From 21afb955341d667c8afb951501734b28d1b5ad93 Mon Sep 17 00:00:00 2001 From: Todd Short Date: Thu, 12 Mar 2026 08:58:50 -0400 Subject: [PATCH 1/2] fix e2e: replace defunct gcr.io/kubebuilder/kube-rbac-proxy with quay.io/brancz (#3795) gcr.io/kubebuilder/kube-rbac-proxy is no longer available. This commit: - Patches the 5 example-operator FBC catalog files to reference quay.io/brancz/kube-rbac-proxy:v0.8.0 instead - Patches the webhook-operator-index to embed bundle objects inline and uses quay.io/brancz/kube-rbac-proxy:v0.5.0 - Adds hack/rebuild-example-operator-bundles.sh and hack/rebuild-webhook-operator-index.sh to reproduce the patched images; the latter pre-populates the opm cache during the build so the integrity check at startup does not fail Signed-off-by: Todd Short Co-authored-by: Claude Sonnet 4.6 Upstream-repository: operator-lifecycle-manager Upstream-commit: 141bb51f7d5496a7a1f1d653a2c40d1f9ffe18b7 --- .../hack/rebuild-example-operator-bundles.sh | 97 ++++++++++ .../hack/rebuild-webhook-operator-index.sh | 168 ++++++++++++++++++ 2 files changed, 265 insertions(+) create mode 100755 staging/operator-lifecycle-manager/hack/rebuild-example-operator-bundles.sh create mode 100755 staging/operator-lifecycle-manager/hack/rebuild-webhook-operator-index.sh diff --git a/staging/operator-lifecycle-manager/hack/rebuild-example-operator-bundles.sh b/staging/operator-lifecycle-manager/hack/rebuild-example-operator-bundles.sh new file mode 100755 index 0000000000..eea6857313 --- /dev/null +++ b/staging/operator-lifecycle-manager/hack/rebuild-example-operator-bundles.sh @@ -0,0 +1,97 @@ +#!/usr/bin/env bash +# rebuild-example-operator-bundles.sh +# +# Rebuilds quay.io/olmtest/example-operator-bundle:{0.1.0,0.2.0,0.3.0} with +# gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0 replaced by quay.io/brancz/kube-rbac-proxy:v0.8.0 +# and tags the result as /example-operator-bundle:. +# +# Usage: +# ./hack/rebuild-example-operator-bundles.sh [TARGET_REGISTRY] [--push] +# +# Examples: +# ./hack/rebuild-example-operator-bundles.sh quay.io/olmtest # build only +# ./hack/rebuild-example-operator-bundles.sh quay.io/olmtest --push # build + push + +set -euo pipefail + +TARGET_REGISTRY="${1:-quay.io/olmtest}" +PUSH=false +if [[ "${2:-}" == "--push" ]]; then + PUSH=true +fi + +SOURCE_IMAGE="quay.io/olmtest/example-operator-bundle" +OLD_IMAGE="gcr.io/kubebuilder/kube-rbac-proxy:v0.8.0" +NEW_IMAGE="quay.io/brancz/kube-rbac-proxy:v0.8.0" +TAGS=(0.1.0 0.2.0 0.3.0) + +WORKDIR=$(mktemp -d) +trap 'rm -rf "$WORKDIR"' EXIT + +for tag in "${TAGS[@]}"; do + src="${SOURCE_IMAGE}:${tag}" + dst="${TARGET_REGISTRY}/example-operator-bundle:${tag}" + dir="${WORKDIR}/${tag}" + mkdir -p "${dir}" + + echo "--- ${tag} ---" + echo "[1/4] Pulling ${src}" + docker pull -q "${src}" + + echo "[2/4] Extracting layers" + docker save "${src}" | tar -C "${dir}" -xf - + # Extract each layer into the work directory + for layer in $(python3 -c " +import json +manifest = json.load(open('${dir}/manifest.json')) +for l in manifest[0]['Layers']: + print(l) +"); do + tar -xf "${dir}/${layer}" -C "${dir}" 2>/dev/null || true + done + + echo "[3/4] Patching kube-rbac-proxy image reference" + csv="${dir}/manifests/example-operator.clusterserviceversion.yaml" + if grep -q "${OLD_IMAGE}" "${csv}"; then + sed -i "s|${OLD_IMAGE}|${NEW_IMAGE}|g" "${csv}" + echo