - tcpSocket: - properties: - host: + value: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true required: - - port + - name + - value type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: + type: array + path: type: string - hostPort: - format: int32 - type: integer - name: + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string - protocol: - default: TCP + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: type: string - required: - - containerPort + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: + containerPort: format: int32 type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: + hostIP: + type: string + hostPort: format: int32 type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort type: object - resources: - properties: - limits: - additionalProperties: + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + protocolVersion: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: anyOf: - type: integer - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: anyOf: - type: integer - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: + type: array + drop: + items: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: properties: - devicePath: + level: type: string - name: + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: type: string required: - - devicePath - - name + - type type: object - type: array - volumeMounts: - items: + windowsOptions: properties: - mountPath: - type: string - mountPropagation: + gmsaCredentialSpec: type: string - name: + gmsaCredentialSpecName: type: string - readOnly: + hostProcess: type: boolean - subPath: + runAsUserName: type: string - subPathExpr: + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string required: - - mountPath - - name + - port type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - dnsConfig: - properties: - nameservers: + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + storageUri: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: items: - type: string + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object type: array - options: + volumeMounts: items: properties: + mountPath: + type: string + mountPropagation: + type: string name: type: string - value: + readOnly: + type: boolean + subPath: + type: string + subPathExpr: type: string + required: + - mountPath + - name type: object type: array - searches: - items: - type: string - type: array + workingDir: + type: string type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - lightgbm: + logger: + properties: + mode: + enum: + - all + - request + - response + type: string + url: + type: string + type: object + maxReplicas: + type: integer + minReplicas: + type: integer + model: properties: args: items: @@ -4571,10 +6097,22 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object + modelFormat: + properties: + name: + type: string + version: + type: string + required: + - name + type: object name: type: string ports: @@ -4660,6 +6198,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -4683,6 +6224,8 @@ spec: x-kubernetes-int-or-string: true type: object type: object + runtime: + type: string runtimeVersion: type: string securityContext: @@ -4740,6 +6283,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -4805,6 +6350,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -4856,21 +6404,6 @@ spec: workingDir: type: string type: object - logger: - properties: - mode: - enum: - - all - - request - - response - type: string - url: - type: string - type: object - maxReplicas: - type: integer - minReplicas: - type: integer nodeName: type: string nodeSelector: @@ -5132,6 +6665,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -5221,6 +6757,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -5301,6 +6840,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -5366,6 +6907,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -5680,6 +7224,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -5769,6 +7316,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -5849,6 +7399,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -5914,6 +7466,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6220,6 +7775,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6309,6 +7867,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6389,6 +7950,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -6454,6 +8017,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6767,12 +8333,13 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object - modelClassName: - type: string name: type: string ports: @@ -6858,6 +8425,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6938,6 +8508,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -7003,6 +8575,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -7127,6 +8702,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -7394,6 +8971,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -7483,6 +9063,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -7563,6 +9146,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -7628,6 +9213,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -7936,6 +9524,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8025,6 +9616,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8105,6 +9699,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -8170,6 +9766,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8541,6 +10140,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8630,6 +10232,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8710,6 +10315,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -8775,6 +10382,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -9011,8 +10621,6 @@ spec: type: object ephemeral: properties: - readOnly: - type: boolean volumeClaimTemplate: properties: metadata: @@ -9035,6 +10643,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -9362,8 +10982,6 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: properties: @@ -9645,58 +11263,296 @@ spec: - port type: object type: object - preStop: + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + protocolVersion: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string type: object type: object - livenessProbe: + startupProbe: properties: exec: properties: @@ -9733,6 +11589,8 @@ spec: x-kubernetes-int-or-string: true scheme: type: string + required: + - port type: object initialDelaySeconds: format: int32 @@ -9752,1647 +11610,1812 @@ spec: - type: integer - type: string x-kubernetes-int-or-string: true + required: + - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object - name: + stdin: + type: boolean + stdinOnce: + type: boolean + storageUri: type: string - ports: + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: items: properties: - containerPort: - format: int32 - type: integer - hostIP: + devicePath: type: string - hostPort: - format: int32 - type: integer name: type: string - protocol: - default: TCP + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: type: string required: - - containerPort + - mountPath + - name type: object type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - protocolVersion: + workingDir: type: string - readinessProbe: + type: object + type: object + transformer: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: properties: - host: - type: string - httpHeaders: + nodeSelectorTerms: items: properties: - name: - type: string - value: - type: string - required: - - name - - value + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array type: object type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true + required: + - nodeSelectorTerms type: object - timeoutSeconds: - format: int32 - type: integer type: object - resources: + podAffinity: properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array type: object - runtimeVersion: - type: string - securityContext: + podAntiAffinity: properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: type: string - type: array - type: object - privileged: - type: boolean - procMount: + required: + - topologyKey + type: object + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + batcher: + properties: + maxBatchSize: + type: integer + maxLatency: + type: integer + timeout: + type: integer + type: object + canaryTrafficPercent: + format: int64 + type: integer + containerConcurrency: + format: int64 + type: integer + containers: + items: + properties: + args: + items: type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: + type: array + command: + items: + type: string + type: array + env: + items: properties: - localhostProfile: + name: type: string - type: + value: type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object required: - - type + - name type: object - windowsOptions: + type: array + envFrom: + items: properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: properties: - name: + host: type: string - value: + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string required: - - name - - value + - port type: object - type: array - path: + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP type: string required: - - port + - containerPort type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: anyOf: - type: integer - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - storageUri: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object type: object - type: array - volumeMounts: - items: + securityContext: properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: + allowPrivilegeEscalation: type: boolean - subPath: - type: string - subPathExpr: + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - type: object - type: object - transformer: - properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer - required: - - preference - - weight + level: + type: string + role: + type: string + type: + type: string + user: + type: string type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + seccompProfile: properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer + localhostProfile: + type: string + type: + type: string required: - - podAffinityTerm - - weight + - type type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: + command: items: type: string type: array - topologyKey: - type: string - required: - - topologyKey type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + failureThreshold: + format: int32 + type: integer + httpGet: properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: + host: + type: string + httpHeaders: + items: + properties: + name: type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string required: - - podAffinityTerm - - weight + - port type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: + host: type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true required: - - topologyKey + - port type: object - type: array - type: object - type: object - automountServiceAccountToken: - type: boolean - batcher: - properties: - maxBatchSize: - type: integer - maxLatency: - type: integer - timeout: - type: integer - type: object - canaryTrafficPercent: - format: int64 - type: integer - containerConcurrency: - format: int64 - type: integer - containers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: items: properties: - name: + devicePath: type: string - value: + name: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object required: + - devicePath - name type: object type: array - envFrom: + volumeMounts: items: properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: + mountPath: type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name type: object type: array - image: + workingDir: type: string - imagePullPolicy: + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: type: string - lifecycle: + type: array + options: + items: properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object + name: + type: string + value: + type: string type: object - livenessProbe: + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + logger: + properties: + mode: + enum: + - all + - request + - response + type: string + url: + type: string + type: object + maxReplicas: + type: integer + minReplicas: + type: integer + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: + items: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer + name: + type: string + value: + type: string + required: + - name + - value type: object - name: + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + timeout: + format: int64 + type: integer + tolerations: + items: + properties: + effect: type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: properties: - exec: - properties: - command: - items: + matchExpressions: + items: + properties: + key: type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string type: object - timeoutSeconds: + type: object + maxSkew: + format: int32 + type: integer + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: format: int32 type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID type: object - resources: + azureDisk: properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI type: object - securityContext: + azureFile: properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: + readOnly: type: boolean - procMount: + secretName: type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: + secretFile: + type: string + secretRef: properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: + name: type: string type: object + user: + type: string + required: + - monitors type: object - startupProbe: + cinder: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: + fsType: + type: string + readOnly: + type: boolean + secretRef: properties: - host: + name: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port type: object - timeoutSeconds: - format: int32 - type: integer + volumeID: + type: string + required: + - volumeID type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: - type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: + configMap: properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array name: type: string - value: - type: string + optional: + type: boolean type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - logger: - properties: - mode: - enum: - - all - - request - - response - type: string - url: - type: string - type: object - maxReplicas: - type: integer - minReplicas: - type: integer - nodeName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - preemptionPolicy: - type: string - priority: - format: int32 - type: integer - priorityClassName: - type: string - readinessGates: - items: - properties: - conditionType: - type: string - required: - - conditionType - type: object - type: array - restartPolicy: - type: string - runtimeClassName: - type: string - schedulerName: - type: string - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: + csi: properties: - name: + driver: type: string - value: + fsType: type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object required: - - name - - value + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - serviceAccount: - type: string - serviceAccountName: - type: string - setHostnameAsFQDN: - type: boolean - shareProcessNamespace: - type: boolean - subdomain: - type: string - terminationGracePeriodSeconds: - format: int64 - type: integer - timeout: - format: int64 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - topologySpreadConstraints: - items: - properties: - labelSelector: + fc: properties: - matchExpressions: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object + type: string type: array - matchLabels: + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: additionalProperties: type: string type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver type: object - maxSkew: - format: int32 - type: integer - topologyKey: - type: string - whenUnsatisfiable: - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: properties: fsType: type: string partition: format: int32 type: integer + pdName: + type: string readOnly: type: boolean - volumeID: - type: string required: - - volumeID + - pdName type: object - azureDisk: + gitRepo: properties: - cachingMode: + directory: type: string - diskName: + repository: type: string - diskURI: + revision: type: string - fsType: + required: + - repository + type: object + glusterfs: + properties: + endpoints: type: string - kind: + path: type: string readOnly: type: boolean required: - - diskName - - diskURI + - endpoints + - path type: object - azureFile: + hostPath: properties: - readOnly: - type: boolean - secretName: + path: type: string - shareName: + type: type: string required: - - secretName - - shareName + - path type: object - cephfs: + iscsi: properties: - monitors: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: items: type: string type: array - path: - type: string readOnly: type: boolean - secretFile: - type: string secretRef: properties: name: type: string type: object - user: + targetPortal: type: string required: - - monitors + - iqn + - lun + - targetPortal type: object - cinder: + name: + type: string + nfs: properties: - fsType: + path: type: string readOnly: type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: + server: type: string required: - - volumeID + - path + - server type: object - configMap: + persistentVolumeClaim: properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: + claimName: type: string - optional: + readOnly: type: boolean + required: + - claimName type: object - csi: + photonPersistentDisk: properties: - driver: + fsType: + type: string + pdID: type: string + required: + - pdID + type: object + portworxVolume: + properties: fsType: type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object readOnly: type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object + volumeID: + type: string required: - - driver + - volumeID type: object - downwardAPI: + projected: properties: defaultMode: format: int32 type: integer - items: + sources: items: properties: - fieldRef: + configMap: properties: - apiVersion: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: type: string - fieldPath: + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: type: string - required: - - fieldPath + optional: + type: boolean type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: + serviceAccountToken: properties: - containerName: + audience: type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: + expirationSeconds: + format: int64 + type: integer + path: type: string required: - - resource + - path type: object - required: - - path type: object type: array type: object - emptyDir: + quobyte: properties: - medium: + group: type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: readOnly: type: boolean - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume type: object - fc: + rbd: properties: fsType: type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: + image: + type: string + keyring: + type: string + monitors: items: type: string type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: + pool: type: string - options: - additionalProperties: - type: string - type: object readOnly: type: boolean secretRef: @@ -11400,466 +13423,896 @@ spec: name: type: string type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: + user: type: string + required: + - image + - monitors type: object - gcePersistentDisk: + scaleIO: properties: fsType: type: string - partition: - format: int32 - type: integer - pdName: + gateway: + type: string + protectionDomain: type: string readOnly: type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: + secretRef: + properties: + name: + type: string + type: object + sslEnabled: + type: boolean + storageMode: type: string - repository: + storagePool: type: string - revision: + system: + type: string + volumeName: type: string required: - - repository + - gateway + - secretRef + - system type: object - glusterfs: + secret: properties: - endpoints: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: type: string - path: + type: object + storageos: + properties: + fsType: type: string readOnly: type: boolean - required: - - endpoints - - path + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: + type: string type: object - hostPath: + vsphereVolume: properties: - path: + fsType: type: string - type: + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: type: string required: - - path + - volumePath type: object - iscsi: + required: + - name + type: object + type: array + type: object + required: + - predictor + type: object + status: + properties: + address: + properties: + url: + type: string + type: object + annotations: + additionalProperties: + type: string + type: object + components: + additionalProperties: + properties: + address: + properties: + url: + type: string + type: object + latestCreatedRevision: + type: string + latestReadyRevision: + type: string + latestRolledoutRevision: + type: string + previousRolledoutRevision: + type: string + traffic: + items: + properties: + configurationName: + type: string + latestRevision: + type: boolean + percent: + format: int64 + type: integer + revisionName: + type: string + tag: + type: string + url: + type: string + type: object + type: array + url: + type: string + type: object + type: object + conditions: + items: + properties: + lastTransitionTime: + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + format: int64 + type: integer + url: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + name: servingruntimes.serving.kserve.io +spec: + group: serving.kserve.io + names: + kind: ServingRuntime + listKind: ServingRuntimeList + plural: servingruntimes + singular: servingruntime + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.disabled + name: Disabled + type: boolean + - jsonPath: .spec.supportedModelFormats[*].name + name: ModelType + type: string + - jsonPath: .spec.containers[*].name + name: Containers + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: + preference: properties: - name: - type: string + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: + weight: format: int32 type: integer - sources: - items: - properties: - configMap: + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: properties: - items: + key: + type: string + operator: + type: string + values: items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object + type: string type: array - name: - type: string - optional: - type: boolean + required: + - key + - operator type: object - downwardAPI: + type: array + matchFields: + items: properties: - items: + key: + type: string + operator: + type: string + values: items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string type: array + required: + - key + - operator type: object - secret: + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: properties: - items: + key: + type: string + operator: + type: string + values: items: - properties: - key: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - mode: - format: int32 - type: integer - path: + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - required: - - key - - path - type: object - type: array - name: + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: type: string - optional: - type: boolean + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator type: object - serviceAccountToken: + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: properties: - audience: + key: type: string - expirationSeconds: - format: int64 - type: integer - path: + operator: type: string + values: + items: + type: string + type: array required: - - path + - key + - operator type: object - type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string type: array + topologyKey: + type: string required: - - sources + - topologyKey type: object - quobyte: + type: array + type: object + type: object + builtInAdapter: + properties: + memBufferBytes: + type: integer + modelLoadingTimeoutMillis: + type: integer + runtimeManagementPort: + type: integer + serverType: + enum: + - triton + - mlserver + type: string + type: object + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + livenessProbe: + properties: + exec: properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume + command: + items: + type: string + type: array type: object - rbd: + failureThreshold: + format: int32 + type: integer + httpGet: properties: - fsType: - type: string - image: - type: string - keyring: + host: type: string - monitors: + httpHeaders: items: - type: string + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object type: array - pool: + path: type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string required: - - image - - monitors + - port type: object - scaleIO: + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: + host: type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true required: - - gateway - - secretRef - - system + - port type: object - secret: + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + readinessProbe: + properties: + exec: properties: - defaultMode: - format: int32 - type: integer - items: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: items: properties: - key: + name: type: string - mode: - format: int32 - type: integer - path: + value: type: string required: - - key - - path + - name + - value type: object type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: + path: type: string - volumeNamespace: + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string + required: + - port type: object - vsphereVolume: + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: + host: type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true required: - - volumePath + - port type: object - required: - - name + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer type: object - type: array - type: object - required: - - predictor - type: object - status: - properties: - address: - properties: - url: - type: string - type: object - annotations: - additionalProperties: - type: string - type: object - components: - additionalProperties: - properties: - address: + resources: properties: - url: - type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object type: object - latestCreatedRevision: - type: string - latestReadyRevision: - type: string - latestRolledoutRevision: - type: string - previousRolledoutRevision: - type: string - traffic: - items: - properties: - configurationName: - type: string - latestRevision: - type: boolean - percent: - format: int64 - type: integer - revisionName: - type: string - tag: - type: string - url: - type: string - type: object - type: array - url: + workingDir: type: string type: object + type: array + disabled: + type: boolean + grpcDataEndpoint: + type: string + grpcEndpoint: + type: string + httpDataEndpoint: + type: string + multiModel: + type: boolean + nodeSelector: + additionalProperties: + type: string type: object - conditions: + replicas: + type: integer + storageHelper: + properties: + disabled: + type: boolean + type: object + supportedModelFormats: items: properties: - lastTransitionTime: + autoSelect: + type: boolean + name: type: string - message: + version: type: string - reason: + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: type: string - severity: + key: type: string - status: + operator: type: string - type: + tolerationSeconds: + format: int64 + type: integer + value: type: string - required: - - status - - type type: object type: array - observedGeneration: - format: int64 - type: integer - url: - type: string + required: + - containers + type: object + status: type: object - x-kubernetes-preserve-unknown-fields: true type: object served: true storage: true - subresources: - status: {} + subresources: {} status: acceptedNames: kind: "" @@ -11979,10 +14432,20 @@ status: conditions: [] storedVersions: [] --- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: kserve-controller-manager + app.kubernetes.io/managed-by: kserve-controller-manager + app.kubernetes.io/name: kserve-controller-manager + name: kserve-controller-manager + namespace: kserve +--- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: - name: leader-election-role + name: kserve-leader-election-role namespace: kserve rules: - apiGroups: @@ -12193,6 +14656,27 @@ rules: - get - patch - update +- apiGroups: + - serving.kserve.io + resources: + - clusterservingruntimes + - clusterservingruntimes/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - serving.kserve.io + resources: + - clusterservingruntimes/status + verbs: + - get + - patch + - update - apiGroups: - serving.kserve.io resources: @@ -12214,6 +14698,27 @@ rules: - get - patch - update +- apiGroups: + - serving.kserve.io + resources: + - servingruntimes + - servingruntimes/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - serving.kserve.io + resources: + - servingruntimes/status + verbs: + - get + - patch + - update - apiGroups: - serving.kserve.io resources: @@ -12256,15 +14761,15 @@ rules: apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: - name: leader-election-rolebinding + name: kserve-leader-election-rolebinding namespace: kserve roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: leader-election-role + name: kserve-leader-election-role subjects: - kind: ServiceAccount - name: default + name: kserve-controller-manager namespace: kserve --- apiVersion: rbac.authorization.k8s.io/v1 @@ -12277,7 +14782,7 @@ roleRef: name: kserve-manager-role subjects: - kind: ServiceAccount - name: default + name: kserve-controller-manager namespace: kserve --- apiVersion: rbac.authorization.k8s.io/v1 @@ -12290,14 +14795,14 @@ roleRef: name: kserve-proxy-role subjects: - kind: ServiceAccount - name: default + name: kserve-controller-manager namespace: kserve --- apiVersion: v1 data: agent: |- { - "image" : "kserve/agent:v0.7.0", + "image" : "kserve/agent:v0.8.0", "memoryRequest": "100Mi", "memoryLimit": "1Gi", "cpuRequest": "100m", @@ -12305,7 +14810,7 @@ data: } batcher: |- { - "image" : "kserve/agent:v0.7.0", + "image" : "kserve/agent:v0.8.0", "memoryRequest": "1Gi", "memoryLimit": "1Gi", "cpuRequest": "1", @@ -12329,15 +14834,15 @@ data: { "alibi": { "image" : "kserve/alibi-explainer", - "defaultImageVersion": "v0.7.0" + "defaultImageVersion": "latest" }, "aix": { "image" : "kserve/aix-explainer", - "defaultImageVersion": "v0.7.0" + "defaultImageVersion": "latest" }, "art": { "image" : "kserve/art-explainer", - "defaultImageVersion": "v0.7.0" + "defaultImageVersion": "latest" } } ingress: |- @@ -12350,7 +14855,7 @@ data: } logger: |- { - "image" : "kserve/agent:v0.7.0", + "image" : "kserve/agent:v0.8.0", "memoryRequest": "100Mi", "memoryLimit": "1Gi", "cpuRequest": "100m", @@ -12361,8 +14866,8 @@ data: { "tensorflow": { "image": "tensorflow/serving", - "defaultImageVersion": "1.14.0", - "defaultGpuImageVersion": "1.14.0-gpu", + "defaultImageVersion": "2.6.2", + "defaultGpuImageVersion": "2.6.2-gpu", "defaultTimeout": "60", "supportedFrameworks": [ "tensorflow" @@ -12380,7 +14885,7 @@ data: "sklearn": { "v1": { "image": "kserve/sklearnserver", - "defaultImageVersion": "v0.7.0", + "defaultImageVersion": "v0.8.0", "supportedFrameworks": [ "sklearn" ], @@ -12388,17 +14893,17 @@ data: }, "v2": { "image": "docker.io/seldonio/mlserver", - "defaultImageVersion": "0.2.1", + "defaultImageVersion": "0.5.3", "supportedFrameworks": [ "sklearn" ], - "multiModelServer": false + "multiModelServer": true } }, "xgboost": { "v1": { "image": "kserve/xgbserver", - "defaultImageVersion": "v0.7.0", + "defaultImageVersion": "v0.8.0", "supportedFrameworks": [ "xgboost" ], @@ -12406,27 +14911,27 @@ data: }, "v2": { "image": "docker.io/seldonio/mlserver", - "defaultImageVersion": "0.2.1", + "defaultImageVersion": "0.5.3", "supportedFrameworks": [ "xgboost" ], - "multiModelServer": false + "multiModelServer": true } }, "pytorch": { "v1" : { - "image": "kserve/pytorchserver", - "defaultImageVersion": "v0.7.0", - "defaultGpuImageVersion": "v0.7.0-gpu", + "image": "kserve/torchserve-kfs", + "defaultImageVersion": "0.5.3", + "defaultGpuImageVersion": "0.5.3-gpu", "supportedFrameworks": [ "pytorch" ], "multiModelServer": false }, "v2" : { - "image": "pytorch/torchserve-kfs", - "defaultImageVersion": "0.4.1", - "defaultGpuImageVersion": "0.4.1-gpu", + "image": "kserve/torchserve-kfs", + "defaultImageVersion": "0.5.3", + "defaultGpuImageVersion": "0.5.3-gpu", "supportedFrameworks": [ "pytorch" ], @@ -12446,7 +14951,7 @@ data: }, "pmml": { "image": "kserve/pmmlserver", - "defaultImageVersion": "v0.7.0", + "defaultImageVersion": "v0.8.0", "supportedFrameworks": [ "pmml" ], @@ -12454,7 +14959,7 @@ data: }, "lightgbm": { "image": "kserve/lgbserver", - "defaultImageVersion": "v0.7.0", + "defaultImageVersion": "v0.8.0", "supportedFrameworks": [ "lightgbm" ], @@ -12462,7 +14967,7 @@ data: }, "paddle": { "image": "kserve/paddleserver", - "defaultImageVersion": "v0.7.0", + "defaultImageVersion": "v0.8.0", "supportedFrameworks": [ "paddle" ], @@ -12471,7 +14976,7 @@ data: } storageInitializer: |- { - "image" : "kserve/storage-initializer:v0.7.0", + "image" : "kserve/storage-initializer:v0.8.0", "memoryRequest": "100Mi", "memoryLimit": "1Gi", "cpuRequest": "100m", @@ -12530,7 +15035,9 @@ metadata: namespace: kserve spec: ports: - - port: 443 + - port: 8443 + protocol: TCP + targetPort: https selector: control-plane: kserve-controller-manager controller-tools.k8s.io: "1.0" @@ -12579,7 +15086,7 @@ spec: fieldPath: metadata.namespace - name: SECRET_NAME value: kserve-webhook-server-cert - image: kserve/kserve-controller:v0.7.0 + image: kserve/kserve-controller:v0.8.0 imagePullPolicy: Always name: manager ports: @@ -12593,6 +15100,8 @@ spec: requests: cpu: 100m memory: 200Mi + securityContext: + allowPrivilegeEscalation: false volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert @@ -12602,11 +15111,15 @@ spec: - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 name: kube-rbac-proxy ports: - containerPort: 8443 name: https + protocol: TCP + securityContext: + runAsNonRoot: true + serviceAccountName: kserve-controller-manager terminationGracePeriodSeconds: 10 volumes: - name: cert @@ -12614,7 +15127,7 @@ spec: defaultMode: 420 secretName: kserve-webhook-server-cert --- -apiVersion: cert-manager.io/v1alpha2 +apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: serving-cert @@ -12628,7 +15141,7 @@ spec: name: selfsigned-issuer secretName: kserve-webhook-server-cert --- -apiVersion: cert-manager.io/v1alpha2 +apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: selfsigned-issuer diff --git a/contrib/kserve/kserve/kserve_kubeflow.yaml b/contrib/kserve/kserve/kserve_kubeflow.yaml index 97961035c5..59feb55537 100644 --- a/contrib/kserve/kserve/kserve_kubeflow.yaml +++ b/contrib/kserve/kserve/kserve_kubeflow.yaml @@ -2,58 +2,35 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cert-manager.io/inject-ca-from: kubeflow/serving-cert controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null labels: app: kserve app.kubernetes.io/name: kserve - name: inferenceservices.serving.kserve.io + name: clusterservingruntimes.serving.kserve.io spec: - conversion: - strategy: Webhook - webhook: - clientConfig: - caBundle: Cg== - service: - name: kserve-webhook-server-service - namespace: kubeflow - path: /convert - conversionReviewVersions: - - v1beta1 group: serving.kserve.io names: - kind: InferenceService - listKind: InferenceServiceList - plural: inferenceservices - shortNames: - - isvc - singular: inferenceservice - preserveUnknownFields: false - scope: Namespaced + kind: ClusterServingRuntime + listKind: ClusterServingRuntimeList + plural: clusterservingruntimes + singular: clusterservingruntime + scope: Cluster versions: - additionalPrinterColumns: - - jsonPath: .status.url - name: URL - type: string - - jsonPath: .status.conditions[?(@.type=='Ready')].status - name: Ready - type: string - - jsonPath: .status.components.predictor.traffic[?(@.tag=='prev')].percent - name: Prev - type: integer - - jsonPath: .status.components.predictor.traffic[?(@.latestRevision==true)].percent - name: Latest - type: integer - - jsonPath: .status.components.predictor.traffic[?(@.tag=='prev')].revisionName - name: PrevRolledoutRevision + - jsonPath: .spec.disabled + name: Disabled + type: boolean + - jsonPath: .spec.supportedModelFormats[*].name + name: ModelType type: string - - jsonPath: .status.components.predictor.traffic[?(@.latestRevision==true)].revisionName - name: LatestReadyRevision + - jsonPath: .spec.containers[*].name + name: Containers type: string - jsonPath: .metadata.creationTimestamp name: Age type: date - name: v1beta1 + name: v1alpha1 schema: openAPIV3Schema: properties: @@ -65,19 +42,107 @@ spec: type: object spec: properties: - explainer: + affinity: properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: + nodeAffinity: properties: - nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: properties: - preferredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: items: properties: - preference: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: properties: matchExpressions: items: @@ -95,7 +160,14 @@ spec: - operator type: object type: array - matchFields: + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: items: properties: key: @@ -111,19 +183,96 @@ spec: - operator type: object type: array + matchLabels: + additionalProperties: + type: string + type: object type: object - weight: - format: int32 - type: integer + namespaces: + items: + type: string + type: array + topologyKey: + type: string required: - - preference - - weight + - topologyKey type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: properties: matchExpressions: items: @@ -141,7 +290,14 @@ spec: - operator type: object type: array - matchFields: + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: items: properties: key: @@ -157,84 +313,10 @@ spec: - operator type: object type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: - properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: + matchLabels: + additionalProperties: type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight - type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object + type: object type: object namespaces: items: @@ -245,681 +327,1416 @@ spec: required: - topologyKey type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: + matchExpressions: + items: + properties: + key: type: string - type: array - topologyKey: - type: string - required: - - topologyKey + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: + namespaceSelector: properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: + matchExpressions: items: - type: string + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object type: array - topologyKey: - type: string - required: - - topologyKey - type: object - type: array - type: object - type: object - aix: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - config: - additionalProperties: - type: string - type: object - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key + matchLabels: + additionalProperties: + type: string type: object type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: + namespaces: + items: + type: string + type: array + topologyKey: type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object + required: + - topologyKey type: object type: array - image: + type: object + type: object + builtInAdapter: + properties: + memBufferBytes: + type: integer + modelLoadingTimeoutMillis: + type: integer + runtimeManagementPort: + type: integer + serverType: + enum: + - triton + - mlserver + type: string + type: object + containers: + items: + properties: + args: + items: type: string - imagePullPolicy: + type: array + command: + items: type: string - lifecycle: + type: array + env: + items: properties: - postStart: + name: + type: string + value: + type: string + valueFrom: properties: - exec: + configMapKeyRef: properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: + key: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: + name: type: string + optional: + type: boolean required: - - port + - key type: object - tcpSocket: + fieldRef: properties: - host: + apiVersion: + type: string + fieldPath: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array + - fieldPath type: object - httpGet: + resourceFieldRef: properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: + containerName: type: string - port: + divisor: anyOf: - type: integer - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - scheme: + resource: type: string required: - - port + - resource type: object - tcpSocket: + secretKeyRef: properties: - host: + key: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true + name: + type: string + optional: + type: boolean required: - - port + - key type: object type: object + required: + - name type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: + type: array + image: + type: string + imagePullPolicy: + type: string + livenessProbe: + properties: + exec: + properties: + command: + items: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: + host: type: string - protocol: - default: TCP + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: + port: anyOf: - type: integer - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: anyOf: - type: integer - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - storageUri: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - type: - type: string - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string required: - - devicePath - - name + - port type: object - type: array - volumeMounts: - items: + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + readinessProbe: + properties: + exec: properties: - mountPath: - type: string - mountPropagation: - type: string - name: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: type: string - readOnly: - type: boolean - subPath: + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: type: string - subPathExpr: + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string required: - - mountPath - - name + - port type: object - type: array - workingDir: - type: string - type: object - alibi: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - config: - additionalProperties: - type: string - type: object - env: - items: + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: properties: - name: - type: string - value: + host: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + workingDir: + type: string + type: object + type: array + disabled: + type: boolean + grpcDataEndpoint: + type: string + grpcEndpoint: + type: string + httpDataEndpoint: + type: string + multiModel: + type: boolean + nodeSelector: + additionalProperties: + type: string + type: object + replicas: + type: integer + storageHelper: + properties: + disabled: + type: boolean + type: object + supportedModelFormats: + items: + properties: + autoSelect: + type: boolean + name: + type: string + version: + type: string + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + required: + - containers + type: object + status: + type: object + type: object + served: true + storage: true + subresources: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: kubeflow/serving-cert + controller-gen.kubebuilder.io/version: v0.4.0 + labels: + app: kserve + app.kubernetes.io/name: kserve + name: inferenceservices.serving.kserve.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + caBundle: Cg== + service: + name: kserve-webhook-server-service + namespace: kubeflow + path: /convert + conversionReviewVersions: + - v1beta1 + group: serving.kserve.io + names: + kind: InferenceService + listKind: InferenceServiceList + plural: inferenceservices + shortNames: + - isvc + singular: inferenceservice + preserveUnknownFields: false + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .status.url + name: URL + type: string + - jsonPath: .status.conditions[?(@.type=='Ready')].status + name: Ready + type: string + - jsonPath: .status.components.predictor.traffic[?(@.tag=='prev')].percent + name: Prev + type: integer + - jsonPath: .status.components.predictor.traffic[?(@.latestRevision==true)].percent + name: Latest + type: integer + - jsonPath: .status.components.predictor.traffic[?(@.tag=='prev')].revisionName + name: PrevRolledoutRevision + type: string + - jsonPath: .status.components.predictor.traffic[?(@.latestRevision==true)].revisionName + name: LatestReadyRevision + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1beta1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + explainer: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + type: object + aix: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + config: + additionalProperties: + type: string + type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + storageUri: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + type: + type: string + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + type: object + alibi: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + config: + additionalProperties: + type: string + type: object + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: properties: containerName: type: string @@ -1135,6 +1952,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1222,6 +2042,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1302,6 +2125,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -1367,6 +2192,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -1622,7 +2450,243 @@ spec: type: object type: object type: object - livenessProbe: + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: properties: exec: properties: @@ -1641,1185 +2705,1495 @@ spec: httpHeaders: items: properties: - name: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + storageUri: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + type: + type: string + volumeDevices: + items: + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object + type: array + volumeMounts: + items: + properties: + mountPath: + type: string + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name + type: object + type: array + workingDir: + type: string + type: object + automountServiceAccountToken: + type: boolean + batcher: + properties: + maxBatchSize: + type: integer + maxLatency: + type: integer + timeout: + type: integer + type: object + canaryTrafficPercent: + format: int64 + type: integer + containerConcurrency: + format: int64 + type: integer + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: type: string - value: + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string required: - - name - - value + - port type: object - type: array - path: + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: + hostPort: + format: int32 + type: integer + name: type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: + protocol: + default: TCP type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true + required: + - containerPort type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: properties: - containerPort: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: format: int32 type: integer - hostIP: - type: string - hostPort: + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: format: int32 type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: anyOf: - type: integer - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: + type: object + requests: + additionalProperties: anyOf: - type: integer - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - runtimeVersion: - type: string - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: + type: object + type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: type: string - type: array - drop: - items: + role: type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: + items: properties: - localhostProfile: + devicePath: type: string - type: + name: type: string required: - - type + - devicePath + - name type: object - windowsOptions: + type: array + volumeMounts: + items: properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: + mountPath: type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: + mountPropagation: type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: + name: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: + readOnly: + type: boolean + subPath: type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: + subPathExpr: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true required: - - port + - mountPath + - name type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - storageUri: - type: string - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - type: - type: string - volumeDevices: + type: array + workingDir: + type: string + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: + type: string + type: array + options: items: properties: - devicePath: - type: string name: type: string - required: - - devicePath - - name + value: + type: string type: object type: array - volumeMounts: + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + logger: + properties: + mode: + enum: + - all + - request + - response + type: string + url: + type: string + type: object + maxReplicas: + type: integer + minReplicas: + type: integer + nodeName: + type: string + nodeSelector: + additionalProperties: + type: string + type: object + overhead: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + preemptionPolicy: + type: string + priority: + format: int32 + type: integer + priorityClassName: + type: string + readinessGates: + items: + properties: + conditionType: + type: string + required: + - conditionType + type: object + type: array + restartPolicy: + type: string + runtimeClassName: + type: string + schedulerName: + type: string + securityContext: + properties: + fsGroup: + format: int64 + type: integer + fsGroupChangePolicy: + type: string + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + supplementalGroups: + items: + format: int64 + type: integer + type: array + sysctls: items: properties: - mountPath: - type: string - mountPropagation: - type: string name: type: string - readOnly: - type: boolean - subPath: - type: string - subPathExpr: + value: type: string required: - - mountPath - name + - value type: object type: array - workingDir: - type: string + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object type: object - automountServiceAccountToken: + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: type: boolean - batcher: - properties: - maxBatchSize: - type: integer - maxLatency: - type: integer - timeout: - type: integer - type: object - canaryTrafficPercent: + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: format: int64 type: integer - containerConcurrency: + timeout: format: int64 type: integer - containers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: - items: - properties: - name: - type: string - value: - type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object - required: - - name - type: object - type: array - envFrom: - items: - properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: - type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object - type: object - type: array - image: - type: string - imagePullPolicy: - type: string - lifecycle: - properties: - postStart: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - preStop: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - type: object - type: object - livenessProbe: + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: properties: - exec: - properties: - command: - items: + matchExpressions: + items: + properties: + key: type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string type: object - timeoutSeconds: - format: int32 - type: integer type: object - name: + maxSkew: + format: int32 + type: integer + topologyKey: type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: - type: string - hostPort: - format: int32 - type: integer - name: - type: string - protocol: - default: TCP - type: string - required: - - containerPort - type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: + fsType: + type: string + partition: format: int32 type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID type: object - resources: + azureDisk: properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI type: object - securityContext: + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: properties: - allowPrivilegeEscalation: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: type: boolean - capabilities: + secretFile: + type: string + secretRef: properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array + name: + type: string type: object - privileged: - type: boolean - procMount: + user: type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: + secretRef: properties: - level: - type: string - role: - type: string - type: - type: string - user: + name: type: string type: object - seccompProfile: + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: + type: string + nodePublishSecretRef: properties: - localhostProfile: - type: string - type: + name: type: string - required: - - type type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string type: object + required: + - driver type: object - startupProbe: + downwardAPI: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: + defaultMode: format: int32 type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: + items: + items: + properties: + fieldRef: properties: - name: + apiVersion: type: string - value: + fieldPath: type: string required: - - name - - value + - fieldPath type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object required: - - port + - spec type: object - timeoutSeconds: + type: object + fc: + properties: + fsType: + type: string + lun: format: int32 type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: - properties: - devicePath: - type: string - name: - type: string - required: - - devicePath - - name - type: object - type: array - volumeMounts: - items: - properties: - mountPath: - type: string - mountPropagation: - type: string - name: - type: string - readOnly: - type: boolean - subPath: + readOnly: + type: boolean + targetWWNs: + items: type: string - subPathExpr: + type: array + wwids: + items: type: string - required: - - mountPath - - name - type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - dnsConfig: - properties: - nameservers: - items: - type: string - type: array - options: - items: + type: array + type: object + flexVolume: properties: - name: + driver: type: string - value: + fsType: type: string + options: + additionalProperties: + type: string + type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver type: object - type: array - searches: - items: - type: string - type: array - type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - logger: - properties: - mode: - enum: - - all - - request - - response - type: string - url: - type: string - type: object - maxReplicas: - type: integer - minReplicas: - type: integer - nodeName: - type: string - nodeSelector: - additionalProperties: - type: string - type: object - overhead: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - preemptionPolicy: - type: string - priority: - format: int32 - type: integer - priorityClassName: - type: string - readinessGates: - items: - properties: - conditionType: - type: string - required: - - conditionType - type: object - type: array - restartPolicy: - type: string - runtimeClassName: - type: string - schedulerName: - type: string - securityContext: - properties: - fsGroup: - format: int64 - type: integer - fsGroupChangePolicy: - type: string - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - supplementalGroups: - items: - format: int64 - type: integer - type: array - sysctls: - items: + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: properties: - name: + fsType: type: string - value: + partition: + format: int32 + type: integer + pdName: type: string + readOnly: + type: boolean required: - - name - - value + - pdName type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - serviceAccount: - type: string - serviceAccountName: - type: string - setHostnameAsFQDN: - type: boolean - shareProcessNamespace: - type: boolean - subdomain: - type: string - terminationGracePeriodSeconds: - format: int64 - type: integer - timeout: - format: int64 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: + gitRepo: + properties: + directory: + type: string + repository: + type: string + revision: + type: string + required: + - repository + type: object + glusterfs: + properties: + endpoints: + type: string + path: + type: string + readOnly: + type: boolean + required: + - endpoints + - path + type: object + hostPath: + properties: + path: + type: string + type: + type: string + required: + - path + type: object + iscsi: + properties: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: + items: + type: string + type: array + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + targetPortal: + type: string + required: + - iqn + - lun + - targetPortal + type: object + name: type: string - type: object - type: array - topologySpreadConstraints: - items: - properties: - labelSelector: + nfs: properties: - matchExpressions: + path: + type: string + readOnly: + type: boolean + server: + type: string + required: + - path + - server + type: object + persistentVolumeClaim: + properties: + claimName: + type: string + readOnly: + type: boolean + required: + - claimName + type: object + photonPersistentDisk: + properties: + fsType: + type: string + pdID: + type: string + required: + - pdID + type: object + portworxVolume: + properties: + fsType: + type: string + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + projected: + properties: + defaultMode: + format: int32 + type: integer + sources: items: properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator + configMap: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + serviceAccountToken: + properties: + audience: + type: string + expirationSeconds: + format: int64 + type: integer + path: + type: string + required: + - path + type: object type: object type: array - matchLabels: - additionalProperties: - type: string - type: object type: object - maxSkew: - format: int32 - type: integer - topologyKey: - type: string - whenUnsatisfiable: - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: + quobyte: properties: - fsType: + group: type: string - partition: - format: int32 - type: integer readOnly: type: boolean - volumeID: - type: string - required: - - volumeID - type: object - azureDisk: - properties: - cachingMode: - type: string - diskName: + registry: type: string - diskURI: + tenant: type: string - fsType: + user: type: string - kind: + volume: type: string - readOnly: - type: boolean required: - - diskName - - diskURI + - registry + - volume type: object - azureFile: + rbd: properties: - readOnly: - type: boolean - secretName: + fsType: type: string - shareName: + image: + type: string + keyring: type: string - required: - - secretName - - shareName - type: object - cephfs: - properties: monitors: items: type: string type: array - path: + pool: type: string readOnly: type: boolean - secretFile: - type: string secretRef: properties: name: @@ -2828,12 +4202,17 @@ spec: user: type: string required: + - image - monitors type: object - cinder: + scaleIO: properties: fsType: type: string + gateway: + type: string + protectionDomain: + type: string readOnly: type: boolean secretRef: @@ -2841,12 +4220,22 @@ spec: name: type: string type: object - volumeID: + sslEnabled: + type: boolean + storageMode: + type: string + storagePool: + type: string + system: + type: string + volumeName: type: string required: - - volumeID + - gateway + - secretRef + - system type: object - configMap: + secret: properties: defaultMode: format: int32 @@ -2866,130 +4255,304 @@ spec: - path type: object type: array - name: - type: string optional: type: boolean + secretName: + type: string type: object - csi: + storageos: properties: - driver: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeName: + type: string + volumeNamespace: type: string + type: object + vsphereVolume: + properties: fsType: type: string - nodePublishSecretRef: + storagePolicyID: + type: string + storagePolicyName: + type: string + volumePath: + type: string + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + predictor: + properties: + activeDeadlineSeconds: + format: int64 + type: integer + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: + format: int32 + type: integer + required: + - preference + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: properties: - name: - type: string - type: object - readOnly: - type: boolean - volumeAttributes: - additionalProperties: - type: string + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight type: object - required: - - driver - type: object - downwardAPI: - properties: - defaultMode: - format: int32 - type: integer + type: array + requiredDuringSchedulingIgnoredDuringExecution: items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - properties: - medium: - type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: - readOnly: - type: boolean - volumeClaimTemplate: properties: - metadata: - type: object - spec: + labelSelector: properties: - accessModes: + matchExpressions: items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name + matchLabels: + additionalProperties: + type: string type: object - resources: + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true + type: string type: object type: object - selector: + namespaceSelector: properties: matchExpressions: items: @@ -3012,1305 +4575,1271 @@ spec: type: string type: object type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: + namespaces: + items: + type: string + type: array + topologyKey: type: string + required: + - topologyKey type: object + weight: + format: int32 + type: integer required: - - spec - type: object - type: object - fc: - properties: - fsType: - type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: - items: - type: string - type: array - type: object - flexVolume: - properties: - driver: - type: string - fsType: - type: string - options: - additionalProperties: - type: string - type: object - readOnly: - type: boolean - secretRef: - properties: - name: - type: string + - podAffinityTerm + - weight type: object - required: - - driver - type: object - flocker: - properties: - datasetName: - type: string - datasetUUID: - type: string - type: object - gcePersistentDisk: - properties: - fsType: - type: string - partition: - format: int32 - type: integer - pdName: - type: string - readOnly: - type: boolean - required: - - pdName - type: object - gitRepo: - properties: - directory: - type: string - repository: - type: string - revision: - type: string - required: - - repository - type: object - glusterfs: - properties: - endpoints: - type: string - path: - type: string - readOnly: - type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: - type: string - type: - type: string - required: - - path - type: object - iscsi: - properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean - fsType: - type: string - initiatorName: - type: string - iqn: - type: string - iscsiInterface: - type: string - lun: - format: int32 - type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: properties: - name: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: type: string + required: + - topologyKey type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string - required: - - pdID - type: object - portworxVolume: - properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string - required: - - volumeID - type: object - projected: - properties: - defaultMode: - format: int32 - type: integer - sources: - items: + type: array + type: object + type: object + automountServiceAccountToken: + type: boolean + batcher: + properties: + maxBatchSize: + type: integer + maxLatency: + type: integer + timeout: + type: integer + type: object + canaryTrafficPercent: + format: int64 + type: integer + containerConcurrency: + format: int64 + type: integer + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: properties: - configMap: + configMapKeyRef: properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array + key: + type: string name: type: string optional: type: boolean + required: + - key type: object - downwardAPI: + fieldRef: properties: - items: - items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object - type: array + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath type: object - secret: + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: + properties: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: properties: - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array name: type: string - optional: - type: boolean + value: + type: string + required: + - name + - value type: object - serviceAccountToken: + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: + format: int32 + type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort + type: object + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: properties: - audience: + name: type: string - expirationSeconds: - format: int64 - type: integer - path: + value: type: string required: - - path + - name + - value type: object - type: object - type: array - required: - - sources - type: object - quobyte: - properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume - type: object - rbd: - properties: - fsType: - type: string - image: - type: string - keyring: - type: string - monitors: - items: - type: string - type: array - pool: - type: string - readOnly: - type: boolean - secretRef: + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: properties: - name: + host: type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port type: object - user: - type: string - required: - - image - - monitors + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer type: object - scaleIO: + resources: properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: - type: string - required: - - gateway - - secretRef - - system type: object - secret: + securityContext: properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: type: string - mode: - format: int32 - type: integer - path: + type: array + drop: + items: type: string - required: - - key - - path - type: object - type: array - optional: + type: array + type: object + privileged: type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: + procMount: type: string - readOnly: + readOnlyRootFilesystem: type: boolean - secretRef: + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: properties: - name: + level: + type: string + role: + type: string + type: + type: string + user: type: string type: object - volumeName: - type: string - volumeNamespace: - type: string - type: object - vsphereVolume: - properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array - type: object - predictor: - properties: - activeDeadlineSeconds: - format: int64 - type: integer - affinity: - properties: - nodeAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + seccompProfile: properties: - preference: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - weight: - format: int32 - type: integer + localhostProfile: + type: string + type: + type: string required: - - preference - - weight + - type type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - properties: - nodeSelectorTerms: - items: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchFields: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - type: object - type: array - required: - - nodeSelectorTerms - type: object - type: object - podAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + windowsOptions: properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer - required: - - podAffinityTerm - - weight + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: + type: object + startupProbe: + properties: + exec: + properties: + command: items: type: string type: array - topologyKey: - type: string - required: - - topologyKey type: object - type: array - type: object - podAntiAffinity: - properties: - preferredDuringSchedulingIgnoredDuringExecution: - items: + failureThreshold: + format: int32 + type: integer + httpGet: properties: - podAffinityTerm: - properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: + host: + type: string + httpHeaders: + items: + properties: + name: type: string - type: array - topologyKey: - type: string - required: - - topologyKey - type: object - weight: - format: int32 - type: integer + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string required: - - podAffinityTerm - - weight + - port type: object - type: array - requiredDuringSchedulingIgnoredDuringExecution: - items: + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: properties: - labelSelector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - namespaces: - items: - type: string - type: array - topologyKey: + host: type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true required: - - topologyKey + - port type: object - type: array - type: object - type: object - automountServiceAccountToken: - type: boolean - batcher: - properties: - maxBatchSize: - type: integer - maxLatency: - type: integer - timeout: - type: integer - type: object - canaryTrafficPercent: - format: int64 - type: integer - containerConcurrency: - format: int64 - type: integer - containers: - items: - properties: - args: - items: - type: string - type: array - command: - items: - type: string - type: array - env: + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: items: properties: - name: + devicePath: type: string - value: + name: type: string - valueFrom: - properties: - configMapKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - secretKeyRef: - properties: - key: - type: string - name: - type: string - optional: - type: boolean - required: - - key - type: object - type: object required: + - devicePath - name type: object type: array - envFrom: + volumeMounts: items: properties: - configMapRef: - properties: - name: - type: string - optional: - type: boolean - type: object - prefix: + mountPath: type: string - secretRef: - properties: - name: - type: string - optional: - type: boolean - type: object + mountPropagation: + type: string + name: + type: string + readOnly: + type: boolean + subPath: + type: string + subPathExpr: + type: string + required: + - mountPath + - name type: object type: array - image: + workingDir: type: string - imagePullPolicy: + required: + - name + type: object + type: array + dnsConfig: + properties: + nameservers: + items: type: string - lifecycle: + type: array + options: + items: properties: - postStart: + name: + type: string + value: + type: string + type: object + type: array + searches: + items: + type: string + type: array + type: object + dnsPolicy: + type: string + enableServiceLinks: + type: boolean + hostAliases: + items: + properties: + hostnames: + items: + type: string + type: array + ip: + type: string + type: object + type: array + hostIPC: + type: boolean + hostNetwork: + type: boolean + hostPID: + type: boolean + hostname: + type: string + imagePullSecrets: + items: + properties: + name: + type: string + type: object + type: array + lightgbm: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: properties: - exec: + configMapKeyRef: properties: - command: - items: - type: string - type: array + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key type: object - httpGet: + fieldRef: properties: - host: + apiVersion: type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: + fieldPath: type: string - port: + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: anyOf: - type: integer - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - scheme: + resource: type: string required: - - port + - resource type: object - tcpSocket: + secretKeyRef: properties: - host: + key: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true + name: + type: string + optional: + type: boolean required: - - port + - key type: object type: object - preStop: + required: + - name + type: object + type: array + envFrom: + items: + properties: + configMapRef: properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: + name: + type: string + optional: + type: boolean + type: object + prefix: + type: string + secretRef: + properties: + name: + type: string + optional: + type: boolean + type: object + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + lifecycle: + properties: + postStart: + properties: + exec: + properties: + command: + items: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + preStop: + properties: + exec: + properties: + command: + items: type: string - required: - - port - type: object - tcpSocket: + type: array + type: object + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: + type: string + required: + - port + type: object + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + type: object + type: object + livenessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: properties: - host: + name: + type: string + value: type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true required: - - port + - name + - value type: object - type: object - type: object - livenessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - name: - type: string - ports: - items: - properties: - containerPort: - format: int32 - type: integer - hostIP: + type: array + path: type: string - hostPort: - format: int32 - type: integer - name: + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string - protocol: - default: TCP + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: type: string - required: - - containerPort + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true type: object - type: array - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + ports: + items: + properties: + containerPort: + format: int32 + type: integer + hostIP: + type: string + hostPort: format: int32 type: integer + name: + type: string + protocol: + default: TCP + type: string + required: + - containerPort type: object - resources: - properties: - limits: - additionalProperties: + type: array + x-kubernetes-list-map-keys: + - containerPort + - protocol + x-kubernetes-list-type: map + protocolVersion: + type: string + readinessProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: anyOf: - type: integer - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: + scheme: + type: string + type: object + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: anyOf: - type: integer - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true - type: object - type: object - securityContext: - properties: - allowPrivilegeEscalation: - type: boolean - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object - privileged: - type: boolean - procMount: - type: string - readOnlyRootFilesystem: - type: boolean - runAsGroup: - format: int64 - type: integer - runAsNonRoot: - type: boolean - runAsUser: - format: int64 - type: integer - seLinuxOptions: - properties: - level: - type: string - role: - type: string - type: - type: string - user: - type: string - type: object - seccompProfile: - properties: - localhostProfile: - type: string - type: - type: string - required: - - type - type: object - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - startupProbe: - properties: - exec: - properties: - command: - items: - type: string - type: array - type: object - failureThreshold: - format: int32 - type: integer - httpGet: - properties: - host: - type: string - httpHeaders: - items: - properties: - name: - type: string - value: - type: string - required: - - name - - value - type: object - type: array - path: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - type: string - required: - - port - type: object - initialDelaySeconds: - format: int32 - type: integer - periodSeconds: - format: int32 - type: integer - successThreshold: - format: int32 - type: integer - tcpSocket: - properties: - host: - type: string - port: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - required: - - port - type: object - timeoutSeconds: - format: int32 - type: integer - type: object - stdin: - type: boolean - stdinOnce: - type: boolean - terminationMessagePath: - type: string - terminationMessagePolicy: - type: string - tty: - type: boolean - volumeDevices: - items: + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + runtimeVersion: + type: string + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: properties: - devicePath: + level: type: string - name: + role: + type: string + type: + type: string + user: type: string - required: - - devicePath - - name type: object - type: array - volumeMounts: - items: + seccompProfile: properties: - mountPath: + localhostProfile: type: string - mountPropagation: + type: type: string - name: + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: type: string - readOnly: + gmsaCredentialSpecName: + type: string + hostProcess: type: boolean - subPath: + runAsUserName: type: string - subPathExpr: + type: object + type: object + startupProbe: + properties: + exec: + properties: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: + items: + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object + type: array + path: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string required: - - mountPath - - name + - port type: object - type: array - workingDir: - type: string - required: - - name - type: object - type: array - dnsConfig: - properties: - nameservers: + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: + properties: + host: + type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + required: + - port + type: object + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + stdin: + type: boolean + stdinOnce: + type: boolean + storageUri: + type: string + terminationMessagePath: + type: string + terminationMessagePolicy: + type: string + tty: + type: boolean + volumeDevices: items: - type: string + properties: + devicePath: + type: string + name: + type: string + required: + - devicePath + - name + type: object type: array - options: + volumeMounts: items: properties: + mountPath: + type: string + mountPropagation: + type: string name: type: string - value: + readOnly: + type: boolean + subPath: + type: string + subPathExpr: type: string + required: + - mountPath + - name type: object type: array - searches: - items: - type: string - type: array + workingDir: + type: string type: object - dnsPolicy: - type: string - enableServiceLinks: - type: boolean - hostAliases: - items: - properties: - hostnames: - items: - type: string - type: array - ip: - type: string - type: object - type: array - hostIPC: - type: boolean - hostNetwork: - type: boolean - hostPID: - type: boolean - hostname: - type: string - imagePullSecrets: - items: - properties: - name: - type: string - type: object - type: array - lightgbm: + logger: + properties: + mode: + enum: + - all + - request + - response + type: string + url: + type: string + type: object + maxReplicas: + type: integer + minReplicas: + type: integer + model: properties: args: items: @@ -4565,10 +6094,22 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object + modelFormat: + properties: + name: + type: string + version: + type: string + required: + - name + type: object name: type: string ports: @@ -4654,6 +6195,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -4677,6 +6221,8 @@ spec: x-kubernetes-int-or-string: true type: object type: object + runtime: + type: string runtimeVersion: type: string securityContext: @@ -4734,6 +6280,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -4799,6 +6347,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -4850,21 +6401,6 @@ spec: workingDir: type: string type: object - logger: - properties: - mode: - enum: - - all - - request - - response - type: string - url: - type: string - type: object - maxReplicas: - type: integer - minReplicas: - type: integer nodeName: type: string nodeSelector: @@ -5126,6 +6662,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -5215,6 +6754,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -5295,6 +6837,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -5360,6 +6904,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -5674,6 +7221,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -5763,6 +7313,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -5843,6 +7396,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -5908,6 +7463,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6214,6 +7772,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6303,6 +7864,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6383,6 +7947,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -6448,6 +8014,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6761,12 +8330,13 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer type: object - modelClassName: - type: string name: type: string ports: @@ -6852,6 +8422,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -6932,6 +8505,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -6997,6 +8572,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -7121,6 +8699,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -7388,6 +8968,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -7477,6 +9060,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -7557,6 +9143,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -7622,6 +9210,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -7930,6 +9521,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8019,6 +9613,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8099,6 +9696,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -8164,6 +9763,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8535,6 +10137,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8624,6 +10229,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -8704,6 +10312,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -8769,6 +10379,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -9005,8 +10618,6 @@ spec: type: object ephemeral: properties: - readOnly: - type: boolean volumeClaimTemplate: properties: metadata: @@ -9029,6 +10640,18 @@ spec: - kind - name type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object resources: properties: limits: @@ -9356,8 +10979,6 @@ spec: type: object type: object type: array - required: - - sources type: object quobyte: properties: @@ -9747,6 +11368,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -9836,6 +11460,9 @@ spec: - type: string x-kubernetes-int-or-string: true type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -9916,6 +11543,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -9981,6 +11610,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -10161,6 +11793,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -10204,6 +11859,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -10245,6 +11923,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -10288,6 +11989,29 @@ spec: type: string type: object type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object namespaces: items: type: string @@ -10575,6 +12299,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -10664,6 +12391,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -10742,6 +12472,8 @@ spec: type: string gmsaCredentialSpecName: type: string + hostProcess: + type: boolean runAsUserName: type: string type: object @@ -10807,6 +12539,9 @@ spec: required: - port type: object + terminationGracePeriodSeconds: + format: int64 + type: integer timeoutSeconds: format: int32 type: integer @@ -11005,388 +12740,700 @@ spec: properties: name: type: string - value: + value: + type: string + required: + - name + - value + type: object + type: array + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object + serviceAccount: + type: string + serviceAccountName: + type: string + setHostnameAsFQDN: + type: boolean + shareProcessNamespace: + type: boolean + subdomain: + type: string + terminationGracePeriodSeconds: + format: int64 + type: integer + timeout: + format: int64 + type: integer + tolerations: + items: + properties: + effect: + type: string + key: + type: string + operator: + type: string + tolerationSeconds: + format: int64 + type: integer + value: + type: string + type: object + type: array + topologySpreadConstraints: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + maxSkew: + format: int32 + type: integer + topologyKey: + type: string + whenUnsatisfiable: + type: string + required: + - maxSkew + - topologyKey + - whenUnsatisfiable + type: object + type: array + x-kubernetes-list-map-keys: + - topologyKey + - whenUnsatisfiable + x-kubernetes-list-type: map + volumes: + items: + properties: + awsElasticBlockStore: + properties: + fsType: + type: string + partition: + format: int32 + type: integer + readOnly: + type: boolean + volumeID: + type: string + required: + - volumeID + type: object + azureDisk: + properties: + cachingMode: + type: string + diskName: + type: string + diskURI: + type: string + fsType: + type: string + kind: + type: string + readOnly: + type: boolean + required: + - diskName + - diskURI + type: object + azureFile: + properties: + readOnly: + type: boolean + secretName: + type: string + shareName: + type: string + required: + - secretName + - shareName + type: object + cephfs: + properties: + monitors: + items: + type: string + type: array + path: + type: string + readOnly: + type: boolean + secretFile: + type: string + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - monitors + type: object + cinder: + properties: + fsType: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + volumeID: + type: string + required: + - volumeID + type: object + configMap: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: + type: string + optional: + type: boolean + type: object + csi: + properties: + driver: + type: string + fsType: type: string + nodePublishSecretRef: + properties: + name: + type: string + type: object + readOnly: + type: boolean + volumeAttributes: + additionalProperties: + type: string + type: object required: - - name - - value + - driver + type: object + downwardAPI: + properties: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + emptyDir: + properties: + medium: + type: string + sizeLimit: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + ephemeral: + properties: + volumeClaimTemplate: + properties: + metadata: + type: object + spec: + properties: + accessModes: + items: + type: string + type: array + dataSource: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + dataSourceRef: + properties: + apiGroup: + type: string + kind: + type: string + name: + type: string + required: + - kind + - name + type: object + resources: + properties: + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + type: object + selector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + storageClassName: + type: string + volumeMode: + type: string + volumeName: + type: string + type: object + required: + - spec + type: object type: object - type: array - windowsOptions: - properties: - gmsaCredentialSpec: - type: string - gmsaCredentialSpecName: - type: string - runAsUserName: - type: string - type: object - type: object - serviceAccount: - type: string - serviceAccountName: - type: string - setHostnameAsFQDN: - type: boolean - shareProcessNamespace: - type: boolean - subdomain: - type: string - terminationGracePeriodSeconds: - format: int64 - type: integer - timeout: - format: int64 - type: integer - tolerations: - items: - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - format: int64 - type: integer - value: - type: string - type: object - type: array - topologySpreadConstraints: - items: - properties: - labelSelector: + fc: properties: - matchExpressions: + fsType: + type: string + lun: + format: int32 + type: integer + readOnly: + type: boolean + targetWWNs: items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object + type: string type: array - matchLabels: + wwids: + items: + type: string + type: array + type: object + flexVolume: + properties: + driver: + type: string + fsType: + type: string + options: additionalProperties: type: string type: object + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + required: + - driver type: object - maxSkew: - format: int32 - type: integer - topologyKey: - type: string - whenUnsatisfiable: - type: string - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - type: object - type: array - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - items: - properties: - awsElasticBlockStore: + flocker: + properties: + datasetName: + type: string + datasetUUID: + type: string + type: object + gcePersistentDisk: properties: fsType: type: string partition: format: int32 type: integer + pdName: + type: string readOnly: type: boolean - volumeID: - type: string required: - - volumeID + - pdName type: object - azureDisk: + gitRepo: properties: - cachingMode: + directory: type: string - diskName: + repository: type: string - diskURI: + revision: type: string - fsType: + required: + - repository + type: object + glusterfs: + properties: + endpoints: type: string - kind: + path: type: string readOnly: type: boolean required: - - diskName - - diskURI + - endpoints + - path type: object - azureFile: + hostPath: properties: - readOnly: - type: boolean - secretName: + path: type: string - shareName: + type: type: string required: - - secretName - - shareName + - path type: object - cephfs: + iscsi: properties: - monitors: + chapAuthDiscovery: + type: boolean + chapAuthSession: + type: boolean + fsType: + type: string + initiatorName: + type: string + iqn: + type: string + iscsiInterface: + type: string + lun: + format: int32 + type: integer + portals: items: type: string type: array - path: - type: string readOnly: type: boolean - secretFile: - type: string secretRef: properties: name: type: string type: object - user: + targetPortal: type: string required: - - monitors + - iqn + - lun + - targetPortal type: object - cinder: + name: + type: string + nfs: properties: - fsType: + path: type: string readOnly: type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeID: + server: type: string required: - - volumeID + - path + - server type: object - configMap: + persistentVolumeClaim: properties: - defaultMode: - format: int32 - type: integer - items: - items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object - type: array - name: + claimName: type: string - optional: + readOnly: type: boolean + required: + - claimName type: object - csi: + photonPersistentDisk: properties: - driver: + fsType: + type: string + pdID: type: string + required: + - pdID + type: object + portworxVolume: + properties: fsType: type: string - nodePublishSecretRef: - properties: - name: - type: string - type: object readOnly: type: boolean - volumeAttributes: - additionalProperties: - type: string - type: object + volumeID: + type: string required: - - driver + - volumeID type: object - downwardAPI: + projected: properties: defaultMode: format: int32 type: integer - items: + sources: items: properties: - fieldRef: + configMap: properties: - apiVersion: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: type: string - fieldPath: + optional: + type: boolean + type: object + downwardAPI: + properties: + items: + items: + properties: + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + mode: + format: int32 + type: integer + path: + type: string + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + required: + - path + type: object + type: array + type: object + secret: + properties: + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + name: type: string - required: - - fieldPath + optional: + type: boolean type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: + serviceAccountToken: properties: - containerName: + audience: type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: + expirationSeconds: + format: int64 + type: integer + path: type: string required: - - resource + - path type: object - required: - - path type: object type: array type: object - emptyDir: + quobyte: properties: - medium: + group: type: string - sizeLimit: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - ephemeral: - properties: readOnly: type: boolean - volumeClaimTemplate: - properties: - metadata: - type: object - spec: - properties: - accessModes: - items: - type: string - type: array - dataSource: - properties: - apiGroup: - type: string - kind: - type: string - name: - type: string - required: - - kind - - name - type: object - resources: - properties: - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - type: object - type: object - selector: - properties: - matchExpressions: - items: - properties: - key: - type: string - operator: - type: string - values: - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - type: object - type: object - storageClassName: - type: string - volumeMode: - type: string - volumeName: - type: string - type: object - required: - - spec - type: object + registry: + type: string + tenant: + type: string + user: + type: string + volume: + type: string + required: + - registry + - volume type: object - fc: + rbd: properties: fsType: type: string - lun: - format: int32 - type: integer - readOnly: - type: boolean - targetWWNs: - items: - type: string - type: array - wwids: + image: + type: string + keyring: + type: string + monitors: items: type: string type: array + pool: + type: string + readOnly: + type: boolean + secretRef: + properties: + name: + type: string + type: object + user: + type: string + required: + - image + - monitors type: object - flexVolume: + scaleIO: properties: - driver: - type: string fsType: type: string - options: - additionalProperties: - type: string - type: object + gateway: + type: string + protectionDomain: + type: string readOnly: type: boolean secretRef: @@ -11394,466 +13441,878 @@ spec: name: type: string type: object - required: - - driver - type: object - flocker: - properties: - datasetName: + sslEnabled: + type: boolean + storageMode: type: string - datasetUUID: + storagePool: type: string - type: object - gcePersistentDisk: - properties: - fsType: + system: type: string - partition: - format: int32 - type: integer - pdName: + volumeName: type: string - readOnly: - type: boolean required: - - pdName + - gateway + - secretRef + - system type: object - gitRepo: + secret: properties: - directory: - type: string - repository: - type: string - revision: + defaultMode: + format: int32 + type: integer + items: + items: + properties: + key: + type: string + mode: + format: int32 + type: integer + path: + type: string + required: + - key + - path + type: object + type: array + optional: + type: boolean + secretName: type: string - required: - - repository type: object - glusterfs: + storageos: properties: - endpoints: - type: string - path: + fsType: type: string readOnly: type: boolean - required: - - endpoints - - path - type: object - hostPath: - properties: - path: + secretRef: + properties: + name: + type: string + type: object + volumeName: type: string - type: + volumeNamespace: type: string - required: - - path type: object - iscsi: + vsphereVolume: properties: - chapAuthDiscovery: - type: boolean - chapAuthSession: - type: boolean fsType: type: string - initiatorName: + storagePolicyID: type: string - iqn: + storagePolicyName: type: string - iscsiInterface: + volumePath: type: string - lun: + required: + - volumePath + type: object + required: + - name + type: object + type: array + type: object + required: + - predictor + type: object + status: + properties: + address: + properties: + url: + type: string + type: object + annotations: + additionalProperties: + type: string + type: object + components: + additionalProperties: + properties: + address: + properties: + url: + type: string + type: object + latestCreatedRevision: + type: string + latestReadyRevision: + type: string + latestRolledoutRevision: + type: string + previousRolledoutRevision: + type: string + traffic: + items: + properties: + configurationName: + type: string + latestRevision: + type: boolean + percent: + format: int64 + type: integer + revisionName: + type: string + tag: + type: string + url: + type: string + type: object + type: array + url: + type: string + type: object + type: object + conditions: + items: + properties: + lastTransitionTime: + type: string + message: + type: string + reason: + type: string + severity: + type: string + status: + type: string + type: + type: string + required: + - status + - type + type: object + type: array + observedGeneration: + format: int64 + type: integer + url: + type: string + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.4.0 + creationTimestamp: null + labels: + app: kserve + app.kubernetes.io/name: kserve + name: servingruntimes.serving.kserve.io +spec: + group: serving.kserve.io + names: + kind: ServingRuntime + listKind: ServingRuntimeList + plural: servingruntimes + singular: servingruntime + scope: Namespaced + versions: + - additionalPrinterColumns: + - jsonPath: .spec.disabled + name: Disabled + type: boolean + - jsonPath: .spec.supportedModelFormats[*].name + name: ModelType + type: string + - jsonPath: .spec.containers[*].name + name: Containers + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + type: string + kind: + type: string + metadata: + type: object + spec: + properties: + affinity: + properties: + nodeAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + preference: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + weight: format: int32 type: integer - portals: - items: - type: string - type: array - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - targetPortal: - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - type: string - nfs: - properties: - path: - type: string - readOnly: - type: boolean - server: - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - properties: - claimName: - type: string - readOnly: - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - properties: - fsType: - type: string - pdID: - type: string required: - - pdID + - preference + - weight type: object - portworxVolume: + type: array + requiredDuringSchedulingIgnoredDuringExecution: + properties: + nodeSelectorTerms: + items: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchFields: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + type: array + required: + - nodeSelectorTerms + type: object + type: object + podAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: properties: - fsType: - type: string - readOnly: - type: boolean - volumeID: - type: string + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer required: - - volumeID + - podAffinityTerm + - weight type: object - projected: + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: properties: - defaultMode: - format: int32 - type: integer - sources: - items: - properties: - configMap: + labelSelector: + properties: + matchExpressions: + items: properties: - items: + key: + type: string + operator: + type: string + values: items: - properties: - key: - type: string - mode: - format: int32 - type: integer - path: - type: string - required: - - key - - path - type: object + type: string type: array - name: - type: string - optional: - type: boolean + required: + - key + - operator type: object - downwardAPI: + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: properties: - items: + key: + type: string + operator: + type: string + values: items: - properties: - fieldRef: - properties: - apiVersion: - type: string - fieldPath: - type: string - required: - - fieldPath - type: object - mode: - format: int32 - type: integer - path: - type: string - resourceFieldRef: - properties: - containerName: - type: string - divisor: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - type: string - required: - - resource - type: object - required: - - path - type: object + type: string type: array + required: + - key + - operator type: object - secret: - properties: + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + type: array + type: object + podAntiAffinity: + properties: + preferredDuringSchedulingIgnoredDuringExecution: + items: + properties: + podAffinityTerm: + properties: + labelSelector: + properties: + matchExpressions: items: - items: - properties: - key: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - mode: - format: int32 - type: integer - path: + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: type: string - required: - - key - - path - type: object - type: array - name: + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: type: string - optional: - type: boolean + type: object + type: object + namespaces: + items: + type: string + type: array + topologyKey: + type: string + required: + - topologyKey + type: object + weight: + format: int32 + type: integer + required: + - podAffinityTerm + - weight + type: object + type: array + requiredDuringSchedulingIgnoredDuringExecution: + items: + properties: + labelSelector: + properties: + matchExpressions: + items: + properties: + key: + type: string + operator: + type: string + values: + items: + type: string + type: array + required: + - key + - operator type: object - serviceAccountToken: + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaceSelector: + properties: + matchExpressions: + items: properties: - audience: + key: type: string - expirationSeconds: - format: int64 - type: integer - path: + operator: type: string + values: + items: + type: string + type: array required: - - path + - key + - operator type: object - type: object + type: array + matchLabels: + additionalProperties: + type: string + type: object + type: object + namespaces: + items: + type: string type: array + topologyKey: + type: string required: - - sources + - topologyKey type: object - quobyte: + type: array + type: object + type: object + builtInAdapter: + properties: + memBufferBytes: + type: integer + modelLoadingTimeoutMillis: + type: integer + runtimeManagementPort: + type: integer + serverType: + enum: + - triton + - mlserver + type: string + type: object + containers: + items: + properties: + args: + items: + type: string + type: array + command: + items: + type: string + type: array + env: + items: + properties: + name: + type: string + value: + type: string + valueFrom: + properties: + configMapKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + fieldRef: + properties: + apiVersion: + type: string + fieldPath: + type: string + required: + - fieldPath + type: object + resourceFieldRef: + properties: + containerName: + type: string + divisor: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + type: string + required: + - resource + type: object + secretKeyRef: + properties: + key: + type: string + name: + type: string + optional: + type: boolean + required: + - key + type: object + type: object + required: + - name + type: object + type: array + image: + type: string + imagePullPolicy: + type: string + livenessProbe: + properties: + exec: properties: - group: - type: string - readOnly: - type: boolean - registry: - type: string - tenant: - type: string - user: - type: string - volume: - type: string - required: - - registry - - volume + command: + items: + type: string + type: array type: object - rbd: + failureThreshold: + format: int32 + type: integer + httpGet: properties: - fsType: - type: string - image: - type: string - keyring: + host: type: string - monitors: + httpHeaders: items: - type: string + properties: + name: + type: string + value: + type: string + required: + - name + - value + type: object type: array - pool: + path: type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - user: + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string required: - - image - - monitors + - port type: object - scaleIO: + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: properties: - fsType: - type: string - gateway: - type: string - protectionDomain: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - sslEnabled: - type: boolean - storageMode: - type: string - storagePool: - type: string - system: - type: string - volumeName: + host: type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true required: - - gateway - - secretRef - - system + - port type: object - secret: + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer + type: object + name: + type: string + readinessProbe: + properties: + exec: properties: - defaultMode: - format: int32 - type: integer - items: + command: + items: + type: string + type: array + type: object + failureThreshold: + format: int32 + type: integer + httpGet: + properties: + host: + type: string + httpHeaders: items: properties: - key: + name: type: string - mode: - format: int32 - type: integer - path: + value: type: string required: - - key - - path + - name + - value type: object type: array - optional: - type: boolean - secretName: - type: string - type: object - storageos: - properties: - fsType: - type: string - readOnly: - type: boolean - secretRef: - properties: - name: - type: string - type: object - volumeName: + path: type: string - volumeNamespace: + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scheme: type: string + required: + - port type: object - vsphereVolume: + initialDelaySeconds: + format: int32 + type: integer + periodSeconds: + format: int32 + type: integer + successThreshold: + format: int32 + type: integer + tcpSocket: properties: - fsType: - type: string - storagePolicyID: - type: string - storagePolicyName: - type: string - volumePath: + host: type: string + port: + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true required: - - volumePath + - port type: object - required: - - name + terminationGracePeriodSeconds: + format: int64 + type: integer + timeoutSeconds: + format: int32 + type: integer type: object - type: array - type: object - required: - - predictor - type: object - status: - properties: - address: - properties: - url: - type: string - type: object - annotations: - additionalProperties: - type: string - type: object - components: - additionalProperties: - properties: - address: + resources: properties: - url: - type: string + limits: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object + requests: + additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + type: object type: object - latestCreatedRevision: - type: string - latestReadyRevision: - type: string - latestRolledoutRevision: - type: string - previousRolledoutRevision: - type: string - traffic: - items: - properties: - configurationName: - type: string - latestRevision: - type: boolean - percent: - format: int64 - type: integer - revisionName: - type: string - tag: - type: string - url: - type: string - type: object - type: array - url: + workingDir: type: string type: object + type: array + disabled: + type: boolean + grpcDataEndpoint: + type: string + grpcEndpoint: + type: string + httpDataEndpoint: + type: string + multiModel: + type: boolean + nodeSelector: + additionalProperties: + type: string type: object - conditions: + replicas: + type: integer + storageHelper: + properties: + disabled: + type: boolean + type: object + supportedModelFormats: items: properties: - lastTransitionTime: + autoSelect: + type: boolean + name: type: string - message: + version: type: string - reason: + required: + - name + type: object + type: array + tolerations: + items: + properties: + effect: type: string - severity: + key: type: string - status: + operator: type: string - type: + tolerationSeconds: + format: int64 + type: integer + value: type: string - required: - - status - - type type: object type: array - observedGeneration: - format: int64 - type: integer - url: - type: string + required: + - containers + type: object + status: type: object - x-kubernetes-preserve-unknown-fields: true type: object served: true storage: true - subresources: - status: {} + subresources: {} status: acceptedNames: kind: "" @@ -11976,13 +14435,24 @@ status: conditions: [] storedVersions: [] --- +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: kserve + app.kubernetes.io/instance: kserve-controller-manager + app.kubernetes.io/managed-by: kserve-controller-manager + app.kubernetes.io/name: kserve + name: kserve-controller-manager + namespace: kubeflow +--- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: labels: app: kserve app.kubernetes.io/name: kserve - name: leader-election-role + name: kserve-leader-election-role namespace: kubeflow rules: - apiGroups: @@ -12196,6 +14666,27 @@ rules: - get - patch - update +- apiGroups: + - serving.kserve.io + resources: + - clusterservingruntimes + - clusterservingruntimes/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - serving.kserve.io + resources: + - clusterservingruntimes/status + verbs: + - get + - patch + - update - apiGroups: - serving.kserve.io resources: @@ -12217,6 +14708,27 @@ rules: - get - patch - update +- apiGroups: + - serving.kserve.io + resources: + - servingruntimes + - servingruntimes/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - serving.kserve.io + resources: + - servingruntimes/status + verbs: + - get + - patch + - update - apiGroups: - serving.kserve.io resources: @@ -12287,6 +14799,7 @@ rules: - serving.kserve.io resources: - inferenceservices + - servingruntimes verbs: - get - list @@ -12330,6 +14843,7 @@ rules: - serving.kserve.io resources: - inferenceservices + - servingruntimes verbs: - get - list @@ -12355,15 +14869,15 @@ metadata: labels: app: kserve app.kubernetes.io/name: kserve - name: leader-election-rolebinding + name: kserve-leader-election-rolebinding namespace: kubeflow roleRef: apiGroup: rbac.authorization.k8s.io kind: Role - name: leader-election-role + name: kserve-leader-election-role subjects: - kind: ServiceAccount - name: default + name: kserve-controller-manager namespace: kubeflow --- apiVersion: rbac.authorization.k8s.io/v1 @@ -12379,7 +14893,7 @@ roleRef: name: kserve-manager-role subjects: - kind: ServiceAccount - name: default + name: kserve-controller-manager namespace: kubeflow --- apiVersion: rbac.authorization.k8s.io/v1 @@ -12395,14 +14909,14 @@ roleRef: name: kserve-proxy-role subjects: - kind: ServiceAccount - name: default + name: kserve-controller-manager namespace: kubeflow --- apiVersion: v1 data: agent: |- { - "image" : "kserve/agent:v0.7.0", + "image" : "kserve/agent:v0.8.0", "memoryRequest": "100Mi", "memoryLimit": "1Gi", "cpuRequest": "100m", @@ -12410,7 +14924,7 @@ data: } batcher: |- { - "image" : "kserve/agent:v0.7.0", + "image" : "kserve/agent:v0.8.0", "memoryRequest": "1Gi", "memoryLimit": "1Gi", "cpuRequest": "1", @@ -12434,15 +14948,15 @@ data: { "alibi": { "image" : "kserve/alibi-explainer", - "defaultImageVersion": "v0.7.0" + "defaultImageVersion": "latest" }, "aix": { "image" : "kserve/aix-explainer", - "defaultImageVersion": "v0.7.0" + "defaultImageVersion": "latest" }, "art": { "image" : "kserve/art-explainer", - "defaultImageVersion": "v0.7.0" + "defaultImageVersion": "latest" } } ingress: |- @@ -12455,7 +14969,7 @@ data: } logger: |- { - "image" : "kserve/agent:v0.7.0", + "image" : "kserve/agent:v0.8.0", "memoryRequest": "100Mi", "memoryLimit": "1Gi", "cpuRequest": "100m", @@ -12466,8 +14980,8 @@ data: { "tensorflow": { "image": "tensorflow/serving", - "defaultImageVersion": "1.14.0", - "defaultGpuImageVersion": "1.14.0-gpu", + "defaultImageVersion": "2.6.2", + "defaultGpuImageVersion": "2.6.2-gpu", "defaultTimeout": "60", "supportedFrameworks": [ "tensorflow" @@ -12485,7 +14999,7 @@ data: "sklearn": { "v1": { "image": "kserve/sklearnserver", - "defaultImageVersion": "v0.7.0", + "defaultImageVersion": "v0.8.0", "supportedFrameworks": [ "sklearn" ], @@ -12493,17 +15007,17 @@ data: }, "v2": { "image": "docker.io/seldonio/mlserver", - "defaultImageVersion": "0.2.1", + "defaultImageVersion": "0.5.3", "supportedFrameworks": [ "sklearn" ], - "multiModelServer": false + "multiModelServer": true } }, "xgboost": { "v1": { "image": "kserve/xgbserver", - "defaultImageVersion": "v0.7.0", + "defaultImageVersion": "v0.8.0", "supportedFrameworks": [ "xgboost" ], @@ -12511,27 +15025,27 @@ data: }, "v2": { "image": "docker.io/seldonio/mlserver", - "defaultImageVersion": "0.2.1", + "defaultImageVersion": "0.5.3", "supportedFrameworks": [ "xgboost" ], - "multiModelServer": false + "multiModelServer": true } }, "pytorch": { "v1" : { - "image": "kserve/pytorchserver", - "defaultImageVersion": "v0.7.0", - "defaultGpuImageVersion": "latest-gpu", + "image": "kserve/torchserve-kfs", + "defaultImageVersion": "0.5.3", + "defaultGpuImageVersion": "0.5.3-gpu", "supportedFrameworks": [ "pytorch" ], "multiModelServer": false }, "v2" : { - "image": "pytorch/torchserve-kfs", - "defaultImageVersion": "0.4.1", - "defaultGpuImageVersion": "0.4.1-gpu", + "image": "kserve/torchserve-kfs", + "defaultImageVersion": "0.5.3", + "defaultGpuImageVersion": "0.5.3-gpu", "supportedFrameworks": [ "pytorch" ], @@ -12551,7 +15065,7 @@ data: }, "pmml": { "image": "kserve/pmmlserver", - "defaultImageVersion": "v0.7.0", + "defaultImageVersion": "v0.8.0", "supportedFrameworks": [ "pmml" ], @@ -12559,7 +15073,7 @@ data: }, "lightgbm": { "image": "kserve/lgbserver", - "defaultImageVersion": "v0.7.0", + "defaultImageVersion": "v0.8.0", "supportedFrameworks": [ "lightgbm" ], @@ -12567,7 +15081,7 @@ data: }, "paddle": { "image": "kserve/paddleserver", - "defaultImageVersion": "v0.7.0", + "defaultImageVersion": "v0.8.0", "supportedFrameworks": [ "paddle" ], @@ -12576,7 +15090,7 @@ data: } storageInitializer: |- { - "image" : "kserve/storage-initializer:v0.7.0", + "image" : "kserve/storage-initializer:v0.8.0", "memoryRequest": "100Mi", "memoryLimit": "1Gi", "cpuRequest": "100m", @@ -12650,7 +15164,9 @@ metadata: namespace: kubeflow spec: ports: - - port: 443 + - port: 8443 + protocol: TCP + targetPort: https selector: app: kserve app.kubernetes.io/name: kserve @@ -12714,7 +15230,7 @@ spec: fieldPath: metadata.namespace - name: SECRET_NAME value: kserve-webhook-server-cert - image: kserve/kserve-controller:v0.7.0 + image: kserve/kserve-controller:v0.8.0 imagePullPolicy: Always name: manager ports: @@ -12728,6 +15244,8 @@ spec: requests: cpu: 100m memory: 200Mi + securityContext: + allowPrivilegeEscalation: false volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert @@ -12737,11 +15255,15 @@ spec: - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.4.0 + image: gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 name: kube-rbac-proxy ports: - containerPort: 8443 name: https + protocol: TCP + securityContext: + runAsNonRoot: true + serviceAccountName: kserve-controller-manager terminationGracePeriodSeconds: 10 volumes: - name: cert @@ -12749,7 +15271,7 @@ spec: defaultMode: 420 secretName: kserve-webhook-server-cert --- -apiVersion: cert-manager.io/v1alpha2 +apiVersion: cert-manager.io/v1 kind: Certificate metadata: labels: @@ -12766,7 +15288,7 @@ spec: name: selfsigned-issuer secretName: kserve-webhook-server-cert --- -apiVersion: cert-manager.io/v1alpha2 +apiVersion: cert-manager.io/v1 kind: Issuer metadata: labels: @@ -12901,3 +15423,260 @@ webhooks: resources: - trainedmodels sideEffects: None +--- +apiVersion: serving.kserve.io/v1alpha1 +kind: ClusterServingRuntime +metadata: + name: kserve-lgbserver +spec: + containers: + - args: + - --model_name={{.Name}} + - --model_dir=/mnt/models + - --http_port=8080 + - --nthread=1 + image: kserve/lgbserver:v0.8.0 + name: kserve-container + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 2Gi + supportedModelFormats: + - autoSelect: true + name: lightgbm + version: "2" +--- +apiVersion: serving.kserve.io/v1alpha1 +kind: ClusterServingRuntime +metadata: + name: kserve-mlserver +spec: + containers: + - env: + - name: MLSERVER_MODEL_IMPLEMENTATION + value: '{{.Labels.modelClass}}' + - name: MLSERVER_HTTP_PORT + value: "8080" + - name: MLSERVER_GRPC_PORT + value: "9000" + - name: MODELS_DIR + value: /mnt/models + image: docker.io/seldonio/mlserver:0.5.3 + name: kserve-container + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 2Gi + supportedModelFormats: + - name: sklearn + version: "0" + - name: xgboost + version: "1" + - name: lightgbm + version: "3" + - autoSelect: true + name: mlflow + version: "1" +--- +apiVersion: serving.kserve.io/v1alpha1 +kind: ClusterServingRuntime +metadata: + name: kserve-paddleserver +spec: + containers: + - args: + - --model_name={{.Name}} + - --model_dir=/mnt/models + - --http_port=8080 + image: kserve/paddleserver:v0.8.0 + name: kserve-container + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 2Gi + supportedModelFormats: + - autoSelect: true + name: paddle + version: "2" +--- +apiVersion: serving.kserve.io/v1alpha1 +kind: ClusterServingRuntime +metadata: + name: kserve-pmmlserver +spec: + containers: + - args: + - --model_name={{.Name}} + - --model_dir=/mnt/models + - --http_port=8080 + image: kserve/pmmlserver:v0.8.0 + name: kserve-container + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 2Gi + supportedModelFormats: + - autoSelect: true + name: pmml + version: "3" + - autoSelect: true + name: pmml + version: "4" +--- +apiVersion: serving.kserve.io/v1alpha1 +kind: ClusterServingRuntime +metadata: + name: kserve-sklearnserver +spec: + containers: + - args: + - --model_name={{.Name}} + - --model_dir=/mnt/models + - --http_port=8080 + image: kserve/sklearnserver:v0.8.0 + name: kserve-container + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 2Gi + supportedModelFormats: + - autoSelect: true + name: sklearn + version: "1" +--- +apiVersion: serving.kserve.io/v1alpha1 +kind: ClusterServingRuntime +metadata: + name: kserve-tensorflow-serving +spec: + containers: + - args: + - --model_name={{.Name}} + - --port=9000 + - --rest_api_port=8080 + - --model_base_path=/mnt/models + - --rest_api_timeout_in_ms=60000 + command: + - /usr/bin/tensorflow_model_server + image: tensorflow/serving:2.6.2 + name: kserve-container + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 2Gi + supportedModelFormats: + - autoSelect: true + name: tensorflow + version: "1" + - autoSelect: true + name: tensorflow + version: "2" +--- +apiVersion: serving.kserve.io/v1alpha1 +kind: ClusterServingRuntime +metadata: + name: kserve-torchserve +spec: + containers: + - args: + - torchserve + - --start + - --model-store=/mnt/models/model-store + - --ts-config=/mnt/models/config/config.properties + env: + - name: TS_SERVICE_ENVELOPE + value: '{{.Labels.serviceEnvelope}}' + image: kserve/torchserve-kfs:0.5.3 + name: kserve-container + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 2Gi + supportedModelFormats: + - autoSelect: true + name: pytorch + version: "1" +--- +apiVersion: serving.kserve.io/v1alpha1 +kind: ClusterServingRuntime +metadata: + name: kserve-tritonserver +spec: + containers: + - args: + - tritonserver + - --model-store=/mnt/models + - --grpc-port=9000 + - --http-port=8080 + - --allow-grpc=true + - --allow-http=true + image: nvcr.io/nvidia/tritonserver:21.09-py3 + name: kserve-container + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 2Gi + supportedModelFormats: + - name: tensorrt + version: "8" + - name: tensorflow + version: "1" + - name: tensorflow + version: "2" + - autoSelect: true + name: onnx + version: "1" + - name: pytorch + version: "1" + - autoSelect: true + name: triton + version: "2" +--- +apiVersion: serving.kserve.io/v1alpha1 +kind: ClusterServingRuntime +metadata: + name: kserve-xgbserver +spec: + containers: + - args: + - --model_name={{.Name}} + - --model_dir=/mnt/models + - --http_port=8080 + - --nthread=1 + image: kserve/xgbserver:v0.8.0 + name: kserve-container + resources: + limits: + cpu: "1" + memory: 2Gi + requests: + cpu: "1" + memory: 2Gi + supportedModelFormats: + - autoSelect: true + name: xgboost + version: "1" diff --git a/contrib/kserve/kserve/kustomization.yaml b/contrib/kserve/kserve/kustomization.yaml index 1aebb746f8..3e4f20907c 100644 --- a/contrib/kserve/kserve/kustomization.yaml +++ b/contrib/kserve/kserve/kustomization.yaml @@ -1,8 +1,17 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- kserve.yaml -- aggregated-roles.yaml -# For KF 1.5 we are including both KFServing and KServe. Thus we install the +# Install Kserve in kubeflow namespace +- kserve_kubeflow.yaml + +# If you want to install both KFServing and KServe, install the # standalone kserve manifests, to avoid conflicts with 0.6.1 KFServing. -#- kserve_kubeflow.yaml +# - kserve.yaml +# - aggregated-roles.yaml +# - kserve-runtimes.yaml +# configMapGenerator: +# - name: kserve-config +# namespace: kserve +# behavior: merge +# envs: +# - params.env \ No newline at end of file diff --git a/contrib/kserve/kserve/params.env b/contrib/kserve/kserve/params.env new file mode 100644 index 0000000000..74936391b5 --- /dev/null +++ b/contrib/kserve/kserve/params.env @@ -0,0 +1 @@ +ingressGateway=kubeflow/kubeflow-gateway \ No newline at end of file diff --git a/contrib/kserve/models-web-app/base/deployment.yaml b/contrib/kserve/models-web-app/base/deployment.yaml index 4b1142e175..bc80897d19 100644 --- a/contrib/kserve/models-web-app/base/deployment.yaml +++ b/contrib/kserve/models-web-app/base/deployment.yaml @@ -14,7 +14,7 @@ spec: app.kubernetes.io/component: kserve-models-web-app spec: containers: - - image: kserve/models-web-app:latest + - image: kserve/models-web-app:v0.8.0 imagePullPolicy: Always name: kserve-models-web-app envFrom: @@ -22,4 +22,23 @@ spec: name: kserve-models-web-app-config ports: - containerPort: 5000 + name: http + livenessProbe: + httpGet: + path: /healthz/liveness + port: http + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + readinessProbe: + httpGet: + path: /healthz/readiness + port: http + initialDelaySeconds: 0 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 serviceAccountName: kserve-models-web-app diff --git a/contrib/kserve/models-web-app/base/kustomization.yaml b/contrib/kserve/models-web-app/base/kustomization.yaml index 95fda69a3f..aa8ee91665 100644 --- a/contrib/kserve/models-web-app/base/kustomization.yaml +++ b/contrib/kserve/models-web-app/base/kustomization.yaml @@ -3,15 +3,18 @@ resources: - service.yaml - deployment.yaml - istio.yaml + +namespace: kserve + commonLabels: kustomize.component: kserve-models-web-app app.kubernetes.io/component: kserve-models-web-app + images: - name: kserve/models-web-app newName: kserve/models-web-app - newTag: v0.7.0 + newTag: v0.8.0 configMapGenerator: - name: kserve-models-web-app-config - namespace: kserve literals: - APP_DISABLE_AUTH="True" diff --git a/contrib/kserve/models-web-app/overlays/kubeflow/kustomization.yaml b/contrib/kserve/models-web-app/overlays/kubeflow/kustomization.yaml index ddbf501269..18f0724c00 100644 --- a/contrib/kserve/models-web-app/overlays/kubeflow/kustomization.yaml +++ b/contrib/kserve/models-web-app/overlays/kubeflow/kustomization.yaml @@ -33,7 +33,6 @@ generatorOptions: # kserve namespace in webhook configurations configMapGenerator: - name: kserve-models-web-app-config - namespace: kserve behavior: replace literals: - USERID_HEADER=kubeflow-userid diff --git a/contrib/kserve/models-web-app/overlays/kubeflow/patches/web-app-vsvc.yaml b/contrib/kserve/models-web-app/overlays/kubeflow/patches/web-app-vsvc.yaml index 979f66126e..22eaa9dbff 100644 --- a/contrib/kserve/models-web-app/overlays/kubeflow/patches/web-app-vsvc.yaml +++ b/contrib/kserve/models-web-app/overlays/kubeflow/patches/web-app-vsvc.yaml @@ -8,3 +8,7 @@ host: kserve-models-web-app.kubeflow.svc.cluster.local port: number: 80 +- op: replace + path: /spec/gateways + value: + - kubeflow/kubeflow-gateway diff --git a/contrib/networkpolicies/kfserving.yaml b/contrib/networkpolicies/kserve.yaml similarity index 84% rename from contrib/networkpolicies/kfserving.yaml rename to contrib/networkpolicies/kserve.yaml index 64b5b5e297..9ce467f472 100644 --- a/contrib/networkpolicies/kfserving.yaml +++ b/contrib/networkpolicies/kserve.yaml @@ -2,7 +2,7 @@ kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: - name: kfserving + name: kserve namespace: kubeflow spec: podSelector: @@ -10,7 +10,7 @@ spec: - key: control-plane operator: In values: - - kfserving-controller-manager # mutating webhook + - kserve-controller-manager # mutating webhook # https://www.elastic.co/guide/en/cloud-on-k8s/1.1/k8s-webhook-network-policies.html # The kubernetes api server must reach the webhook ingress: diff --git a/contrib/networkpolicies/kustomization.yaml b/contrib/networkpolicies/kustomization.yaml index 48ba33a7d2..290d6f23d3 100644 --- a/contrib/networkpolicies/kustomization.yaml +++ b/contrib/networkpolicies/kustomization.yaml @@ -9,9 +9,9 @@ resources: - katib-controller.yaml - katib-db-manager.yaml - katib-ui.yaml - - kfserving-models-web-app.yaml - - kfserving.yaml - kserve-models-web-app.yaml + - kserve.yaml + - metadata-envoy.yaml - metadata-grpc-server.yaml - minio.yaml - ml-pipeline-ui.yaml diff --git a/contrib/networkpolicies/kfserving-models-web-app.yaml b/contrib/networkpolicies/metadata-envoy.yaml similarity index 78% rename from contrib/networkpolicies/kfserving-models-web-app.yaml rename to contrib/networkpolicies/metadata-envoy.yaml index b35a7e7872..3ec8f2e318 100644 --- a/contrib/networkpolicies/kfserving-models-web-app.yaml +++ b/contrib/networkpolicies/metadata-envoy.yaml @@ -1,15 +1,15 @@ kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: - name: kfserving-models-web-app + name: metatada-envoy namespace: kubeflow spec: podSelector: matchExpressions: - - key: app.kubernetes.io/component + - key: component operator: In values: - - kfserving-models-web-app + - metadata-envoy ingress: - from: - namespaceSelector: @@ -18,5 +18,7 @@ spec: operator: In values: - istio-system + - podSelector: {} policyTypes: - Ingress + diff --git a/contrib/networkpolicies/minio.yaml b/contrib/networkpolicies/minio.yaml index bb8866be6e..b307814773 100644 --- a/contrib/networkpolicies/minio.yaml +++ b/contrib/networkpolicies/minio.yaml @@ -18,6 +18,12 @@ spec: operator: In values: - kubeflow-profile + - namespaceSelector: + matchExpressions: + - key: kubernetes.io/metadata.name + operator: In + values: + - istio-system - podSelector: {} # allow all pods from the same namespace policyTypes: - Ingress diff --git a/example/kustomization.yaml b/example/kustomization.yaml index b333d40715..34ba90e2af 100644 --- a/example/kustomization.yaml +++ b/example/kustomization.yaml @@ -6,9 +6,9 @@ resources: - ../common/cert-manager/cert-manager/base - ../common/cert-manager/kubeflow-issuer/base # Istio -- ../common/istio-1-11/istio-crds/base -- ../common/istio-1-11/istio-namespace/base -- ../common/istio-1-11/istio-install/base +- ../common/istio-1-14/istio-crds/base +- ../common/istio-1-14/istio-namespace/base +- ../common/istio-1-14/istio-install/base # OIDC Authservice - ../common/oidc-authservice/base # Dex @@ -16,28 +16,26 @@ resources: # KNative - ../common/knative/knative-serving/overlays/gateways - ../common/knative/knative-eventing/base -- ../common/istio-1-11/cluster-local-gateway/base +- ../common/istio-1-14/cluster-local-gateway/base # Kubeflow namespace - ../common/kubeflow-namespace/base # Kubeflow Roles - ../common/kubeflow-roles/base # Kubeflow Istio Resources -- ../common/istio-1-11/kubeflow-istio-resources/base +- ../common/istio-1-14/kubeflow-istio-resources/base # Kubeflow Pipelines -- ../apps/pipeline/upstream/env/platform-agnostic-multi-user -# KFServing -- ../apps/kfserving/upstream/overlays/kubeflow +- ../apps/pipeline/upstream/env/cert-manager/platform-agnostic-multi-user # Katib - ../apps/katib/upstream/installs/katib-with-kubeflow # Central Dashboard - ../apps/centraldashboard/upstream/overlays/kserve # Admission Webhook - ../apps/admission-webhook/upstream/overlays/cert-manager -# Notebook Controller -- ../apps/jupyter/jupyter-web-app/upstream/overlays/istio # Jupyter Web App +- ../apps/jupyter/jupyter-web-app/upstream/overlays/istio +# Notebook Controller - ../apps/jupyter/notebook-controller/upstream/overlays/kubeflow # Profiles + KFAM - ../apps/profiles/upstream/overlays/kubeflow diff --git a/hack/setup-kubeflow-light.sh b/hack/setup-kubeflow-light.sh index 417e184f15..1be9fe80b0 100755 --- a/hack/setup-kubeflow-light.sh +++ b/hack/setup-kubeflow-light.sh @@ -14,7 +14,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -# This shell script is used to setup Katib deployment. +# This shell script is used to setup Kubeflow deployment. set -euo pipefail TIMEOUT=600s # 10mins @@ -30,9 +30,9 @@ sleep 5 kubectl wait --timeout=${TIMEOUT} -n cert-manager --all --for=condition=Ready pod echo "Deploying Istio." -kustomize build common/istio-1-11/istio-crds/base | kubectl apply -f - -kustomize build common/istio-1-11/istio-namespace/base | kubectl apply -f - -kustomize build common/istio-1-11/istio-install/base | kubectl apply -f - +kustomize build common/istio-1-14/istio-crds/base | kubectl apply -f - +kustomize build common/istio-1-14/istio-namespace/base | kubectl apply -f - +kustomize build common/istio-1-14/istio-install/base | kubectl apply -f - echo "Waiting for istio-system Pods to become ready..." sleep 5 @@ -50,7 +50,7 @@ do done kustomize build common/knative/knative-eventing/base | kubectl apply -f - -kustomize build common/istio-1-11/cluster-local-gateway/base | kubectl apply -f - +kustomize build common/istio-1-14/cluster-local-gateway/base | kubectl apply -f - echo "Waiting for knative-serving Pods to become ready..." sleep 5 @@ -58,7 +58,7 @@ kubectl wait --timeout=${TIMEOUT} -n knative-serving --all --for=condition=Ready echo "Deploying KFP." function install_kfp { - kustomize build apps/pipeline/upstream/env/platform-agnostic-multi-user | kubectl apply -f - --validate=false + kustomize build apps/pipeline/upstream/env/cert-manager/platform-agnostic-multi-user | kubectl apply -f - --validate=false } while ! install_kfp; diff --git a/hack/sync-kserve-kserve-manifests.sh b/hack/sync-kserve-kserve-manifests.sh new file mode 100755 index 0000000000..e9417ba625 --- /dev/null +++ b/hack/sync-kserve-kserve-manifests.sh @@ -0,0 +1,87 @@ +#!/usr/bin/env bash + +# This script aims at helping create a PR to update the manifests of the +# kserve/kserve repo. +# This script: +# 1. Checks out a new branch +# 2. Copies files to the correct places +# 3. Commits the changes +# +# Afterwards the developers can submit the PR to the kubeflow/manifests +# repo, based on that local branch + +# Run this script form the root of kubeflow/manifests repository +# ./hack/sync-kserve-manifests.sh + +# strict mode http://redsymbol.net/articles/unofficial-bash-strict-mode/ +set -euo pipefail +IFS=$'\n\t' + +CLONE_DIR=${CLONE_DIR:=/tmp} +KSERVE_DIR="${CLONE_DIR?}/kserve" +BRANCH=${BRANCH:=sync-kserve-manifests-${KSERVE_COMMIT?}} +# *_VERSION vars are required only if COMMIT does not match a tag +KSERVE_VERSION=${KSERVE_VERSION:=${KSERVE_COMMIT?}} + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +MANIFESTS_DIR=$(dirname "${SCRIPT_DIR}") + +echo "Creating branch: ${BRANCH}" + +# DEV: Comment out this if when local testing +if [ -n "$(git status --porcelain)" ]; then + # Uncommitted changes + echo "WARNING: You have uncommitted changes, exiting..." + exit 1 +fi + +if [ "$(git branch --list "${BRANCH}")" ] +then + echo "WARNING: Branch ${BRANCH} already exists. Exiting..." + exit 1 +fi + +# DEV: Comment out this checkout command when local testing +git checkout -b "${BRANCH}" + +echo "Checking out in $KSERVE_DIR to $KSERVE_COMMIT..." +pushd $CLONE_DIR + if [ ! -d "$KSERVE_DIR" ] + then + git clone https://github.com/kserve/kserve.git && cd kserve + git checkout "${KSERVE_COMMIT}" + else + echo "WARNING: ${KSERVE_DIR} directory already exists. Exiting..." + exit 1 + fi +popd + +echo "Copying kserve manifests..." +SRC_MANIFEST_PATH="$KSERVE_DIR"/install/"$KSERVE_VERSION" +if [ ! -d "$SRC_MANIFEST_PATH" ] +then + echo "Directory $SRC_MANIFEST_PATH DOES NOT exists." + exit 1 +fi + +DST_DIR=$MANIFESTS_DIR/contrib/kserve/kserve +pushd "$DST_DIR" + rm -rf kserve* +popd +cp "$SRC_MANIFEST_PATH"/* "$DST_DIR" -r + + +echo "Successfully copied kserve manifests." + +echo "Updating README..." +SRC_TXT="\[.*\](https://github.com/kserve/kserve/tree/.*)" +DST_TXT="\[$KSERVE_COMMIT\](https://github.com/kserve/kserve/tree/$KSERVE_COMMIT/install/$KSERVE_VERSION)" + +sed -i "s|$SRC_TXT|$DST_TXT|g" "${MANIFESTS_DIR}"/README.md + +# DEV: Comment out these commands when local testing +echo "Committing the changes..." +cd "$MANIFESTS_DIR" +git add contrib/kserve +git add README.md +git commit -m "Update kserve manifests from ${KSERVE_VERSION}" -m "Update kserve/kserve manifests from ${KSERVE_COMMIT}" diff --git a/hack/sync-kserve-web-app-manifests.sh b/hack/sync-kserve-web-app-manifests.sh new file mode 100755 index 0000000000..8bb7dcf10c --- /dev/null +++ b/hack/sync-kserve-web-app-manifests.sh @@ -0,0 +1,68 @@ +#!/usr/bin/env bash + +# This script aims at helping create a PR to update the manifests of the +# kserve/models-web-app repo. +# This script: +# 1. Checks out a new branch +# 2. Copies files to the correct places +# 3. Commits the changes +# +# Afterwards the developers can submit the PR to the kubeflow/manifests +# repo, based on that local branch + +# strict mode http://redsymbol.net/articles/unofficial-bash-strict-mode/ +set -euo pipefail +IFS=$'\n\t' + +SRC_DIR=${SRC_DIR:=/tmp/kserve-models-web-app} +BRANCH=${BRANCH:=sync-kserve-web-app-manifests-${COMMIT?}} + +SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) +MANIFESTS_DIR=$(dirname $SCRIPT_DIR) + +echo "Creating branch: ${BRANCH}" + +# DEV: Comment out this if when local testing +if [ -n "$(git status --porcelain)" ]; then + # Uncommitted changes + echo "WARNING: You have uncommitted changes, exiting..." + exit 1 +fi + +if [ `git branch --list $BRANCH` ] +then + echo "WARNING: Branch $BRANCH already exists. Exiting..." + exit 1 +fi + +# DEV: Comment out this checkout command when local testing +git checkout -b $BRANCH + +echo "Checking out in $SRC_DIR to $COMMIT..." +cd $SRC_DIR +if [ -n "$(git status --porcelain)" ]; then + # Uncommitted changes + echo "WARNING: You have uncommitted changes, exiting..." + exit 1 +fi +git checkout $COMMIT + +echo "Copying admission-webhook manifests..." +DST_DIR=$MANIFESTS_DIR/contrib/kserve/models-web-app +rm -r $DST_DIR +cp $SRC_DIR/config $DST_DIR -r + +echo "Successfully copied kserve models web app manifests." + +echo "Updating README..." +SRC_TXT="\[.*\](https://github.com/kserve/models-web-app/tree/.*)" +DST_TXT="\[$COMMIT\](https://github.com/kserve/models-web-app/tree/$COMMIT/config)" + +sed -i "s|$SRC_TXT|$DST_TXT|g" "${MANIFESTS_DIR}"/README.md + +# DEV: Comment out these commands when local testing +echo "Committing the changes..." +cd "$MANIFESTS_DIR" +git add contrib/kserve/models-web-app +git add README.md +git commit -m "Update kserve web app manifests from ${COMMIT}" diff --git a/hack/sync-training-operator-manifests.sh b/hack/sync-training-operator-manifests.sh index 7c220dd699..348253e99f 100755 --- a/hack/sync-training-operator-manifests.sh +++ b/hack/sync-training-operator-manifests.sh @@ -55,8 +55,15 @@ cp $SRC_DIR/manifests $DST_DIR -r echo "Successfully copied all manifests." +echo "Updating README..." +SRC_TXT="\[.*\](https://github.com/kubeflow/training-operator/tree/.*/manifests)" +DST_TXT="\[$COMMIT\](https://github.com/kubeflow/training-operator/tree/$COMMIT/manifests)" + +sed -i "s|$SRC_TXT|$DST_TXT|g" ${MANIFESTS_DIR}/README.md + # DEV: Comment out these commands when local testing echo "Committing the changes..." cd $MANIFESTS_DIR git add apps +git add README.md git commit -m "Update kubeflow/training-operator manifests from ${COMMIT}" diff --git a/openshift/README.md b/openshift/README.md index 274a637167..26cc279ceb 100644 --- a/openshift/README.md +++ b/openshift/README.md @@ -10,4 +10,10 @@ After the Kubeflow community releases a stable Tag, we pull this new Tag in our 4. Copy the folder called ```openshift``` from the previous release openshift branch for example from v1.3.0-openshift 5. Make changes on fixes then submit the PR +## Install KF 1.6 on OpenShift +### Istio Stack + +```commandline +while ! kustomize build openshift/example/istio | kubectl apply -f -; do echo "Retrying to apply resources"; sleep 10; done +``` \ No newline at end of file diff --git a/openshift/example/istio/kustomization.yaml b/openshift/example/istio/kustomization.yaml new file mode 100644 index 0000000000..be89d05dc9 --- /dev/null +++ b/openshift/example/istio/kustomization.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - ../../openshiftstack/application/openshift/openshift-scc/overlays/istio + - ../../openshiftstack/application/istio-1-14-OpenShift + - ../../openshiftstack/application/cert-manager-1.5 + - ../../openshiftstack/application/kfp-tekton/base + - ../../openshiftstack/application/knative/overlays/istio + - ../../openshiftstack/application/jupyter-web-app/base + - ../../openshiftstack/application/notebook-controller/base + - ../../openshiftstack/application/volumes-web-app/base + - ../../openshiftstack/application/training-operator/base + - ../../openshiftstack/application/katib/base + - ../../openshiftstack/application/kserve/base + - ../../openshiftstack/ diff --git a/openshift/openshiftstack/application/notebook-controller/base/kustomization.yaml b/openshift/openshiftstack/application/notebook-controller/base/kustomization.yaml index 574b09a2c7..02cb4e04bc 100644 --- a/openshift/openshiftstack/application/notebook-controller/base/kustomization.yaml +++ b/openshift/openshiftstack/application/notebook-controller/base/kustomization.yaml @@ -5,27 +5,4 @@ resources: - ../../../../../apps/jupyter/notebook-controller/upstream/overlays/kubeflow patchesStrategicMerge: -- ./configs/addfsgroup-env.yaml - -configMapGenerator: -- name: kubeflow-config - envs: - - ../../../config/params.env -# We need to define vars at the top level otherwise we will get -# conflicts. -vars: -- fieldref: - fieldPath: data.clusterDomain - name: clusterDomain - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config -- fieldref: - fieldPath: metadata.namespace - name: namespace - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config - +- ./configs/addfsgroup-env.yaml \ No newline at end of file diff --git a/openshift/openshiftstack/kustomization.yaml b/openshift/openshiftstack/kustomization.yaml index ef5742392a..94d096844f 100644 --- a/openshift/openshiftstack/kustomization.yaml +++ b/openshift/openshiftstack/kustomization.yaml @@ -5,14 +5,6 @@ resources: #Kubeflow roles - ../../common/kubeflow-roles/base -#Istio 1.9.6 -# Leaving this untill the Kf community upgrades to istio 1.11 -#Virtual gateway - - ../../common/istio-1-9/kubeflow-istio-resources/base -## Per istio 1.9 installation on openshift https://istio.io/latest/docs/setup/platform-setup/openshift/ -# This is here because it needs to install in namespace kubeflow - - application/istio-1-1-1-Openshift/network-attachment.yaml - #Added custom centraldashboard to remove tensorboard - application/centraldashboard/base @@ -57,5 +49,5 @@ vars: # Rebuilt profile controller image for KF 1.3 images: - name: public.ecr.aws/j1r0q0g6/notebooks/profile-controller - newName: quay.io/kubeflow/profile-controller + newName: quay.io/kubeflow/profile-controller newTag: v0.12.0 diff --git a/prow_config.yaml b/prow_config.yaml index 47d9f19392..505ae534f1 100644 --- a/prow_config.yaml +++ b/prow_config.yaml @@ -23,7 +23,6 @@ workflows: [] # - default-install/* # - dex-auth/* # - experimental/* -# - istio-1-3-1/* # - istio/* # - jupyter/* # - katib/* @@ -59,7 +58,7 @@ workflows: [] # kwargs: # build_and_apply: false # config_path: https://raw.githubusercontent.com/kubeflow/manifests/master/kfdef/kfctl_aws.yaml - + # - py_func: kubeflow.kfctl.testing.ci.kfctl_e2e_workflow.create_workflow # name: aws-1-15 # job_types: @@ -68,7 +67,7 @@ workflows: [] # build_and_apply: false # config_path: https://raw.githubusercontent.com/kubeflow/manifests/master/kfdef/kfctl_aws.yaml # eks_cluster_version: "1.15" - + # - py_func: kubeflow.kfctl.testing.ci.kfctl_e2e_workflow.create_workflow # name: aws-1-16 # job_types: @@ -76,7 +75,7 @@ workflows: [] # kwargs: # build_and_apply: false # config_path: https://raw.githubusercontent.com/kubeflow/manifests/master/kfdef/kfctl_aws.yaml -# eks_cluster_version: "1.16" +# eks_cluster_version: "1.16" # - py_func: kubeflow.kfctl.testing.ci.kfctl_e2e_workflow.create_workflow # name: aws-1-17 @@ -86,7 +85,7 @@ workflows: [] # build_and_apply: false # config_path: https://raw.githubusercontent.com/kubeflow/manifests/master/kfdef/kfctl_aws.yaml # eks_cluster_version: "1.17" - + # - py_func: kubeflow.kfctl.testing.ci.kfctl_e2e_workflow.create_workflow # name: aws-1-18 # job_types: @@ -94,4 +93,4 @@ workflows: [] # kwargs: # build_and_apply: false # config_path: https://raw.githubusercontent.com/kubeflow/manifests/master/kfdef/kfctl_aws.yaml -# eks_cluster_version: "1.18" \ No newline at end of file +# eks_cluster_version: "1.18" diff --git a/tests/README.md b/tests/README.md index ad8c8f801a..e4acd667c0 100644 --- a/tests/README.md +++ b/tests/README.md @@ -4,7 +4,7 @@ There are 2 goals for the e2e tests: 1. Verify that core components can be applied and become Ready -2. Virify that core CRDs can be created and succeed +2. Verify that core CRDs can be created and succeed ### Components @@ -15,6 +15,8 @@ included in the tests. ### Test Suite +**To use KFserving v0.5/0.6 instead of KServe v0.7, comment the 6,7th lines and uncomment the 10,11th lines here [e2e/utils/kserve.py](https://github.com/kubeflow/manifests/compare/master/tests/e2e/utils/kserve.py#L6-L11)** + The e2e tests are completely independent of the underlying K8s cluster, as well as the platform of the cluster. These tests should be able to run in real world clusters, as well as ephemeral ones like KinD. diff --git a/tests/e2e/README.md b/tests/e2e/README.md index e1688de073..c009a3be7d 100644 --- a/tests/e2e/README.md +++ b/tests/e2e/README.md @@ -6,7 +6,7 @@ This test is using the following Kubeflow CRDs: 1. Kubeflow Pipelines 2. Katib Experiments 3. TFJobs -4. KFServing InferenceServices +4. KServe InferenceServices ## How to run diff --git a/tests/e2e/hack/cleanup_yamls.sh b/tests/e2e/hack/cleanup_yamls.sh index 4d304fb3ae..3701fe21f3 100755 --- a/tests/e2e/hack/cleanup_yamls.sh +++ b/tests/e2e/hack/cleanup_yamls.sh @@ -13,4 +13,4 @@ kubectl delete experiments.kubeflow.org -n kubeflow-user-example-com mnist-e2e kubectl delete tfjobs.kubeflow.org -n kubeflow-user-example-com mnist-e2e -kubectl delete inferenceservices.serving.kubeflow.org -n kubeflow-user-example-com mnist-e2e +kubectl delete inferenceservices.serving.kserve.io -n kubeflow-user-example-com mnist-e2e diff --git a/tests/e2e/mnist.py b/tests/e2e/mnist.py index 73014e4d8d..e5f4b6f5f1 100644 --- a/tests/e2e/mnist.py +++ b/tests/e2e/mnist.py @@ -1,4 +1,4 @@ -"""E2E Kubeflow test that tesst Pipelines, Katib, TFJobs and KFServing. +"""E2E Kubeflow test that tesst Pipelines, Katib, TFJobs and KServe. Requires: pip install kfp==1.8.4 @@ -9,7 +9,7 @@ from kubernetes import config import settings -from utils import isvc, katib, kfserving, tfjob +from utils import isvc, katib, kserve, tfjob config.load_kube_config() @@ -38,8 +38,8 @@ def mnist_pipeline(name=settings.PIPELINE_NAME, tfjob_op = tfjob.create_tfjob_task(name, namespace, training_steps, katib_op, model_volume_op) - # Create the KFServing inference. - kfserving.create_kfserving_task(name, namespace, tfjob_op, + # Create the KServe Inference + kserve.create_serving_task(name, namespace, tfjob_op, model_volume_op) diff --git a/tests/e2e/settings.py b/tests/e2e/settings.py index e303c05aeb..2a243467ba 100644 --- a/tests/e2e/settings.py +++ b/tests/e2e/settings.py @@ -1,5 +1,5 @@ NAMESPACE = "kubeflow-user-example-com" -TIMEOUT = 300 +TIMEOUT = 600 PIPELINE_NAME = "mnist-e2e" EXPERIMENT_NAME = "mnist-e2e" diff --git a/tests/e2e/utils/isvc.py b/tests/e2e/utils/isvc.py index 96d6bcac77..255e69fa49 100644 --- a/tests/e2e/utils/isvc.py +++ b/tests/e2e/utils/isvc.py @@ -1,6 +1,6 @@ from . import watch -GROUP = "serving.kubeflow.org" +GROUP = "serving.kserve.io" #"serving.kubeflow.org" PLURAL = "inferenceservices" VERSION = "v1beta1" diff --git a/tests/e2e/utils/kfserving.py b/tests/e2e/utils/kfserving.py deleted file mode 100644 index 366ff945d5..0000000000 --- a/tests/e2e/utils/kfserving.py +++ /dev/null @@ -1,29 +0,0 @@ -from kfp import components - - -KFSERVING_URL = "https://raw.githubusercontent.com/kubeflow/pipelines/master/components/kubeflow/kfserving/component.yaml" - - -# You should define the model name, namespace, output of the TFJob and model -# volume tasks in the arguments. -def create_kfserving_task(model_name, model_namespace, tfjob_op, - model_volume_op): - inference_service = ''' -apiVersion: "serving.kubeflow.org/v1beta1" -kind: "InferenceService" -metadata: - name: {} - namespace: {} - annotations: - "sidecar.istio.io/inject": "false" -spec: - predictor: - tensorflow: - storageUri: "pvc://{}/" -'''.format(model_name, model_namespace, str(model_volume_op.outputs["name"])) - - kfserving_launcher_op = components.load_component_from_url(KFSERVING_URL) - kfserving_launcher_op( - action="create", - inferenceservice_yaml=inference_service, - ).after(tfjob_op) diff --git a/tests/e2e/utils/kserve.py b/tests/e2e/utils/kserve.py new file mode 100644 index 0000000000..d62ca6b50d --- /dev/null +++ b/tests/e2e/utils/kserve.py @@ -0,0 +1,28 @@ +from kfp import components + + +def create_serving_task(model_name, model_namespace, tfjob_op, model_volume_op): + + api_version = 'serving.kserve.io/v1beta1' + serving_component_url = 'https://raw.githubusercontent.com/kubeflow/pipelines/master/components/kserve/component.yaml' + + # Uncomment the following two lines if you are using KFServing v0.6.x or v0.5.x + # api_version = 'serving.kubeflow.org/v1beta1' + # serving_component_url = 'https://raw.githubusercontent.com/kubeflow/pipelines/master/components/kubeflow/kfserving/component.yaml' + + inference_service = ''' +apiVersion: "{}" +kind: "InferenceService" +metadata: + name: {} + namespace: {} + annotations: + "sidecar.istio.io/inject": "false" +spec: + predictor: + tensorflow: + storageUri: "pvc://{}/" +'''.format(api_version, model_name, model_namespace, str(model_volume_op.outputs["name"])) + + serving_launcher_op = components.load_component_from_url(serving_component_url) + serving_launcher_op(action="apply", inferenceservice_yaml=inference_service).after(tfjob_op) \ No newline at end of file diff --git a/tests/gh-actions/install_cert_manager.sh b/tests/gh-actions/install_cert_manager.sh new file mode 100755 index 0000000000..dcb855abc4 --- /dev/null +++ b/tests/gh-actions/install_cert_manager.sh @@ -0,0 +1,9 @@ +#!/bin/bash +set -e +echo "Installing cert-manager ..." +cd common/cert-manager +kubectl create namespace cert-manager +kustomize build cert-manager/base | kubectl apply -f - +echo "Waiting for cert-manager to be ready ..." +kubectl wait --for=condition=ready pod -l 'app in (cert-manager,webhook)' --timeout=180s -n cert-manager +kustomize build kubeflow-issuer/base | kubectl apply -f - \ No newline at end of file diff --git a/tests/gh-actions/install_istio.sh b/tests/gh-actions/install_istio.sh new file mode 100755 index 0000000000..098bc6dbd1 --- /dev/null +++ b/tests/gh-actions/install_istio.sh @@ -0,0 +1,7 @@ +#!/bin/bash +set -e +echo "Installing Istio ..." +cd common/istio-1-14 +kustomize build istio-crds/base | kubectl apply -f - +kustomize build istio-namespace/base | kubectl apply -f - +kustomize build istio-install/base | kubectl apply -f - \ No newline at end of file diff --git a/tests/gh-actions/install_kind.sh b/tests/gh-actions/install_kind.sh new file mode 100755 index 0000000000..2c7f9eedcc --- /dev/null +++ b/tests/gh-actions/install_kind.sh @@ -0,0 +1,10 @@ +#!/bin/bash +set -e +echo "Fetching KinD executable ..." +sudo swapoff -a +sudo rm -f /swapfile +sudo mkdir -p /tmp/etcd +sudo mount -t tmpfs tmpfs /tmp/etcd +curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.14.0/kind-linux-amd64 +chmod +x ./kind +sudo mv kind /usr/local/bin \ No newline at end of file diff --git a/tests/gh-actions/install_kserve.sh b/tests/gh-actions/install_kserve.sh new file mode 100755 index 0000000000..92a41df590 --- /dev/null +++ b/tests/gh-actions/install_kserve.sh @@ -0,0 +1,13 @@ +#!/bin/bash +set -euo pipefail +echo "Installing Kserve ..." +cd contrib/kserve +kubectl create ns kubeflow +set +e +kustomize build kserve | kubectl apply -f - +set -e +echo "Waiting for crd/clusterservingruntimes.serving.kserve.io to be available ..." +kubectl wait --for condition=established --timeout=30s crd/clusterservingruntimes.serving.kserve.io +kustomize build kserve | kubectl apply -f - +kustomize build models-web-app/overlays/kubeflow | kubectl apply -f - +kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout 180s \ No newline at end of file diff --git a/tests/gh-actions/install_kustomize.sh b/tests/gh-actions/install_kustomize.sh new file mode 100755 index 0000000000..45196faf60 --- /dev/null +++ b/tests/gh-actions/install_kustomize.sh @@ -0,0 +1,5 @@ +#!/bin/bash +set -e +curl --silent --location --remote-name "https://github.com/kubernetes-sigs/kustomize/releases/download/kustomize/v3.2.3/kustomize_kustomize.v3.2.3_linux_amd64" +chmod a+x kustomize_kustomize.v3.2.3_linux_amd64 +sudo mv kustomize_kustomize.v3.2.3_linux_amd64 /usr/local/bin/kustomize \ No newline at end of file diff --git a/tests/gh-actions/install_pipelines.sh b/tests/gh-actions/install_pipelines.sh new file mode 100755 index 0000000000..3ceaa65604 --- /dev/null +++ b/tests/gh-actions/install_pipelines.sh @@ -0,0 +1,10 @@ +#!/bin/bash +set -euo pipefail +echo "Installing Pipelines ..." +cd apps/pipeline/upstream +kubectl create ns kubeflow +kubectl apply -f third-party/metacontroller/base/crd.yaml +echo "Waiting for crd/compositecontrollers.metacontroller.k8s.io to be available ..." +kubectl wait --for condition=established --timeout=30s crd/compositecontrollers.metacontroller.k8s.io +kustomize build env/cert-manager/platform-agnostic-multi-user | kubectl apply -f - +kubectl wait --for=condition=Ready pods --all --all-namespaces --timeout 180s \ No newline at end of file diff --git a/tests/gh-actions/kf-objects/katib_test.yaml b/tests/gh-actions/kf-objects/katib_test.yaml new file mode 100644 index 0000000000..5d0c4a97d7 --- /dev/null +++ b/tests/gh-actions/kf-objects/katib_test.yaml @@ -0,0 +1,78 @@ +--- +apiVersion: kubeflow.org/v1beta1 +kind: Experiment +metadata: + name: grid-example + namespace: kubeflow-user +spec: + parameters: + - name: lr + parameterType: double + feasibleSpace: + max: '0.01' + min: '0.001' + step: '0.001' + - name: num-layers + parameterType: int + feasibleSpace: + max: '3' + min: '2' + - name: optimizer + parameterType: categorical + feasibleSpace: + list: + - adam + objective: + type: maximize + goal: 0.80 + objectiveMetricName: Validation-accuracy + additionalMetricNames: + - Train-accuracy + metricStrategies: + - name: Validation-accuracy + value: max + - name: Train-accuracy + value: max + algorithm: + algorithmName: grid + trialTemplate: + trialSpec: + apiVersion: batch/v1 + kind: Job + spec: + template: + metadata: + labels: + sidecar.istio.io/inject: 'false' + spec: + containers: + - command: + - python3 + - /opt/mxnet-mnist/mnist.py + - '--batch-size=64' + - '--lr=${trialParameters.learningRate}' + - '--num-layers=${trialParameters.numberLayers}' + - '--optimizer=${trialParameters.optimizer}' + image: docker.io/kubeflowkatib/mxnet-mnist:latest + name: training-container + restartPolicy: Never + trialParameters: + - name: learningRate + description: Learning rate for the training model + reference: lr + - name: numberLayers + description: Number of training model layers + reference: num-layers + - name: optimizer + description: Training model optimizer (sdg, adam or ftrl) + reference: optimizer + primaryContainerName: training-container + successCondition: status.conditions.#(type=="Complete")#|#(status=="True")# + failureCondition: status.conditions.#(type=="Failed")#|#(status=="True")# + parallelTrialCount: 1 + maxTrialCount: 1 + maxFailedTrialCount: 1 + metricsCollectorSpec: + collector: + kind: StdOut + resumePolicy: LongRunning \ No newline at end of file diff --git a/hack/kind-cluster-1-20.yaml b/tests/gh-actions/kind-cluster-1-20.yaml similarity index 66% rename from hack/kind-cluster-1-20.yaml rename to tests/gh-actions/kind-cluster-1-20.yaml index b7e84dcedb..06d3b7d35b 100644 --- a/hack/kind-cluster-1-20.yaml +++ b/tests/gh-actions/kind-cluster-1-20.yaml @@ -1,16 +1,17 @@ # https://github.com/kubernetes-sigs/kind/issues/1954#issuecomment-737775492 # https://github.com/istio/istio/blob/e02690fbfb8bda564582b27d22d9e8e6e00422a5/prow/config/trustworthy-jwt.yaml#L1-L13 # This configs KinD to spin up a k8s cluster with trustworthy jwt (Service Account Token Volume Projection) feature. +# This configuration file should work with KinD v0.14.0 kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 name: manifests-1-20 nodes: - role: control-plane - image: kindest/node:1.20.7@sha256:688fba5ce6b825be62a7c7fe1415b35da2bdfbb5a69227c499ea4cc0008661ca + image: kindest/node:v1.20.15@sha256:6f2d011dffe182bad80b85f6c00e8ca9d86b5b8922cdf433d53575c4c5212248 - role: worker - image: kindest/node:1.20.7@sha256:688fba5ce6b825be62a7c7fe1415b35da2bdfbb5a69227c499ea4cc0008661ca + image: kindest/node:v1.20.15@sha256:6f2d011dffe182bad80b85f6c00e8ca9d86b5b8922cdf433d53575c4c5212248 - role: worker - image: kindest/node:1.20.7@sha256:688fba5ce6b825be62a7c7fe1415b35da2bdfbb5a69227c499ea4cc0008661ca + image: kindest/node:v1.20.15@sha256:6f2d011dffe182bad80b85f6c00e8ca9d86b5b8922cdf433d53575c4c5212248 kubeadmConfigPatches: - | apiVersion: kubeadm.k8s.io/v1beta2 diff --git a/hack/kind-cluster-1-21.yaml b/tests/gh-actions/kind-cluster-1-21.yaml similarity index 66% rename from hack/kind-cluster-1-21.yaml rename to tests/gh-actions/kind-cluster-1-21.yaml index 4aa81ce7fb..90e83236b0 100644 --- a/hack/kind-cluster-1-21.yaml +++ b/tests/gh-actions/kind-cluster-1-21.yaml @@ -1,16 +1,17 @@ # https://github.com/kubernetes-sigs/kind/issues/1954#issuecomment-737775492 # https://github.com/istio/istio/blob/e02690fbfb8bda564582b27d22d9e8e6e00422a5/prow/config/trustworthy-jwt.yaml#L1-L13 # This configs KinD to spin up a k8s cluster with trustworthy jwt (Service Account Token Volume Projection) feature. +# This configuration file should work with KinD v0.14.0 kind: Cluster apiVersion: kind.x-k8s.io/v1alpha4 name: manifests-1-21 nodes: - role: control-plane - image: kindest/node:1.21.2@sha256:19c2315068fd5951aa478ef7b9d1771572c8ea58fbfbf7bc81f7b153679d7a6c + image: kindest/node:v1.21.12@sha256:f316b33dd88f8196379f38feb80545ef3ed44d9197dca1bfd48bcb1583210207 - role: worker - image: kindest/node:1.21.2@sha256:19c2315068fd5951aa478ef7b9d1771572c8ea58fbfbf7bc81f7b153679d7a6c + image: kindest/node:v1.21.12@sha256:f316b33dd88f8196379f38feb80545ef3ed44d9197dca1bfd48bcb1583210207 - role: worker - image: kindest/node:1.21.2@sha256:19c2315068fd5951aa478ef7b9d1771572c8ea58fbfbf7bc81f7b153679d7a6c + image: kindest/node:v1.21.12@sha256:f316b33dd88f8196379f38feb80545ef3ed44d9197dca1bfd48bcb1583210207 kubeadmConfigPatches: - | apiVersion: kubeadm.k8s.io/v1beta2 diff --git a/tests/gh-actions/kind-cluster-1-22.yaml b/tests/gh-actions/kind-cluster-1-22.yaml new file mode 100644 index 0000000000..8986db2d58 --- /dev/null +++ b/tests/gh-actions/kind-cluster-1-22.yaml @@ -0,0 +1,25 @@ +# This configuration file should work with KinD v0.14.0 +apiVersion: kind.x-k8s.io/v1alpha4 +kind: Cluster +# Configure registry for KinD. +containerdConfigPatches: +- |- + [plugins."io.containerd.grpc.v1.cri".registry.mirrors."$REGISTRY_NAME:$REGISTRY_PORT"] + endpoint = ["http://$REGISTRY_NAME:$REGISTRY_PORT"] +# This is needed in order to support projected volumes with service account tokens. +# See: https://kubernetes.slack.com/archives/CEKK1KTN2/p1600268272383600 +kubeadmConfigPatches: + - | + apiVersion: kubeadm.k8s.io/v1beta2 + kind: ClusterConfiguration + metadata: + name: config + apiServer: + extraArgs: + "service-account-issuer": "kubernetes.default.svc" + "service-account-signing-key-file": "/etc/kubernetes/pki/sa.key" +nodes: +- role: control-plane + image: kindest/node:v1.22.9@sha256:8135260b959dfe320206eb36b3aeda9cffcb262f4b44cda6b33f7bb73f453105 +- role: worker + image: kindest/node:v1.22.9@sha256:8135260b959dfe320206eb36b3aeda9cffcb262f4b44cda6b33f7bb73f453105 From 28a84b2e2ebd69907968f63cb18be678d13f985b Mon Sep 17 00:00:00 2001 From: Vaishnavi Hire Date: Tue, 16 Aug 2022 14:42:47 -0400 Subject: [PATCH 02/11] Update Knative to use istio 1.14 --- .../application/knative/overlays/istio/kustomization.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openshift/openshiftstack/application/knative/overlays/istio/kustomization.yaml b/openshift/openshiftstack/application/knative/overlays/istio/kustomization.yaml index 4dd491b36e..e8054af06b 100644 --- a/openshift/openshiftstack/application/knative/overlays/istio/kustomization.yaml +++ b/openshift/openshiftstack/application/knative/overlays/istio/kustomization.yaml @@ -3,4 +3,4 @@ kind: Kustomization bases: - ../../base resources: - - ../../../../../../common/istio-1-9/cluster-local-gateway/base \ No newline at end of file + - ../../../../../../common/istio-1-14/cluster-local-gateway/base \ No newline at end of file From 98583ae3c7c1a3c1a69d902dc28852b3a66b6c5c Mon Sep 17 00:00:00 2001 From: Vaishnavi Hire Date: Tue, 16 Aug 2022 14:47:40 -0400 Subject: [PATCH 03/11] Add istio 1.14 in OpenShift stack --- openshift/example/istio/kustomization.yaml | 3 +- .../base/ingressgateway.route.yaml | 17 + .../base/kustomization.yaml | 9 + .../base/network-attachment.yaml | 5 + .../overlays/cni/configmap.yaml | 1132 +++++++++++++++++ .../overlays/cni/deployment.yaml | 586 +++++++++ .../overlays/cni/istio_cni.yaml | 224 ++++ .../overlays/cni/kustomization.yaml | 11 + openshift/openshiftstack/kustomization.yaml | 5 +- 9 files changed, 1990 insertions(+), 2 deletions(-) create mode 100644 openshift/openshiftstack/application/istio-1-14-OpenShift/base/ingressgateway.route.yaml create mode 100644 openshift/openshiftstack/application/istio-1-14-OpenShift/base/kustomization.yaml create mode 100644 openshift/openshiftstack/application/istio-1-14-OpenShift/base/network-attachment.yaml create mode 100644 openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/configmap.yaml create mode 100644 openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/deployment.yaml create mode 100644 openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/istio_cni.yaml create mode 100644 openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/kustomization.yaml diff --git a/openshift/example/istio/kustomization.yaml b/openshift/example/istio/kustomization.yaml index be89d05dc9..942fcc950a 100644 --- a/openshift/example/istio/kustomization.yaml +++ b/openshift/example/istio/kustomization.yaml @@ -3,8 +3,9 @@ kind: Kustomization resources: - ../../openshiftstack/application/openshift/openshift-scc/overlays/istio - - ../../openshiftstack/application/istio-1-14-OpenShift + - ../../openshiftstack/application/istio-1-14-OpenShift/overlays/cni - ../../openshiftstack/application/cert-manager-1.5 + - ../../openshiftstack/application/profiles-resources/base - ../../openshiftstack/application/kfp-tekton/base - ../../openshiftstack/application/knative/overlays/istio - ../../openshiftstack/application/jupyter-web-app/base diff --git a/openshift/openshiftstack/application/istio-1-14-OpenShift/base/ingressgateway.route.yaml b/openshift/openshiftstack/application/istio-1-14-OpenShift/base/ingressgateway.route.yaml new file mode 100644 index 0000000000..7992a0d976 --- /dev/null +++ b/openshift/openshiftstack/application/istio-1-14-OpenShift/base/ingressgateway.route.yaml @@ -0,0 +1,17 @@ +kind: Route +apiVersion: route.openshift.io/v1 +metadata: + name: istio-ingressgateway + namespace: istio-system + labels: + app: istio-ingressgateway + istio: ingressgateway + release: istio +spec: + to: + kind: Service + name: istio-ingressgateway + weight: 100 + port: + targetPort: http2 + wildcardPolicy: None diff --git a/openshift/openshiftstack/application/istio-1-14-OpenShift/base/kustomization.yaml b/openshift/openshiftstack/application/istio-1-14-OpenShift/base/kustomization.yaml new file mode 100644 index 0000000000..d3abc9cb81 --- /dev/null +++ b/openshift/openshiftstack/application/istio-1-14-OpenShift/base/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +#namespace: istio-system +resources: +- ../../../../../common/istio-1-14/istio-crds/base +- ../../../../../common/istio-1-14/istio-namespace/base +- ../../../../../common/istio-1-14/istio-install/base +- ../../../../../common/istio-1-14/kubeflow-istio-resources/base +- ingressgateway.route.yaml \ No newline at end of file diff --git a/openshift/openshiftstack/application/istio-1-14-OpenShift/base/network-attachment.yaml b/openshift/openshiftstack/application/istio-1-14-OpenShift/base/network-attachment.yaml new file mode 100644 index 0000000000..5056803715 --- /dev/null +++ b/openshift/openshiftstack/application/istio-1-14-OpenShift/base/network-attachment.yaml @@ -0,0 +1,5 @@ +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: istio-cni + namespace: kubeflow diff --git a/openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/configmap.yaml b/openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/configmap.yaml new file mode 100644 index 0000000000..445bcf9948 --- /dev/null +++ b/openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/configmap.yaml @@ -0,0 +1,1132 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: istio-sidecar-injector + namespace: istio-system + labels: + istio.io/rev: default + install.operator.istio.io/owning-resource: unknown + operator.istio.io/component: "Pilot" + release: istio +data: + + values: |- + { + "global": { + "caAddress": "", + "configCluster": false, + "configValidation": true, + "defaultNodeSelector": {}, + "defaultPodDisruptionBudget": { + "enabled": true + }, + "defaultResources": { + "requests": { + "cpu": "10m" + } + }, + "enabled": true, + "externalIstiod": false, + "hub": "docker.io/istio", + "imagePullPolicy": "", + "imagePullSecrets": [], + "istioNamespace": "istio-system", + "istiod": { + "enableAnalysis": false + }, + "jwtPolicy": "third-party-jwt", + "logAsJson": false, + "logging": { + "level": "default:info" + }, + "meshID": "", + "meshNetworks": {}, + "mountMtlsCerts": false, + "multiCluster": { + "clusterName": "", + "enabled": false + }, + "namespace": "istio-system", + "network": "", + "omitSidecarInjectorConfigMap": false, + "oneNamespace": false, + "operatorManageWebhooks": false, + "pilotCertProvider": "istiod", + "priorityClassName": "", + "proxy": { + "autoInject": "enabled", + "clusterDomain": "cluster.local", + "componentLogLevel": "misc:error", + "enableCoreDump": false, + "excludeIPRanges": "", + "excludeInboundPorts": "", + "excludeOutboundPorts": "", + "holdApplicationUntilProxyStarts": false, + "image": "proxyv2", + "includeIPRanges": "*", + "logLevel": "warning", + "privileged": false, + "readinessFailureThreshold": 30, + "readinessInitialDelaySeconds": 1, + "readinessPeriodSeconds": 2, + "resources": { + "limits": { + "cpu": "2000m", + "memory": "1024Mi" + }, + "requests": { + "cpu": "100m", + "memory": "128Mi" + } + }, + "statusPort": 15020, + "tracer": "zipkin" + }, + "proxy_init": { + "image": "proxyv2", + "resources": { + "limits": { + "cpu": "2000m", + "memory": "1024Mi" + }, + "requests": { + "cpu": "10m", + "memory": "10Mi" + } + } + }, + "remotePilotAddress": "", + "sds": { + "token": { + "aud": "istio-ca" + } + }, + "sts": { + "servicePort": 0 + }, + "tag": "1.14.0", + "tracer": { + "datadog": { + "address": "$(HOST_IP):8126" + }, + "lightstep": { + "accessToken": "", + "address": "" + }, + "stackdriver": { + "debug": false, + "maxNumberOfAnnotations": 200, + "maxNumberOfAttributes": 200, + "maxNumberOfMessageEvents": 200 + }, + "zipkin": { + "address": "" + } + }, + "useMCP": false + }, + "istio_cni": { + "enabled": true + }, + "revision": "", + "sidecarInjectorWebhook": { + "alwaysInjectSelector": [], + "defaultTemplates": [], + "enableNamespacesByDefault": false, + "injectedAnnotations": { + "k8s.v1.cni.cncf.io/networks": "istio-cni" + }, + "neverInjectSelector": [], + "objectSelector": { + "autoInject": true, + "enabled": true + }, + "rewriteAppHTTPProbe": true, + "templates": {} + } + } + + # To disable injection: use omitSidecarInjectorConfigMap, which disables the webhook patching + # and istiod webhook functionality. + # + # New fields should not use Values - it is a 'primary' config object, users should be able + # to fine tune it or use it with kube-inject. + config: |- + # defaultTemplates defines the default template to use for pods that do not explicitly specify a template + defaultTemplates: [sidecar] + policy: enabled + alwaysInjectSelector: + [] + neverInjectSelector: + [] + injectedAnnotations: + "k8s.v1.cni.cncf.io/networks": "istio-cni" + template: "{{ Template_Version_And_Istio_Version_Mismatched_Check_Installation }}" + templates: + sidecar: | + {{- $containers := list }} + {{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} + metadata: + labels: + security.istio.io/tlsMode: {{ index .ObjectMeta.Labels `security.istio.io/tlsMode` | default "istio" | quote }} + service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} + service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} + annotations: { + {{- if eq (len $containers) 1 }} + kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", + kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", + {{ end }} + {{- if .Values.istio_cni.enabled }} + {{- if not .Values.istio_cni.chained }} + k8s.v1.cni.cncf.io/networks: '{{ appendMultusNetwork (index .ObjectMeta.Annotations `k8s.v1.cni.cncf.io/networks`) `istio-cni` }}', + {{- end }} + sidecar.istio.io/interceptionMode: "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}", + {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}traffic.sidecar.istio.io/includeOutboundIPRanges: "{{.}}",{{ end }} + {{ with annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}traffic.sidecar.istio.io/excludeOutboundIPRanges: "{{.}}",{{ end }} + traffic.sidecar.istio.io/includeInboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}", + traffic.sidecar.istio.io/excludeInboundPorts: "{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}", + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") }} + traffic.sidecar.istio.io/includeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}", + {{- end }} + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne .Values.global.proxy.excludeOutboundPorts "") }} + traffic.sidecar.istio.io/excludeOutboundPorts: "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}", + {{- end }} + {{ with index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}traffic.sidecar.istio.io/kubevirtInterfaces: "{{.}}",{{ end }} + {{- end }} + } + spec: + {{- $holdProxy := or .ProxyConfig.HoldApplicationUntilProxyStarts.GetValue .Values.global.proxy.holdApplicationUntilProxyStarts }} + initContainers: + {{ if ne (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `NONE` }} + {{ if .Values.istio_cni.enabled -}} + - name: istio-validation + {{ else -}} + - name: istio-init + {{ end -}} + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}" + {{- else }} + image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" + {{- end }} + args: + - istio-iptables + - "-p" + - "15001" + - "-z" + - "15006" + - "-u" + - "1337" + - "-m" + - "{{ annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode }}" + - "-i" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundIPRanges` .Values.global.proxy.includeIPRanges }}" + - "-x" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundIPRanges` .Values.global.proxy.excludeIPRanges }}" + - "-b" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeInboundPorts` `*` }}" + - "-d" + {{- if excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }} + - "15090,15021,{{ excludeInboundPort (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) (annotation .ObjectMeta `traffic.sidecar.istio.io/excludeInboundPorts` .Values.global.proxy.excludeInboundPorts) }}" + {{- else }} + - "15090,15021" + {{- end }} + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/includeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.includeOutboundPorts "") "") -}} + - "-q" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/includeOutboundPorts` .Values.global.proxy.includeOutboundPorts }}" + {{ end -}} + {{ if or (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/excludeOutboundPorts`) (ne (valueOrDefault .Values.global.proxy.excludeOutboundPorts "") "") -}} + - "-o" + - "{{ annotation .ObjectMeta `traffic.sidecar.istio.io/excludeOutboundPorts` .Values.global.proxy.excludeOutboundPorts }}" + {{ end -}} + {{ if (isset .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces`) -}} + - "-k" + - "{{ index .ObjectMeta.Annotations `traffic.sidecar.istio.io/kubevirtInterfaces` }}" + {{ end -}} + {{ if .Values.istio_cni.enabled -}} + - "--run-validation" + - "--skip-rule-apply" + {{ end -}} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + {{- if .ProxyConfig.ProxyMetadata }} + env: + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + resources: + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} + requests: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} + cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} + memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" + {{ end }} + {{- end }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + limits: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} + cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} + memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" + {{ end }} + {{- end }} + {{- else }} + {{- if .Values.global.proxy.resources }} + {{ toYaml .Values.global.proxy.resources | indent 6 }} + {{- end }} + {{- end }} + securityContext: + allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} + privileged: {{ .Values.global.proxy.privileged }} + capabilities: + {{- if not .Values.istio_cni.enabled }} + add: + - NET_ADMIN + - NET_RAW + {{- end }} + drop: + - ALL + {{- if not .Values.istio_cni.enabled }} + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + {{- else }} + readOnlyRootFilesystem: true + runAsGroup: 1337 + runAsUser: 1337 + runAsNonRoot: true + {{- end }} + restartPolicy: Always + {{ end -}} + {{- if eq (annotation .ObjectMeta `sidecar.istio.io/enableCoreDump` .Values.global.proxy.enableCoreDump) "true" }} + - name: enable-core-dump + args: + - -c + - sysctl -w kernel.core_pattern=/var/lib/istio/data/core.proxy && ulimit -c unlimited + command: + - /bin/sh + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy_init.image }}" + {{- else }} + image: "{{ .Values.global.hub }}/{{ .Values.global.proxy_init.image }}:{{ .Values.global.tag }}" + {{- end }} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + resources: {} + securityContext: + allowPrivilegeEscalation: true + capabilities: + add: + - SYS_ADMIN + drop: + - ALL + privileged: true + readOnlyRootFilesystem: false + runAsGroup: 0 + runAsNonRoot: false + runAsUser: 0 + {{ end }} + containers: + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}" + {{- end }} + ports: + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + args: + - proxy + - sidecar + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} + - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} + - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} + {{- if .Values.global.sts.servicePort }} + - --stsPort={{ .Values.global.sts.servicePort }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + {{- if gt .EstimatedConcurrency 0 }} + - --concurrency + - "{{ .EstimatedConcurrency }}" + {{- end -}} + {{- if .Values.global.proxy.lifecycle }} + lifecycle: + {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} + {{- else if $holdProxy }} + lifecycle: + postStart: + exec: + command: + - pilot-agent + - wait + {{- end }} + env: + {{- if eq (env "PILOT_ENABLE_INBOUND_PASSTHROUGH" "true") "false" }} + - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION + value: "true" + {{- end }} + - name: JWT_POLICY + value: {{ .Values.global.jwtPolicy }} + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + - name: ISTIO_META_POD_PORTS + value: |- + [ + {{- $first := true }} + {{- range $index1, $c := .Spec.Containers }} + {{- range $index2, $p := $c.Ports }} + {{- if (structToJSON $p) }} + {{if not $first}},{{end}}{{ structToJSON $p }} + {{- $first = false }} + {{- end }} + {{- end}} + {{- end}} + ] + - name: ISTIO_META_APP_CONTAINERS + value: "{{ $containers | join "," }}" + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + - name: ISTIO_META_INTERCEPTION_MODE + value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" + {{- if .Values.global.network }} + - name: ISTIO_META_NETWORK + value: "{{ .Values.global.network }}" + {{- end }} + {{- if .DeploymentMeta.Name }} + - name: ISTIO_META_WORKLOAD_NAME + value: "{{ .DeploymentMeta.Name }}" + {{ end }} + {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} + - name: ISTIO_META_OWNER + value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} + {{- end}} + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: ISTIO_BOOTSTRAP_OVERRIDE + value: "/etc/istio/custom-bootstrap/custom_bootstrap.json" + {{- end }} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- if and (eq .Values.global.proxy.tracer "datadog") (isset .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} + {{- range $key, $value := fromJSON (index .ObjectMeta.Annotations `apm.datadoghq.com/env`) }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} + readinessProbe: + httpGet: + path: /healthz/ready + port: 15021 + initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} + periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} + timeoutSeconds: 3 + failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} + {{ end -}} + securityContext: + allowPrivilegeEscalation: {{ .Values.global.proxy.privileged }} + capabilities: + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} + add: + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY` -}} + - NET_ADMIN + {{- end }} + {{ if eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true` -}} + - NET_BIND_SERVICE + {{- end }} + {{- end }} + drop: + - ALL + privileged: {{ .Values.global.proxy.privileged }} + readOnlyRootFilesystem: {{ ne (annotation .ObjectMeta `sidecar.istio.io/enableCoreDump` .Values.global.proxy.enableCoreDump) "true" }} + runAsGroup: 1337 + fsGroup: 1337 + {{ if or (eq (annotation .ObjectMeta `sidecar.istio.io/interceptionMode` .ProxyConfig.InterceptionMode) `TPROXY`) (eq (annotation .ObjectMeta `sidecar.istio.io/capNetBindService` .Values.global.proxy.capNetBindService) `true`) -}} + runAsNonRoot: false + runAsUser: 0 + {{- else -}} + runAsNonRoot: true + runAsUser: 1337 + {{- end }} + resources: + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} + requests: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} + cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} + memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" + {{ end }} + {{- end }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + limits: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} + cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} + memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" + {{ end }} + {{- end }} + {{- else }} + {{- if .Values.global.proxy.resources }} + {{ toYaml .Values.global.proxy.resources | indent 6 }} + {{- end }} + {{- end }} + volumeMounts: + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + {{- end }} + - mountPath: /var/lib/istio/data + name: istio-data + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - mountPath: /etc/istio/custom-bootstrap + name: custom-bootstrap-volume + {{- end }} + # SDS channel between istioagent and Envoy + - mountPath: /etc/istio/proxy + name: istio-envoy + {{- if eq .Values.global.jwtPolicy "third-party-jwt" }} + - mountPath: /var/run/secrets/tokens + name: istio-token + {{- end }} + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + {{- end }} + - name: istio-podinfo + mountPath: /etc/istio/pod + {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} + - mountPath: {{ directory .ProxyConfig.GetTracing.GetTlsSettings.GetCaCertificates }} + name: lightstep-certs + readOnly: true + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} + {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 6 }} + {{ end }} + {{- end }} + volumes: + {{- if (isset .ObjectMeta.Annotations `sidecar.istio.io/bootstrapOverride`) }} + - name: custom-bootstrap-volume + configMap: + name: {{ annotation .ObjectMeta `sidecar.istio.io/bootstrapOverride` "" }} + {{- end }} + # SDS channel between istioagent and Envoy + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-data + emptyDir: {} + - name: istio-podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + {{- if eq .Values.global.jwtPolicy "third-party-jwt" }} + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- end }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - name: istiod-ca-cert + configMap: + name: istio-ca-root-cert + {{- end }} + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - name: istio-certs + secret: + optional: true + {{ if eq .Spec.ServiceAccountName "" }} + secretName: istio.default + {{ else -}} + secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} + {{ end -}} + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} + {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 4 }} + {{ end }} + {{ end }} + {{- if and (eq .Values.global.proxy.tracer "lightstep") .ProxyConfig.GetTracing.GetTlsSettings }} + - name: lightstep-certs + secret: + optional: true + secretName: lightstep.cacert + {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + {{- if eq (env "ENABLE_LEGACY_FSGROUP_INJECTION" "true") "true" }} + securityContext: + fsGroup: 1337 + {{- end }} + gateway: | + {{- $containers := list }} + {{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} + metadata: + labels: + service.istio.io/canonical-name: {{ index .ObjectMeta.Labels `service.istio.io/canonical-name` | default (index .ObjectMeta.Labels `app.kubernetes.io/name`) | default (index .ObjectMeta.Labels `app`) | default .DeploymentMeta.Name | quote }} + service.istio.io/canonical-revision: {{ index .ObjectMeta.Labels `service.istio.io/canonical-revision` | default (index .ObjectMeta.Labels `app.kubernetes.io/version`) | default (index .ObjectMeta.Labels `version`) | default "latest" | quote }} + istio.io/rev: {{ .Revision | default "default" | quote }} + annotations: { + {{- if eq (len $containers) 1 }} + kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", + kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", + {{ end }} + } + spec: + containers: + - name: istio-proxy + {{- if contains "/" .Values.global.proxy.image }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}" + {{- end }} + ports: + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + args: + - proxy + - router + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --proxyLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/logLevel` .Values.global.proxy.logLevel }} + - --proxyComponentLogLevel={{ annotation .ObjectMeta `sidecar.istio.io/componentLogLevel` .Values.global.proxy.componentLogLevel }} + - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} + {{- if .Values.global.sts.servicePort }} + - --stsPort={{ .Values.global.sts.servicePort }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + {{- if .Values.global.proxy.lifecycle }} + lifecycle: + {{ toYaml .Values.global.proxy.lifecycle | indent 6 }} + {{- end }} + env: + - name: JWT_POLICY + value: {{ .Values.global.jwtPolicy }} + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + - name: ISTIO_META_POD_PORTS + value: |- + [ + {{- $first := true }} + {{- range $index1, $c := .Spec.Containers }} + {{- range $index2, $p := $c.Ports }} + {{- if (structToJSON $p) }} + {{if not $first}},{{end}}{{ structToJSON $p }} + {{- $first = false }} + {{- end }} + {{- end}} + {{- end}} + ] + - name: ISTIO_META_APP_CONTAINERS + value: "{{ $containers | join "," }}" + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + - name: ISTIO_META_INTERCEPTION_MODE + value: "{{ .ProxyConfig.InterceptionMode.String }}" + {{- if .Values.global.network }} + - name: ISTIO_META_NETWORK + value: "{{ .Values.global.network }}" + {{- end }} + {{- if .DeploymentMeta.Name }} + - name: ISTIO_META_WORKLOAD_NAME + value: "{{ .DeploymentMeta.Name }}" + {{ end }} + {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} + - name: ISTIO_META_OWNER + value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} + {{- end}} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + readinessProbe: + httpGet: + path: /healthz/ready + port: 15021 + initialDelaySeconds: {{.Values.global.proxy.readinessInitialDelaySeconds }} + periodSeconds: {{ .Values.global.proxy.readinessPeriodSeconds }} + timeoutSeconds: 3 + failureThreshold: {{ .Values.global.proxy.readinessFailureThreshold }} + volumeMounts: + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + {{- end }} + - mountPath: /var/lib/istio/data + name: istio-data + # SDS channel between istioagent and Envoy + - mountPath: /etc/istio/proxy + name: istio-envoy + {{- if eq .Values.global.jwtPolicy "third-party-jwt" }} + - mountPath: /var/run/secrets/tokens + name: istio-token + {{- end }} + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - mountPath: /etc/certs/ + name: istio-certs + readOnly: true + {{- end }} + - name: istio-podinfo + mountPath: /etc/istio/pod + volumes: + # SDS channel between istioagent and Envoy + - emptyDir: + medium: Memory + name: istio-envoy + - name: istio-data + emptyDir: {} + - name: istio-podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + {{- if eq .Values.global.jwtPolicy "third-party-jwt" }} + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- end }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - name: istiod-ca-cert + configMap: + name: istio-ca-root-cert + {{- end }} + {{- if .Values.global.mountMtlsCerts }} + # Use the key and cert mounted to /etc/certs/ for the in-cluster mTLS communications. + - name: istio-certs + secret: + optional: true + {{ if eq .Spec.ServiceAccountName "" }} + secretName: istio.default + {{ else -}} + secretName: {{ printf "istio.%s" .Spec.ServiceAccountName }} + {{ end -}} + {{- end }} + {{- if .Values.global.imagePullSecrets }} + imagePullSecrets: + {{- range .Values.global.imagePullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} + {{- if eq (env "ENABLE_LEGACY_FSGROUP_INJECTION" "true") "true" }} + securityContext: + fsGroup: 1337 + {{- end }} + grpc-simple: | + spec: + initContainers: + - name: grpc-bootstrap-init + image: busybox:1.28 + volumeMounts: + - mountPath: /var/lib/grpc/data/ + name: grpc-io-proxyless-bootstrap + env: + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + command: + - sh + - "-c" + - |- + NODE_ID="sidecar~${INSTANCE_IP}~${POD_NAME}.${POD_NAMESPACE}~cluster.local" + echo ' + { + "xds_servers": [ + { + "server_uri": "dns:///istiod.istio-system.svc:15010", + "channel_creds": [{"type": "insecure"}], + "server_features" : ["xds_v3"] + } + ], + "node": { + "id": "'${NODE_ID}'", + "metadata": { + "GENERATOR": "grpc" + } + } + }' > /var/lib/grpc/data/bootstrap.json + containers: + {{- range $index, $container := .Spec.Containers }} + - name: {{ $container.Name }} + env: + - name: GRPC_XDS_BOOTSTRAP + value: /var/lib/grpc/data/bootstrap.json + - name: GRPC_GO_LOG_VERBOSITY_LEVEL + value: "99" + - name: GRPC_GO_LOG_SEVERITY_LEVEL + value: info + volumeMounts: + - mountPath: /var/lib/grpc/data/ + name: grpc-io-proxyless-bootstrap + {{- end }} + volumes: + - name: grpc-io-proxyless-bootstrap + emptyDir: {} + grpc-agent: | + {{- $containers := list }} + {{- range $index, $container := .Spec.Containers }}{{ if not (eq $container.Name "istio-proxy") }}{{ $containers = append $containers $container.Name }}{{end}}{{- end}} + metadata: + annotations: { + {{- if eq (len $containers) 1 }} + kubectl.kubernetes.io/default-logs-container: "{{ index $containers 0 }}", + kubectl.kubernetes.io/default-container: "{{ index $containers 0 }}", + {{ end }} + } + spec: + containers: + {{- range $index, $container := .Spec.Containers }} + {{ if not (eq $container.Name "istio-proxy") }} + - name: {{ $container.Name }} + env: + - name: "GRPC_XDS_BOOTSTRAP" + value: "/var/lib/istio/data/grpc-bootstrap.json" + - name: "GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT" + value: "true" + volumeMounts: + - mountPath: /var/lib/istio/data + name: istio-data + # UDS channel between istioagent and gRPC client for XDS/SDS + - mountPath: /etc/istio/proxy + name: istio-xds + {{- end }} + {{- end }} + - name: istio-proxy + {{- if contains "/" (annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image) }} + image: "{{ annotation .ObjectMeta `sidecar.istio.io/proxyImage` .Values.global.proxy.image }}" + {{- else }} + image: "{{ .Values.global.hub }}/{{ .Values.global.proxy.image }}:{{ .Values.global.tag }}" + {{- end }} + args: + - proxy + - sidecar + - --domain + - $(POD_NAMESPACE).svc.{{ .Values.global.proxy.clusterDomain }} + - --log_output_level={{ annotation .ObjectMeta `sidecar.istio.io/agentLogLevel` .Values.global.logging.level }} + {{- if .Values.global.sts.servicePort }} + - --stsPort={{ .Values.global.sts.servicePort }} + {{- end }} + {{- if .Values.global.logAsJson }} + - --log_as_json + {{- end }} + env: + - name: "GRPC_XDS_BOOTSTRAP" + value: "/var/lib/istio/data/grpc-bootstrap.json" + - name: ISTIO_META_GENERATOR + value: grpc + - name: OUTPUT_CERTS + value: /var/lib/istio/data + {{- if eq (env "PILOT_ENABLE_INBOUND_PASSTHROUGH" "true") "false" }} + - name: REWRITE_PROBE_LEGACY_LOCALHOST_DESTINATION + value: "true" + {{- end }} + - name: JWT_POLICY + value: {{ .Values.global.jwtPolicy }} + - name: PILOT_CERT_PROVIDER + value: {{ .Values.global.pilotCertProvider }} + - name: CA_ADDR + {{- if .Values.global.caAddress }} + value: {{ .Values.global.caAddress }} + {{- else }} + value: istiod{{- if not (eq .Values.revision "") }}-{{ .Values.revision }}{{- end }}.{{ .Values.global.istioNamespace }}.svc:15012 + {{- end }} + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: PROXY_CONFIG + value: | + {{ protoToJSON .ProxyConfig }} + - name: ISTIO_META_POD_PORTS + value: |- + [ + {{- $first := true }} + {{- range $index1, $c := .Spec.Containers }} + {{- range $index2, $p := $c.Ports }} + {{- if (structToJSON $p) }} + {{if not $first}},{{end}}{{ structToJSON $p }} + {{- $first = false }} + {{- end }} + {{- end}} + {{- end}} + ] + - name: ISTIO_META_APP_CONTAINERS + value: "{{ $containers | join "," }}" + - name: ISTIO_META_CLUSTER_ID + value: "{{ valueOrDefault .Values.global.multiCluster.clusterName `Kubernetes` }}" + - name: ISTIO_META_INTERCEPTION_MODE + value: "{{ or (index .ObjectMeta.Annotations `sidecar.istio.io/interceptionMode`) .ProxyConfig.InterceptionMode.String }}" + {{- if .Values.global.network }} + - name: ISTIO_META_NETWORK + value: "{{ .Values.global.network }}" + {{- end }} + {{- if .DeploymentMeta.Name }} + - name: ISTIO_META_WORKLOAD_NAME + value: "{{ .DeploymentMeta.Name }}" + {{ end }} + {{- if and .TypeMeta.APIVersion .DeploymentMeta.Name }} + - name: ISTIO_META_OWNER + value: kubernetes://apis/{{ .TypeMeta.APIVersion }}/namespaces/{{ valueOrDefault .DeploymentMeta.Namespace `default` }}/{{ toLower .TypeMeta.Kind}}s/{{ .DeploymentMeta.Name }} + {{- end}} + {{- if .Values.global.meshID }} + - name: ISTIO_META_MESH_ID + value: "{{ .Values.global.meshID }}" + {{- else if (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: ISTIO_META_MESH_ID + value: "{{ (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }}" + {{- end }} + {{- with (valueOrDefault .MeshConfig.TrustDomain .Values.global.trustDomain) }} + - name: TRUST_DOMAIN + value: "{{ . }}" + {{- end }} + {{- range $key, $value := .ProxyConfig.ProxyMetadata }} + - name: {{ $key }} + value: "{{ $value }}" + {{- end }} + # grpc uses xds:/// to resolve – no need to resolve VIP + - name: ISTIO_META_DNS_CAPTURE + value: "false" + - name: DISABLE_ENVOY + value: "true" + {{with .Values.global.imagePullPolicy }}imagePullPolicy: "{{.}}"{{end}} + {{ if ne (annotation .ObjectMeta `status.sidecar.istio.io/port` .Values.global.proxy.statusPort) `0` }} + readinessProbe: + httpGet: + path: /healthz/ready + port: {{ .Values.global.proxy.statusPort }} + initialDelaySeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/initialDelaySeconds` .Values.global.proxy.readinessInitialDelaySeconds }} + periodSeconds: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/periodSeconds` .Values.global.proxy.readinessPeriodSeconds }} + timeoutSeconds: 3 + failureThreshold: {{ annotation .ObjectMeta `readiness.status.sidecar.istio.io/failureThreshold` .Values.global.proxy.readinessFailureThreshold }} + {{ end -}} + resources: + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) }} + requests: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU`) -}} + cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPU` }}" + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory`) -}} + memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemory` }}" + {{ end }} + {{- end }} + {{- if or (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) }} + limits: + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit`) -}} + cpu: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyCPULimit` }}" + {{ end }} + {{ if (isset .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit`) -}} + memory: "{{ index .ObjectMeta.Annotations `sidecar.istio.io/proxyMemoryLimit` }}" + {{ end }} + {{- end }} + {{- else }} + {{- if .Values.global.proxy.resources }} + {{ toYaml .Values.global.proxy.resources | indent 6 }} + {{- end }} + {{- end }} + volumeMounts: + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + {{- end }} + - mountPath: /var/lib/istio/data + name: istio-data + # UDS channel between istioagent and gRPC client for XDS/SDS + - mountPath: /etc/istio/proxy + name: istio-xds + {{- if eq .Values.global.jwtPolicy "third-party-jwt" }} + - mountPath: /var/run/secrets/tokens + name: istio-token + {{- end }} + - name: istio-podinfo + mountPath: /etc/istio/pod + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount` }} + {{ range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolumeMount`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 6 }} + {{ end }} + {{- end }} + volumes: + # UDS channel between istioagent and gRPC client for XDS/SDS + - emptyDir: + medium: Memory + name: istio-xds + - name: istio-data + emptyDir: {} + - name: istio-podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + {{- if eq .Values.global.jwtPolicy "third-party-jwt" }} + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: {{ .Values.global.sds.token.aud }} + {{- end }} + {{- if eq .Values.global.pilotCertProvider "istiod" }} + - name: istiod-ca-cert + configMap: + name: istio-ca-root-cert + {{- end }} + {{- if isset .ObjectMeta.Annotations `sidecar.istio.io/userVolume` }} + {{range $index, $value := fromJSON (index .ObjectMeta.Annotations `sidecar.istio.io/userVolume`) }} + - name: "{{ $index }}" + {{ toYaml $value | indent 4 }} + {{ end }} + {{ end }} diff --git a/openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/deployment.yaml b/openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/deployment.yaml new file mode 100644 index 0000000000..5c4fa3313c --- /dev/null +++ b/openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/deployment.yaml @@ -0,0 +1,586 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: istio-ingressgateway + namespace: istio-system + labels: + app: istio-ingressgateway + istio: ingressgateway + release: istio + istio.io/rev: default + install.operator.istio.io/owning-resource: unknown + operator.istio.io/component: "IngressGateways" +spec: + selector: + matchLabels: + app: istio-ingressgateway + istio: ingressgateway + strategy: + rollingUpdate: + maxSurge: 100% + maxUnavailable: 25% + template: + metadata: + labels: + app: istio-ingressgateway + istio: ingressgateway + heritage: Tiller + release: istio + chart: gateways + service.istio.io/canonical-name: istio-ingressgateway + service.istio.io/canonical-revision: latest + istio.io/rev: default + install.operator.istio.io/owning-resource: unknown + operator.istio.io/component: "IngressGateways" + sidecar.istio.io/inject: "false" + annotations: + prometheus.io/port: "15020" + prometheus.io/scrape: "true" + prometheus.io/path: "/stats/prometheus" + sidecar.istio.io/inject: "false" + spec: + securityContext: + runAsUser: 1337 + runAsGroup: 1337 + runAsNonRoot: true + fsGroup: 1337 + serviceAccountName: istio-ingressgateway-service-account + containers: + - name: istio-proxy + image: "docker.io/istio/proxyv2:1.14.1" + ports: + - containerPort: 15021 + protocol: TCP + - containerPort: 8080 + protocol: TCP + - containerPort: 8443 + protocol: TCP + - containerPort: 15090 + protocol: TCP + name: http-envoy-prom + args: + - proxy + - router + - --domain + - $(POD_NAMESPACE).svc.cluster.local + - --proxyLogLevel=warning + - --proxyComponentLogLevel=misc:error + - --log_output_level=default:info + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + privileged: false + readOnlyRootFilesystem: true + readinessProbe: + failureThreshold: 30 + httpGet: + path: /healthz/ready + port: 15021 + scheme: HTTP + initialDelaySeconds: 1 + periodSeconds: 2 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: + cpu: 2000m + memory: 1024Mi + requests: + cpu: 100m + memory: 128Mi + env: + - name: JWT_POLICY + value: third-party-jwt + - name: PILOT_CERT_PROVIDER + value: istiod + - name: CA_ADDR + value: istiod.istio-system.svc:15012 + - name: NODE_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.nodeName + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: INSTANCE_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.podIP + - name: HOST_IP + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: status.hostIP + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + fieldPath: spec.serviceAccountName + - name: ISTIO_META_WORKLOAD_NAME + value: istio-ingressgateway + - name: ISTIO_META_OWNER + value: kubernetes://apis/apps/v1/namespaces/istio-system/deployments/istio-ingressgateway + - name: ISTIO_META_MESH_ID + value: "cluster.local" + - name: TRUST_DOMAIN + value: "cluster.local" + - name: ISTIO_META_UNPRIVILEGED_POD + value: "true" + - name: ISTIO_META_ROUTER_MODE + value: "standard" + - name: ISTIO_META_CLUSTER_ID + value: "Kubernetes" + volumeMounts: + - name: istio-envoy + mountPath: /etc/istio/proxy + - name: config-volume + mountPath: /etc/istio/config + - mountPath: /var/run/secrets/istio + name: istiod-ca-cert + - name: istio-token + mountPath: /var/run/secrets/tokens + readOnly: true + - mountPath: /var/lib/istio/data + name: istio-data + - name: podinfo + mountPath: /etc/istio/pod + - name: ingressgateway-certs + mountPath: "/etc/istio/ingressgateway-certs" + readOnly: true + - name: ingressgateway-ca-certs + mountPath: "/etc/istio/ingressgateway-ca-certs" + readOnly: true + volumes: + - name: istiod-ca-cert + configMap: + name: istio-ca-root-cert + - name: podinfo + downwardAPI: + items: + - path: "labels" + fieldRef: + fieldPath: metadata.labels + - path: "annotations" + fieldRef: + fieldPath: metadata.annotations + - name: istio-envoy + emptyDir: {} + - name: istio-data + emptyDir: {} + - name: istio-token + projected: + sources: + - serviceAccountToken: + path: istio-token + expirationSeconds: 43200 + audience: istio-ca + - name: config-volume + configMap: + name: istio + optional: true + - name: ingressgateway-certs + secret: + secretName: "istio-ingressgateway-certs" + optional: true + - name: ingressgateway-ca-certs + secret: + secretName: "istio-ingressgateway-ca-certs" + optional: true + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - "amd64" + - "ppc64le" + - "s390x" + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 2 + preference: + matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - "amd64" + - weight: 2 + preference: + matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - "ppc64le" + - weight: 2 + preference: + matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - "s390x" +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: istiod + namespace: istio-system + labels: + app: istiod + istio.io/rev: default + install.operator.istio.io/owning-resource: unknown + operator.istio.io/component: "Pilot" + istio: pilot + release: istio +spec: + strategy: + rollingUpdate: + maxSurge: 100% + maxUnavailable: 25% + selector: + matchLabels: + istio: pilot + template: + metadata: + labels: + app: istiod + istio.io/rev: default + install.operator.istio.io/owning-resource: unknown + sidecar.istio.io/inject: "false" + operator.istio.io/component: "Pilot" + istio: pilot + annotations: + prometheus.io/port: "15014" + prometheus.io/scrape: "true" + sidecar.istio.io/inject: "false" + spec: + serviceAccountName: istiod + securityContext: + fsGroup: 1337 + containers: + - name: discovery + image: "gcr.io/arrikto/istio/pilot:1.14.1-1-g19df463bb" + args: + - "discovery" + - --monitoringAddr=:15014 + - --log_output_level=default:info + - --domain + - cluster.local + - --keepaliveMaxServerConnectionAge + - "30m" + ports: + - containerPort: 8080 + protocol: TCP + - containerPort: 15010 + protocol: TCP + - containerPort: 15017 + protocol: TCP + readinessProbe: + httpGet: + path: /ready + port: 8080 + initialDelaySeconds: 1 + periodSeconds: 3 + timeoutSeconds: 5 + env: + - name: REVISION + value: "default" + - name: JWT_POLICY + value: third-party-jwt + - name: PILOT_CERT_PROVIDER + value: istiod + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: SERVICE_ACCOUNT + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: spec.serviceAccountName + - name: KUBECONFIG + value: /var/run/secrets/remote/config + - name: PILOT_TRACE_SAMPLING + value: "1" + - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_OUTBOUND + value: "true" + - name: PILOT_ENABLE_PROTOCOL_SNIFFING_FOR_INBOUND + value: "true" + - name: ISTIOD_ADDR + value: istiod.istio-system.svc:15012 + - name: PILOT_ENABLE_ANALYSIS + value: "false" + - name: CLUSTER_ID + value: "Kubernetes" + resources: + requests: + cpu: 500m + memory: 2048Mi + securityContext: + runAsUser: 1337 + runAsGroup: 1337 + runAsNonRoot: true + capabilities: + drop: + - ALL + volumeMounts: + - name: istio-token + mountPath: /var/run/secrets/tokens + readOnly: true + - name: local-certs + mountPath: /var/run/secrets/istio-dns + - name: cacerts + mountPath: /etc/cacerts + readOnly: true + - name: istio-kubeconfig + mountPath: /var/run/secrets/remote + readOnly: true + volumes: + # Technically not needed on this pod - but it helps debugging/testing SDS + # Should be removed after everything works. + - emptyDir: + medium: Memory + name: local-certs + - name: istio-token + projected: + sources: + - serviceAccountToken: + audience: istio-ca + expirationSeconds: 43200 + path: istio-token + # Optional: user-generated root + - name: cacerts + secret: + secretName: cacerts + optional: true + - name: istio-kubeconfig + secret: + secretName: istio-kubeconfig + optional: true +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: istio-ingressgateway + namespace: istio-system + labels: + app: istio-ingressgateway + istio: ingressgateway + release: istio + istio.io/rev: default + install.operator.istio.io/owning-resource: unknown + operator.istio.io/component: "IngressGateways" +spec: + minAvailable: 1 + selector: + matchLabels: + app: istio-ingressgateway + istio: ingressgateway +--- +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: istiod + namespace: istio-system + labels: + app: istiod + istio.io/rev: default + install.operator.istio.io/owning-resource: unknown + operator.istio.io/component: "Pilot" + release: istio + istio: pilot +spec: + minAvailable: 1 + selector: + matchLabels: + app: istiod + istio: pilot +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istio-ingressgateway-sds + namespace: istio-system + labels: + release: istio + istio.io/rev: default + install.operator.istio.io/owning-resource: unknown + operator.istio.io/component: "IngressGateways" +rules: +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "watch", "list"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istiod + namespace: istio-system + labels: + app: istiod + release: istio +rules: +- apiGroups: ["networking.istio.io"] + verbs: ["create"] + resources: ["gateways"] + +- apiGroups: [""] + resources: ["secrets"] + # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config + verbs: ["create", "get", "watch", "list", "update", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: istiod-istio-system + namespace: istio-system + labels: + app: istiod + release: istio +rules: +- apiGroups: ["networking.istio.io"] + verbs: ["create"] + resources: ["gateways"] + +- apiGroups: [""] + resources: ["secrets"] + # TODO lock this down to istio-ca-cert if not using the DNS cert mesh config + verbs: ["create", "get", "watch", "list", "update", "delete"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istio-ingressgateway-sds + namespace: istio-system + labels: + release: istio + istio.io/rev: default + install.operator.istio.io/owning-resource: unknown + operator.istio.io/component: "IngressGateways" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istio-ingressgateway-sds +subjects: +- kind: ServiceAccount + name: istio-ingressgateway-service-account +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istiod + namespace: istio-system + labels: + app: istiod + release: istio +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istiod +subjects: + - kind: ServiceAccount + name: istiod + namespace: istio-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: istiod-istio-system + namespace: istio-system + labels: + app: istiod + release: istio +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: istiod-istio-system +subjects: + - kind: ServiceAccount + name: istiod-service-account + namespace: istio-system + +--- +apiVersion: v1 +kind: Service +metadata: + name: istio-ingressgateway + namespace: istio-system + annotations: + labels: + app: istio-ingressgateway + istio: ingressgateway + release: istio + istio.io/rev: default + install.operator.istio.io/owning-resource: unknown + operator.istio.io/component: "IngressGateways" +spec: + type: LoadBalancer + selector: + app: istio-ingressgateway + istio: ingressgateway + ports: + - + name: status-port + port: 15021 + protocol: TCP + targetPort: 15021 + - + name: http2 + port: 80 + protocol: TCP + targetPort: 8080 + - + name: https + port: 443 + protocol: TCP + targetPort: 8443 +--- +apiVersion: v1 +kind: Service +metadata: + name: istiod + namespace: istio-system + labels: + istio.io/rev: default + install.operator.istio.io/owning-resource: unknown + operator.istio.io/component: "Pilot" + app: istiod + istio: pilot + release: istio +spec: + ports: + - port: 15010 + name: grpc-xds # plaintext + protocol: TCP + - port: 15012 + name: https-dns # mTLS with k8s-signed cert + protocol: TCP + - port: 443 + name: https-webhook # validation and injection + targetPort: 15017 + protocol: TCP + - port: 15014 + name: http-monitoring # prometheus stats + protocol: TCP + selector: + app: istiod + # Label used by the 'default' service. For versioned deployments we match with app and version. + # This avoids default deployment picking the canary + istio: pilot +--- \ No newline at end of file diff --git a/openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/istio_cni.yaml b/openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/istio_cni.yaml new file mode 100644 index 0000000000..20d58c7d05 --- /dev/null +++ b/openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/istio_cni.yaml @@ -0,0 +1,224 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: istio-cni + namespace: kube-system + labels: + app: istio-cni + release: istio + istio.io/rev: default + install.operator.istio.io/owning-resource: unknown + operator.istio.io/component: "Cni" +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-cni + labels: + app: istio-cni + release: istio + istio.io/rev: default + install.operator.istio.io/owning-resource: unknown + operator.istio.io/component: "Cni" +rules: +- apiGroups: [""] + resources: + - pods + - nodes + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: istio-cni-repair-role + labels: + app: istio-cni + release: istio + istio.io/rev: default + install.operator.istio.io/owning-resource: unknown + operator.istio.io/component: "Cni" +rules: +- apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "delete", "patch", "update" ] +- apiGroups: [""] + resources: ["events"] + verbs: ["get", "list", "watch", "delete", "patch", "update", "create" ] + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istio-cni + labels: + app: istio-cni + release: istio + istio.io/rev: default + install.operator.istio.io/owning-resource: unknown + operator.istio.io/component: "Cni" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-cni +subjects: +- kind: ServiceAccount + name: istio-cni + namespace: kube-system +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: istio-cni-repair-rolebinding + labels: + k8s-app: istio-cni-repair + istio.io/rev: default + install.operator.istio.io/owning-resource: unknown + operator.istio.io/component: "Cni" +subjects: +- kind: ServiceAccount + name: istio-cni + namespace: kube-system +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: istio-cni-repair-role + +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: istio-cni-config + namespace: kube-system + labels: + app: istio-cni + release: istio + istio.io/rev: default + install.operator.istio.io/owning-resource: unknown + operator.istio.io/component: "Cni" +data: + # The CNI network configuration to add to the plugin chain on each node. The special + # values in this config will be automatically populated. + cni_network_config: |- + { + "cniVersion": "0.3.1", + "name": "istio-cni", + "type": "istio-cni", + "log_level": "info", + "log_uds_address": "__LOG_UDS_ADDRESS__", + "kubernetes": { + "kubeconfig": "__KUBECONFIG_FILEPATH__", + "cni_bin_dir": "/var/lib/cni/bin", + "exclude_namespaces": [ "istio-system", "kube-system" ] + } + } +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + labels: + install.operator.istio.io/owning-resource: unknown + istio.io/rev: default + k8s-app: istio-cni-node + operator.istio.io/component: Cni + release: istio + name: istio-cni-node + namespace: kube-system +spec: + selector: + matchLabels: + k8s-app: istio-cni-node + template: + metadata: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: "15014" + prometheus.io/scrape: "true" + scheduler.alpha.kubernetes.io/critical-pod: "" + sidecar.istio.io/inject: "false" + labels: + k8s-app: istio-cni-node + sidecar.istio.io/inject: "false" + spec: + containers: + - command: + - install-cni + env: + - name: CNI_CONF_NAME + value: istio-cni.conf + - name: CNI_NETWORK_CONFIG + valueFrom: + configMapKeyRef: + key: cni_network_config + name: istio-cni-config + - name: CNI_NET_DIR + value: /etc/cni/multus/net.d + - name: CHAINED_CNI_PLUGIN + value: "false" + - name: REPAIR_ENABLED + value: "true" + - name: REPAIR_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: REPAIR_LABEL_PODS + value: "true" + - name: REPAIR_DELETE_PODS + value: "true" + - name: REPAIR_RUN_AS_DAEMON + value: "true" + - name: REPAIR_SIDECAR_ANNOTATION + value: sidecar.istio.io/status + - name: REPAIR_INIT_CONTAINER_NAME + value: istio-validation + - name: REPAIR_BROKEN_POD_LABEL_KEY + value: cni.istio.io/uninitialized + - name: REPAIR_BROKEN_POD_LABEL_VALUE + value: "true" + image: docker.io/istio/install-cni:1.11.0 + livenessProbe: + httpGet: + path: /healthz + port: 8000 + initialDelaySeconds: 5 + name: install-cni + readinessProbe: + httpGet: + path: /readyz + port: 8000 + securityContext: + privileged: true + volumeMounts: + - mountPath: /host/opt/cni/bin + name: cni-bin-dir + - mountPath: /host/etc/cni/net.d + name: cni-net-dir + - mountPath: /var/run/istio-cni + name: cni-log-dir + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-node-critical + serviceAccountName: istio-cni + terminationGracePeriodSeconds: 5 + tolerations: + - effect: NoSchedule + operator: Exists + - key: CriticalAddonsOnly + operator: Exists + - effect: NoExecute + operator: Exists + volumes: + - hostPath: + path: /var/lib/cni/bin + name: cni-bin-dir + - hostPath: + path: /etc/cni/multus/net.d + name: cni-net-dir + - hostPath: + path: /var/run/istio-cni + name: cni-log-dir + updateStrategy: + rollingUpdate: + maxUnavailable: 1 + type: RollingUpdate +--- \ No newline at end of file diff --git a/openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/kustomization.yaml b/openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/kustomization.yaml new file mode 100644 index 0000000000..efece5242b --- /dev/null +++ b/openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +bases: + - ../../base + +resources: + - istio_cni.yaml + +patchesStrategicMerge: + - configmap.yaml + - deployment.yaml \ No newline at end of file diff --git a/openshift/openshiftstack/kustomization.yaml b/openshift/openshiftstack/kustomization.yaml index 94d096844f..104a9b63c1 100644 --- a/openshift/openshiftstack/kustomization.yaml +++ b/openshift/openshiftstack/kustomization.yaml @@ -5,11 +5,14 @@ resources: #Kubeflow roles - ../../common/kubeflow-roles/base +# This is here because it needs to install in namespace kubeflow + - application/istio-1-14-OpenShift/base/network-attachment.yaml + #Added custom centraldashboard to remove tensorboard - application/centraldashboard/base #Cluster issuer - - application/cert-manager-1.5/cluster-issuer-nm.yaml + - application/cert-manager/cluster-issuer-nm.yaml #Admission webhooks - ../../apps/admission-webhook/upstream/overlays/cert-manager From a0595e6188655aba4dd17d62cf6e3f0147e943fb Mon Sep 17 00:00:00 2001 From: Vaishnavi Hire Date: Tue, 16 Aug 2022 15:17:53 -0400 Subject: [PATCH 04/11] Remove Kfserving from kf1.6 branch --- .../kfserving/base/kustomization.yaml | 4 ---- .../overlays/servicemesh/kustomization.yaml | 7 ------- .../overlays/servicemesh/network_policy.yaml | 16 ---------------- 3 files changed, 27 deletions(-) delete mode 100644 openshift/openshiftstack/application/kfserving/base/kustomization.yaml delete mode 100644 openshift/openshiftstack/application/kfserving/overlays/servicemesh/kustomization.yaml delete mode 100644 openshift/openshiftstack/application/kfserving/overlays/servicemesh/network_policy.yaml diff --git a/openshift/openshiftstack/application/kfserving/base/kustomization.yaml b/openshift/openshiftstack/application/kfserving/base/kustomization.yaml deleted file mode 100644 index 310e00591a..0000000000 --- a/openshift/openshiftstack/application/kfserving/base/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -resources: -- ../../../../../apps/kfserving/upstream/overlays/kubeflow diff --git a/openshift/openshiftstack/application/kfserving/overlays/servicemesh/kustomization.yaml b/openshift/openshiftstack/application/kfserving/overlays/servicemesh/kustomization.yaml deleted file mode 100644 index 8735783ee6..0000000000 --- a/openshift/openshiftstack/application/kfserving/overlays/servicemesh/kustomization.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -bases: - - ../../base - -resources: - - network_policy.yaml \ No newline at end of file diff --git a/openshift/openshiftstack/application/kfserving/overlays/servicemesh/network_policy.yaml b/openshift/openshiftstack/application/kfserving/overlays/servicemesh/network_policy.yaml deleted file mode 100644 index ef9bec7cf5..0000000000 --- a/openshift/openshiftstack/application/kfserving/overlays/servicemesh/network_policy.yaml +++ /dev/null @@ -1,16 +0,0 @@ -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: allow-traffic-to-kfserving - namespace: kubeflow -spec: - podSelector: - matchLabels: - app: 'kfserving' - ingress: - - from: - - namespaceSelector: - matchLabels: - network.openshift.io/policy-group: ingress - policyTypes: - - Ingress \ No newline at end of file From 9fd43f1cc7241df0cd656d969a124455a27afa5a Mon Sep 17 00:00:00 2001 From: Vaishnavi Hire Date: Tue, 16 Aug 2022 16:11:37 -0400 Subject: [PATCH 05/11] Update resources link in applications --- .../application/centraldashboard/base/kustomization.yaml | 2 +- .../openshiftstack/application/knative/base/kustomization.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/openshift/openshiftstack/application/centraldashboard/base/kustomization.yaml b/openshift/openshiftstack/application/centraldashboard/base/kustomization.yaml index 1a970ee638..49eebf38b7 100644 --- a/openshift/openshiftstack/application/centraldashboard/base/kustomization.yaml +++ b/openshift/openshiftstack/application/centraldashboard/base/kustomization.yaml @@ -2,6 +2,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization namespace: kubeflow resources: -- ../../../../../apps/centraldashboard/upstream/overlays/istio +- ../../../../../apps/centraldashboard/upstream/overlays/kserve patchesStrategicMerge: - configmap-patch.yaml diff --git a/openshift/openshiftstack/application/knative/base/kustomization.yaml b/openshift/openshiftstack/application/knative/base/kustomization.yaml index 19428769ed..2b607b0eb6 100644 --- a/openshift/openshiftstack/application/knative/base/kustomization.yaml +++ b/openshift/openshiftstack/application/knative/base/kustomization.yaml @@ -1,7 +1,7 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- ../../../../../common/knative/knative-serving/base +- ../../../../../common/knative/knative-serving/overlays/gateways - ../../../../../common/knative/knative-eventing/base - network-attachment.yaml From 540dedff006f289d08052c565f7edc04f8107f43 Mon Sep 17 00:00:00 2001 From: Vaishnavi Hire Date: Wed, 17 Aug 2022 18:01:10 -0400 Subject: [PATCH 06/11] Add upstream cert-manager --- .../cluster-issuer-nm.yaml | 0 .../application/cert-manager/kustomization.yaml | 6 ++++++ .../ingressgateway.route.yaml | 0 3 files changed, 6 insertions(+) rename openshift/openshiftstack/application/{cert-manager-1.5 => cert-manager}/cluster-issuer-nm.yaml (100%) create mode 100644 openshift/openshiftstack/application/cert-manager/kustomization.yaml rename openshift/openshiftstack/application/{istio-1-1-1-Openshift => istio-1-14-OpenShift}/ingressgateway.route.yaml (100%) diff --git a/openshift/openshiftstack/application/cert-manager-1.5/cluster-issuer-nm.yaml b/openshift/openshiftstack/application/cert-manager/cluster-issuer-nm.yaml similarity index 100% rename from openshift/openshiftstack/application/cert-manager-1.5/cluster-issuer-nm.yaml rename to openshift/openshiftstack/application/cert-manager/cluster-issuer-nm.yaml diff --git a/openshift/openshiftstack/application/cert-manager/kustomization.yaml b/openshift/openshiftstack/application/cert-manager/kustomization.yaml new file mode 100644 index 0000000000..85ae8f2b75 --- /dev/null +++ b/openshift/openshiftstack/application/cert-manager/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: +- ../../../../common/cert-manager/cert-manager/base +- ../../../../common/cert-manager/kubeflow-issuer/base \ No newline at end of file diff --git a/openshift/openshiftstack/application/istio-1-1-1-Openshift/ingressgateway.route.yaml b/openshift/openshiftstack/application/istio-1-14-OpenShift/ingressgateway.route.yaml similarity index 100% rename from openshift/openshiftstack/application/istio-1-1-1-Openshift/ingressgateway.route.yaml rename to openshift/openshiftstack/application/istio-1-14-OpenShift/ingressgateway.route.yaml From a91ae176c716435a26522f83228545476325c84f Mon Sep 17 00:00:00 2001 From: Vaishnavi Hire Date: Thu, 18 Aug 2022 15:20:39 -0400 Subject: [PATCH 07/11] Add istio kubeflow resources --- .../cluster-issuer-nm.yaml | 0 .../application/cert-manager/kustomization.yaml | 6 ------ .../ingressgateway.route.yaml | 0 openshift/openshiftstack/kustomization.yaml | 2 +- 4 files changed, 1 insertion(+), 7 deletions(-) rename openshift/openshiftstack/application/{cert-manager => cert-manager-1.5}/cluster-issuer-nm.yaml (100%) delete mode 100644 openshift/openshiftstack/application/cert-manager/kustomization.yaml rename openshift/openshiftstack/application/{istio-1-14-OpenShift => istio-1-1-1-Openshift}/ingressgateway.route.yaml (100%) diff --git a/openshift/openshiftstack/application/cert-manager/cluster-issuer-nm.yaml b/openshift/openshiftstack/application/cert-manager-1.5/cluster-issuer-nm.yaml similarity index 100% rename from openshift/openshiftstack/application/cert-manager/cluster-issuer-nm.yaml rename to openshift/openshiftstack/application/cert-manager-1.5/cluster-issuer-nm.yaml diff --git a/openshift/openshiftstack/application/cert-manager/kustomization.yaml b/openshift/openshiftstack/application/cert-manager/kustomization.yaml deleted file mode 100644 index 85ae8f2b75..0000000000 --- a/openshift/openshiftstack/application/cert-manager/kustomization.yaml +++ /dev/null @@ -1,6 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization - -resources: -- ../../../../common/cert-manager/cert-manager/base -- ../../../../common/cert-manager/kubeflow-issuer/base \ No newline at end of file diff --git a/openshift/openshiftstack/application/istio-1-14-OpenShift/ingressgateway.route.yaml b/openshift/openshiftstack/application/istio-1-1-1-Openshift/ingressgateway.route.yaml similarity index 100% rename from openshift/openshiftstack/application/istio-1-14-OpenShift/ingressgateway.route.yaml rename to openshift/openshiftstack/application/istio-1-1-1-Openshift/ingressgateway.route.yaml diff --git a/openshift/openshiftstack/kustomization.yaml b/openshift/openshiftstack/kustomization.yaml index 104a9b63c1..79d01f87d4 100644 --- a/openshift/openshiftstack/kustomization.yaml +++ b/openshift/openshiftstack/kustomization.yaml @@ -12,7 +12,7 @@ resources: - application/centraldashboard/base #Cluster issuer - - application/cert-manager/cluster-issuer-nm.yaml + - application/cert-manager-1.5/cluster-issuer-nm.yaml #Admission webhooks - ../../apps/admission-webhook/upstream/overlays/cert-manager From 1e490a6a90f789e7146ee077563af9bf73460beb Mon Sep 17 00:00:00 2001 From: Vaishnavi Hire Date: Thu, 18 Aug 2022 18:00:58 -0400 Subject: [PATCH 08/11] Update SCC and Network Attachment --- .../base/configs/network_attachment.yaml | 5 +++ .../base/kubeflow-anyuid-scc.yaml | 1 + .../base/kubeflow-user-anyuid.yaml | 40 +++++++++++++++++++ .../openshift-scc/base/kustomization.yaml | 1 + openshift/openshiftstack/kustomization.yaml | 3 ++ 5 files changed, 50 insertions(+) create mode 100644 openshift/openshiftstack/application/notebook-controller/base/configs/network_attachment.yaml create mode 100644 openshift/openshiftstack/application/openshift/openshift-scc/base/kubeflow-user-anyuid.yaml diff --git a/openshift/openshiftstack/application/notebook-controller/base/configs/network_attachment.yaml b/openshift/openshiftstack/application/notebook-controller/base/configs/network_attachment.yaml new file mode 100644 index 0000000000..f9abe463b1 --- /dev/null +++ b/openshift/openshiftstack/application/notebook-controller/base/configs/network_attachment.yaml @@ -0,0 +1,5 @@ +apiVersion: "k8s.cni.cncf.io/v1" +kind: NetworkAttachmentDefinition +metadata: + name: istio-cni + namespace: kubeflow-user-example-com diff --git a/openshift/openshiftstack/application/openshift/openshift-scc/base/kubeflow-anyuid-scc.yaml b/openshift/openshiftstack/application/openshift/openshift-scc/base/kubeflow-anyuid-scc.yaml index 6826777042..5ffd2ead84 100644 --- a/openshift/openshiftstack/application/openshift/openshift-scc/base/kubeflow-anyuid-scc.yaml +++ b/openshift/openshiftstack/application/openshift/openshift-scc/base/kubeflow-anyuid-scc.yaml @@ -46,6 +46,7 @@ users: - system:serviceaccount:$(NAMESPACE):pipeline-runner # Allowing all serviceaccounts in kubeflow to run any uid per istio 1.9 documentation for openshift https://istio.io/latest/docs/setup/platform-setup/openshift/ - system:serviceaccounts:$(NAMESPACE) +- system:serviceaccounts:kubeflow-user-example-com volumes: - configMap - downwardAPI diff --git a/openshift/openshiftstack/application/openshift/openshift-scc/base/kubeflow-user-anyuid.yaml b/openshift/openshiftstack/application/openshift/openshift-scc/base/kubeflow-user-anyuid.yaml new file mode 100644 index 0000000000..c33ab4113b --- /dev/null +++ b/openshift/openshiftstack/application/openshift/openshift-scc/base/kubeflow-user-anyuid.yaml @@ -0,0 +1,40 @@ +allowHostPorts: false +priority: 10 +requiredDropCapabilities: + - MKNOD +allowPrivilegedContainer: true +runAsUser: + type: RunAsAny +users: + - 'system:serviceaccount:kubeflow-user-example-com:default-editor' + - 'system:serviceaccount:kubeflow-user-example-com:default-viewer' + - 'system:serviceaccount:kubeflow:admission-webhook-service-account' +allowHostDirVolumePlugin: false +allowHostIPC: false +seLinuxContext: + type: MustRunAs +readOnlyRootFilesystem: false +metadata: + name: kubeflow-user-anyuid-kubeflow +fsGroup: + type: RunAsAny +groups: + - 'system:cluster-admins' +kind: SecurityContextConstraints +defaultAddCapabilities: null +supplementalGroups: + type: RunAsAny +volumes: + - configMap + - downwardAPI + - emptyDir + - persistentVolumeClaim + - projected + - secret +allowHostPID: false +allowHostNetwork: false +allowPrivilegeEscalation: true +apiVersion: security.openshift.io/v1 +allowedCapabilities: + - NET_ADMIN + - NET_RAW \ No newline at end of file diff --git a/openshift/openshiftstack/application/openshift/openshift-scc/base/kustomization.yaml b/openshift/openshiftstack/application/openshift/openshift-scc/base/kustomization.yaml index 04e25fa5f5..5a8de43b60 100644 --- a/openshift/openshiftstack/application/openshift/openshift-scc/base/kustomization.yaml +++ b/openshift/openshiftstack/application/openshift/openshift-scc/base/kustomization.yaml @@ -3,6 +3,7 @@ kind: Kustomization namespace: kubeflow resources: - kubeflow-anyuid-scc.yaml +- kubeflow-user-anyuid.yaml - tekton-anyuid-scc.yaml - knative-anyuid-scc.yaml vars: diff --git a/openshift/openshiftstack/kustomization.yaml b/openshift/openshiftstack/kustomization.yaml index 79d01f87d4..2217cc3ec5 100644 --- a/openshift/openshiftstack/kustomization.yaml +++ b/openshift/openshiftstack/kustomization.yaml @@ -27,6 +27,9 @@ resources: #Create defualt user - ../../common/user-namespace/base +# Create network-attachment for default user namespace + - application/notebook-controller/base/configs/network_attachment.yaml + configMapGenerator: - name: kubeflow-config envs: From 35d45bb8294fbc1f7a4ef233ccb9b1c592f8fb0c Mon Sep 17 00:00:00 2001 From: Vaishnavi Hire Date: Wed, 31 Aug 2022 17:00:24 -0400 Subject: [PATCH 09/11] Remove outdate profiles component --- .../base/authorization_policy.yaml | 8 +++++ .../base/kustomization.yaml | 7 ++++ .../base}/network_attachment.yaml | 2 +- .../overlays/servicemesh/kustomization.yaml | 0 .../profiles/base/kustomization.yaml | 32 ----------------- .../profiles/base/kustomization.yaml.old | 34 ------------------- openshift/openshiftstack/kustomization.yaml | 2 -- 7 files changed, 16 insertions(+), 69 deletions(-) create mode 100644 openshift/openshiftstack/application/profiles-resources/base/authorization_policy.yaml create mode 100644 openshift/openshiftstack/application/profiles-resources/base/kustomization.yaml rename openshift/openshiftstack/application/{notebook-controller/base/configs => profiles-resources/base}/network_attachment.yaml (70%) rename openshift/openshiftstack/application/{profiles => profiles-resources}/overlays/servicemesh/kustomization.yaml (100%) delete mode 100644 openshift/openshiftstack/application/profiles/base/kustomization.yaml delete mode 100644 openshift/openshiftstack/application/profiles/base/kustomization.yaml.old diff --git a/openshift/openshiftstack/application/profiles-resources/base/authorization_policy.yaml b/openshift/openshiftstack/application/profiles-resources/base/authorization_policy.yaml new file mode 100644 index 0000000000..0f5cdc5d4d --- /dev/null +++ b/openshift/openshiftstack/application/profiles-resources/base/authorization_policy.yaml @@ -0,0 +1,8 @@ +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: allow-all + namespace: kubeflow-user-example-com +spec: + rules: + - {} \ No newline at end of file diff --git a/openshift/openshiftstack/application/profiles-resources/base/kustomization.yaml b/openshift/openshiftstack/application/profiles-resources/base/kustomization.yaml new file mode 100644 index 0000000000..993bb4a550 --- /dev/null +++ b/openshift/openshiftstack/application/profiles-resources/base/kustomization.yaml @@ -0,0 +1,7 @@ +## profiles component is deployed in openshift/openstack/kustomizaton.yaml +## This component deploys resources required by profile controller KF 1.6 onwards +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- network_attachment.yaml +- authorization_policy.yaml \ No newline at end of file diff --git a/openshift/openshiftstack/application/notebook-controller/base/configs/network_attachment.yaml b/openshift/openshiftstack/application/profiles-resources/base/network_attachment.yaml similarity index 70% rename from openshift/openshiftstack/application/notebook-controller/base/configs/network_attachment.yaml rename to openshift/openshiftstack/application/profiles-resources/base/network_attachment.yaml index f9abe463b1..3cb19663b5 100644 --- a/openshift/openshiftstack/application/notebook-controller/base/configs/network_attachment.yaml +++ b/openshift/openshiftstack/application/profiles-resources/base/network_attachment.yaml @@ -2,4 +2,4 @@ apiVersion: "k8s.cni.cncf.io/v1" kind: NetworkAttachmentDefinition metadata: name: istio-cni - namespace: kubeflow-user-example-com + namespace: kubeflow-user-example-com \ No newline at end of file diff --git a/openshift/openshiftstack/application/profiles/overlays/servicemesh/kustomization.yaml b/openshift/openshiftstack/application/profiles-resources/overlays/servicemesh/kustomization.yaml similarity index 100% rename from openshift/openshiftstack/application/profiles/overlays/servicemesh/kustomization.yaml rename to openshift/openshiftstack/application/profiles-resources/overlays/servicemesh/kustomization.yaml diff --git a/openshift/openshiftstack/application/profiles/base/kustomization.yaml b/openshift/openshiftstack/application/profiles/base/kustomization.yaml deleted file mode 100644 index 1f8b27135f..0000000000 --- a/openshift/openshiftstack/application/profiles/base/kustomization.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kubeflow -resources: -- ../../../../profiles/base_v3 - -configMapGenerator: -- name: kubeflow-config - envs: - - ../../config/params.env -# We need to define vars at the top level otherwise we will get -# conflicts. -vars: -- fieldref: - fieldPath: data.clusterDomain - name: clusterDomain - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config -- fieldref: - fieldPath: metadata.namespace - name: namespace - objref: - apiVersion: networking.istio.io/v1alpha3 - kind: VirtualService - name: kfam -#This image we created to disable sidecar injection, keeping it out for now -#images: -#- name: gcr.io/kubeflow-images-public/profile-controller -# newName: quay.io/kubeflow/profile-controller -# newTag: v0.7.0 diff --git a/openshift/openshiftstack/application/profiles/base/kustomization.yaml.old b/openshift/openshiftstack/application/profiles/base/kustomization.yaml.old deleted file mode 100644 index 1a4b7bd83e..0000000000 --- a/openshift/openshiftstack/application/profiles/base/kustomization.yaml.old +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: kustomize.config.k8s.io/v1beta1 -kind: Kustomization -namespace: kubeflow -resources: -- ../../../../profiles/base_v3 - -configMapGenerator: -- name: kubeflow-config - envs: - - ../../config/params.env -# We need to define vars at the top level otherwise we will get -# conflicts. -vars: -- fieldref: - fieldPath: data.clusterDomain - name: clusterDomain - objref: - apiVersion: v1 - kind: ConfigMap - name: kubeflow-config -- fieldref: - fieldPath: metadata.namespace - name: namespace - objref: - apiVersion: networking.istio.io/v1alpha3 - kind: VirtualService - name: kfam -#This image we created to disable sidecar injection, we need to fix it to enable istio sidecar containers with fsgrp 1377 -images: -#- name: gcr.io/kubeflow-images-public/profile-controller -- name: public.ecr.aws/j1r0q0g6/notebooks/profile-controller - newName: quay.io/kubeflow/profile-controller -# newTag: v0.7.0 - newTag: v0.8.0 diff --git a/openshift/openshiftstack/kustomization.yaml b/openshift/openshiftstack/kustomization.yaml index 2217cc3ec5..598ad90614 100644 --- a/openshift/openshiftstack/kustomization.yaml +++ b/openshift/openshiftstack/kustomization.yaml @@ -27,8 +27,6 @@ resources: #Create defualt user - ../../common/user-namespace/base -# Create network-attachment for default user namespace - - application/notebook-controller/base/configs/network_attachment.yaml configMapGenerator: - name: kubeflow-config From 777a5550f501ec5fb2089adf1036b6fa8178c09f Mon Sep 17 00:00:00 2001 From: Anna Date: Wed, 31 Aug 2022 14:26:54 -0400 Subject: [PATCH 10/11] Update kubeflow/kubeflow manifests from v1.6.0-rc.2 (#2278) Signed-off-by: Anna Jung (VMware) Signed-off-by: Anna Jung (VMware) (cherry picked from commit 35eda3729fc698b8396bf0b0ece061284fd1066d) Update kubeflow/training-operator manifests from v1.5.0 (#2272) (cherry picked from commit c89471f9a6030833b01a71194f31b5ffb2a44e65) Update kubeflow/kubeflow manifests from v1.6.0-rc.3 (#2279) Signed-off-by: Anna Jung (VMware) Signed-off-by: Anna Jung (VMware) (cherry picked from commit 5ee3302ea445bb5c65a23dd1a3cb21199287bc0f) --- README.md | 18 ++++++++--------- .../upstream/base/kustomization.yaml | 2 +- .../upstream/base/kustomization.yaml | 2 +- .../base/configs/spawner_ui_config.yaml | 20 +++++++++---------- .../upstream/base/kustomization.yaml | 2 +- .../upstream/base/kustomization.yaml | 2 +- .../crd/bases/kubeflow.org_notebooks.yaml | 18 +++++++++++++++++ .../profiles/upstream/base/kustomization.yaml | 2 +- .../overlays/kubeflow/kustomization.yaml | 2 +- .../upstream/samples/_v1_profile.yaml | 6 ++++-- .../upstream/samples/_v1_profile_aws_iam.yaml | 12 +++++++++++ .../upstream/base/kustomization.yaml | 2 +- .../upstream/base/kustomization.yaml | 2 +- .../upstream/base/kustomization.yaml | 2 +- .../overlays/cni/configmap.yaml | 2 +- 15 files changed, 63 insertions(+), 31 deletions(-) create mode 100644 apps/profiles/upstream/samples/_v1_profile_aws_iam.yaml diff --git a/README.md b/README.md index f9fc94022e..0a1e57df62 100644 --- a/README.md +++ b/README.md @@ -41,15 +41,15 @@ This repo periodically syncs all official Kubeflow components from their respect | Component | Local Manifests Path | Upstream Revision | | - | - | - | -| Training Operator | apps/training-operator/upstream | [v1.5.0-rc.0](https://github.com/kubeflow/training-operator/tree/v1.5.0-rc.0/manifests) | -| Notebook Controller | apps/jupyter/notebook-controller/upstream | [v1.6.0-rc.1](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.1/components/notebook-controller/config) | -| Tensorboard Controller | apps/tensorboard/tensorboard-controller/upstream | [v1.6.0-rc.1](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.1/components/tensorboard-controller/config) | -| Central Dashboard | apps/centraldashboard/upstream | [v1.6.0-rc.1](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.1/components/centraldashboard/manifests) | -| Profiles + KFAM | apps/profiles/upstream | [v1.6.0-rc.1](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.1/components/profile-controller/config) | -| PodDefaults Webhook | apps/admission-webhook/upstream | [v1.6.0-rc.1](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.1/components/admission-webhook/manifests) | -| Jupyter Web App | apps/jupyter/jupyter-web-app/upstream | [v1.6.0-rc.1](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.1/components/crud-web-apps/jupyter/manifests) | -| Tensorboards Web App | apps/tensorboard/tensorboards-web-app/upstream | [v1.6.0-rc.1](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.1/components/crud-web-apps/tensorboards/manifests) | -| Volumes Web App | apps/volumes-web-app/upstream | [v1.6.0-rc.1](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.1/components/crud-web-apps/volumes/manifests) | +| Training Operator | apps/training-operator/upstream | [v1.5.0](https://github.com/kubeflow/training-operator/tree/v1.5.0/manifests) | +| Notebook Controller | apps/jupyter/notebook-controller/upstream | [v1.6.0-rc.3](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.3/components/notebook-controller/config) | +| Tensorboard Controller | apps/tensorboard/tensorboard-controller/upstream | [v1.6.0-rc.3](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.3/components/tensorboard-controller/config) | +| Central Dashboard | apps/centraldashboard/upstream | [v1.6.0-rc.3](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.3/components/centraldashboard/manifests) | +| Profiles + KFAM | apps/profiles/upstream | [v1.6.0-rc.3](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.3/components/profile-controller/config) | +| PodDefaults Webhook | apps/admission-webhook/upstream | [v1.6.0-rc.3](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.3/components/admission-webhook/manifests) | +| Jupyter Web App | apps/jupyter/jupyter-web-app/upstream | [v1.6.0-rc.3](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.3/components/crud-web-apps/jupyter/manifests) | +| Tensorboards Web App | apps/tensorboard/tensorboards-web-app/upstream | [v1.6.0-rc.3](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.3/components/crud-web-apps/tensorboards/manifests) | +| Volumes Web App | apps/volumes-web-app/upstream | [v1.6.0-rc.3](https://github.com/kubeflow/kubeflow/tree/v1.6.0-rc.3/components/crud-web-apps/volumes/manifests) | | Katib | apps/katib/upstream | [v0.14.0-rc.0](https://github.com/kubeflow/katib/tree/v0.14.0-rc.0/manifests/v1beta1) | | KServe | contrib/kserve/kserve | [release-0.8](https://github.com/kserve/kserve/tree/8079f375cbcedc4d45a1b4aade2e2308ea6f9ae8/install/v0.8.0) | | KServe Models Web App | contrib/kserve/models-web-app | [v0.8.1](https://github.com/kserve/models-web-app/tree/v0.8.1/config) | diff --git a/apps/admission-webhook/upstream/base/kustomization.yaml b/apps/admission-webhook/upstream/base/kustomization.yaml index 4c382cc87e..9aad956167 100644 --- a/apps/admission-webhook/upstream/base/kustomization.yaml +++ b/apps/admission-webhook/upstream/base/kustomization.yaml @@ -15,7 +15,7 @@ commonLabels: app.kubernetes.io/name: poddefaults images: - name: docker.io/kubeflownotebookswg/poddefaults-webhook - newTag: v1.6.0-rc.1 + newTag: v1.6.0-rc.2 namespace: kubeflow generatorOptions: disableNameSuffixHash: true diff --git a/apps/centraldashboard/upstream/base/kustomization.yaml b/apps/centraldashboard/upstream/base/kustomization.yaml index 220ca23ec5..bcb8d8a987 100644 --- a/apps/centraldashboard/upstream/base/kustomization.yaml +++ b/apps/centraldashboard/upstream/base/kustomization.yaml @@ -17,7 +17,7 @@ commonLabels: app.kubernetes.io/name: centraldashboard images: - name: docker.io/kubeflownotebookswg/centraldashboard - newTag: v1.6.0-rc.1 + newTag: v1.6.0-rc.2 configMapGenerator: - envs: - params.env diff --git a/apps/jupyter/jupyter-web-app/upstream/base/configs/spawner_ui_config.yaml b/apps/jupyter/jupyter-web-app/upstream/base/configs/spawner_ui_config.yaml index 21b3dac6ac..0ad179a973 100644 --- a/apps/jupyter/jupyter-web-app/upstream/base/configs/spawner_ui_config.yaml +++ b/apps/jupyter/jupyter-web-app/upstream/base/configs/spawner_ui_config.yaml @@ -17,23 +17,23 @@ spawnerFormDefaults: image: # The container Image for the user's Jupyter Notebook - value: kubeflownotebookswg/jupyter-scipy:v1.6.0-rc.1 + value: kubeflownotebookswg/jupyter-scipy:v1.6.0-rc.2 # The list of available standard container Images options: - - kubeflownotebookswg/jupyter-scipy:v1.6.0-rc.1 - - kubeflownotebookswg/jupyter-pytorch-full:v1.6.0-rc.1 - - kubeflownotebookswg/jupyter-pytorch-cuda-full:v1.6.0-rc.1 - - kubeflownotebookswg/jupyter-tensorflow-full:v1.6.0-rc.1 - - kubeflownotebookswg/jupyter-tensorflow-cuda-full:v1.6.0-rc.1 + - kubeflownotebookswg/jupyter-scipy:v1.6.0-rc.2 + - kubeflownotebookswg/jupyter-pytorch-full:v1.6.0-rc.2 + - kubeflownotebookswg/jupyter-pytorch-cuda-full:v1.6.0-rc.2 + - kubeflownotebookswg/jupyter-tensorflow-full:v1.6.0-rc.2 + - kubeflownotebookswg/jupyter-tensorflow-cuda-full:v1.6.0-rc.2 imageGroupOne: # The container Image for the user's Group One Server # The annotation `notebooks.kubeflow.org/http-rewrite-uri: /` # is applied to notebook in this group, configuring # the Istio rewrite for containers that host their web UI at `/` - value: kubeflownotebookswg/codeserver-python:v1.6.0-rc.1 + value: kubeflownotebookswg/codeserver-python:v1.6.0-rc.2 # The list of available standard container Images options: - - kubeflownotebookswg/codeserver-python:v1.6.0-rc.1 + - kubeflownotebookswg/codeserver-python:v1.6.0-rc.2 imageGroupTwo: # The container Image for the user's Group Two Server # The annotation `notebooks.kubeflow.org/http-rewrite-uri: /` @@ -42,10 +42,10 @@ spawnerFormDefaults: # The annotation `notebooks.kubeflow.org/http-headers-request-set` # is applied to notebook in this group, configuring Istio # to add the `X-RStudio-Root-Path` header to requests - value: kubeflownotebookswg/rstudio-tidyverse:v1.6.0-rc.1 + value: kubeflownotebookswg/rstudio-tidyverse:v1.6.0-rc.2 # The list of available standard container Images options: - - kubeflownotebookswg/rstudio-tidyverse:v1.6.0-rc.1 + - kubeflownotebookswg/rstudio-tidyverse:v1.6.0-rc.2 # If true, hide registry and/or tag name in the image selection dropdown hideRegistry: true hideTag: false diff --git a/apps/jupyter/jupyter-web-app/upstream/base/kustomization.yaml b/apps/jupyter/jupyter-web-app/upstream/base/kustomization.yaml index 6d5f355861..ea7e8ccdfd 100644 --- a/apps/jupyter/jupyter-web-app/upstream/base/kustomization.yaml +++ b/apps/jupyter/jupyter-web-app/upstream/base/kustomization.yaml @@ -22,7 +22,7 @@ commonLabels: kustomize.component: jupyter-web-app images: - name: docker.io/kubeflownotebookswg/jupyter-web-app - newTag: v1.6.0-rc.1 + newTag: v1.6.0-rc.2 # We need the name to be unique without the suffix because the original name is what # gets used with patches configMapGenerator: diff --git a/apps/jupyter/notebook-controller/upstream/base/kustomization.yaml b/apps/jupyter/notebook-controller/upstream/base/kustomization.yaml index 6f1213aec4..301a608a5b 100644 --- a/apps/jupyter/notebook-controller/upstream/base/kustomization.yaml +++ b/apps/jupyter/notebook-controller/upstream/base/kustomization.yaml @@ -4,4 +4,4 @@ resources: - ../default images: - name: docker.io/kubeflownotebookswg/notebook-controller - newTag: v1.6.0-rc.1 + newTag: v1.6.0-rc.2 diff --git a/apps/jupyter/notebook-controller/upstream/crd/bases/kubeflow.org_notebooks.yaml b/apps/jupyter/notebook-controller/upstream/crd/bases/kubeflow.org_notebooks.yaml index f1a8ff13a7..1ca9aac8fc 100644 --- a/apps/jupyter/notebook-controller/upstream/crd/bases/kubeflow.org_notebooks.yaml +++ b/apps/jupyter/notebook-controller/upstream/crd/bases/kubeflow.org_notebooks.yaml @@ -3076,13 +3076,19 @@ spec: lastProbeTime: format: date-time type: string + lastTransitionTime: + format: date-time + type: string message: type: string reason: type: string + status: + type: string type: type: string required: + - status - type type: object type: array @@ -6199,13 +6205,19 @@ spec: lastProbeTime: format: date-time type: string + lastTransitionTime: + format: date-time + type: string message: type: string reason: type: string + status: + type: string type: type: string required: + - status - type type: object type: array @@ -9322,13 +9334,19 @@ spec: lastProbeTime: format: date-time type: string + lastTransitionTime: + format: date-time + type: string message: type: string reason: type: string + status: + type: string type: type: string required: + - status - type type: object type: array diff --git a/apps/profiles/upstream/base/kustomization.yaml b/apps/profiles/upstream/base/kustomization.yaml index 48d7e6c3d7..9d26330261 100644 --- a/apps/profiles/upstream/base/kustomization.yaml +++ b/apps/profiles/upstream/base/kustomization.yaml @@ -11,7 +11,7 @@ patchesStrategicMerge: images: - name: docker.io/kubeflownotebookswg/profile-controller - newTag: v1.6.0-rc.1 + newTag: v1.6.0-rc.2 configMapGenerator: - name: namespace-labels-data diff --git a/apps/profiles/upstream/overlays/kubeflow/kustomization.yaml b/apps/profiles/upstream/overlays/kubeflow/kustomization.yaml index e6bee083c1..6b9c4b4dba 100644 --- a/apps/profiles/upstream/overlays/kubeflow/kustomization.yaml +++ b/apps/profiles/upstream/overlays/kubeflow/kustomization.yaml @@ -28,4 +28,4 @@ vars: images: - name: docker.io/kubeflownotebookswg/kfam - newTag: v1.6.0-rc.1 + newTag: v1.6.0-rc.2 diff --git a/apps/profiles/upstream/samples/_v1_profile.yaml b/apps/profiles/upstream/samples/_v1_profile.yaml index 5a87ff0750..ef0a94afc7 100644 --- a/apps/profiles/upstream/samples/_v1_profile.yaml +++ b/apps/profiles/upstream/samples/_v1_profile.yaml @@ -1,6 +1,8 @@ apiVersion: kubeflow.org/v1 kind: Profile metadata: - name: profile-sample + name: test-user-profile spec: - # TODO(user): Add fields here + owner: + kind: User + name: test-user@kubeflow.org diff --git a/apps/profiles/upstream/samples/_v1_profile_aws_iam.yaml b/apps/profiles/upstream/samples/_v1_profile_aws_iam.yaml new file mode 100644 index 0000000000..f5bc85aa1d --- /dev/null +++ b/apps/profiles/upstream/samples/_v1_profile_aws_iam.yaml @@ -0,0 +1,12 @@ +apiVersion: kubeflow.org/v1 +kind: Profile +metadata: + name: profile-aws-iam +spec: + owner: + kind: User + name: test-user@kubeflow.org + plugins: + - kind: AwsIamForServiceAccount + spec: + awsIamRole: arn:aws:iam::account-id:role/s3-reader \ No newline at end of file diff --git a/apps/tensorboard/tensorboard-controller/upstream/base/kustomization.yaml b/apps/tensorboard/tensorboard-controller/upstream/base/kustomization.yaml index b20097ddda..b217e89210 100644 --- a/apps/tensorboard/tensorboard-controller/upstream/base/kustomization.yaml +++ b/apps/tensorboard/tensorboard-controller/upstream/base/kustomization.yaml @@ -12,4 +12,4 @@ patchesStrategicMerge: - patches/add_controller_config.yaml images: - name: docker.io/kubeflownotebookswg/tensorboard-controller - newTag: v1.6.0-rc.1 + newTag: v1.6.0-rc.2 diff --git a/apps/tensorboard/tensorboards-web-app/upstream/base/kustomization.yaml b/apps/tensorboard/tensorboards-web-app/upstream/base/kustomization.yaml index ff83819d1b..53db14fde8 100644 --- a/apps/tensorboard/tensorboards-web-app/upstream/base/kustomization.yaml +++ b/apps/tensorboard/tensorboards-web-app/upstream/base/kustomization.yaml @@ -13,7 +13,7 @@ commonLabels: kustomize.component: tensorboards-web-app images: - name: docker.io/kubeflownotebookswg/tensorboards-web-app - newTag: v1.6.0-rc.1 + newTag: v1.6.0-rc.2 # We need the name to be unique without the suffix because the original name is what # gets used with patches configMapGenerator: diff --git a/apps/volumes-web-app/upstream/base/kustomization.yaml b/apps/volumes-web-app/upstream/base/kustomization.yaml index 5e159ef82d..f5b3834afd 100644 --- a/apps/volumes-web-app/upstream/base/kustomization.yaml +++ b/apps/volumes-web-app/upstream/base/kustomization.yaml @@ -13,7 +13,7 @@ commonLabels: kustomize.component: volumes-web-app images: - name: docker.io/kubeflownotebookswg/volumes-web-app - newTag: v1.6.0-rc.1 + newTag: v1.6.0-rc.2 # We need the name to be unique without the suffix because the original name is what # gets used with patches configMapGenerator: diff --git a/openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/configmap.yaml b/openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/configmap.yaml index 445bcf9948..d5da3b0df6 100644 --- a/openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/configmap.yaml +++ b/openshift/openshiftstack/application/istio-1-14-OpenShift/overlays/cni/configmap.yaml @@ -104,7 +104,7 @@ data: "sts": { "servicePort": 0 }, - "tag": "1.14.0", + "tag": "1.11.0", "tracer": { "datadog": { "address": "$(HOST_IP):8126" From 494312952440ba474323d1eeb9f58fdc32dfb116 Mon Sep 17 00:00:00 2001 From: Vaishnavi Hire Date: Tue, 6 Sep 2022 11:21:35 -0400 Subject: [PATCH 11/11] Update root owners file --- OWNERS | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/OWNERS b/OWNERS index 050e1079db..d08bf4b664 100644 --- a/OWNERS +++ b/OWNERS @@ -1,12 +1,10 @@ approvers: - - elikatsis - - kimwnasptd - - PatrickXYS - - StefanoFioravanzo - - yanniszark +- crobby +- lavlas +- samuelvl +- VaishnaviHire reviewers: - - elikatsis - - kimwnasptd - - PatrickXYS - - StefanoFioravanzo - - yanniszark +- crobby +- lavlas +- samuelvl +- VaishnaviHire \ No newline at end of file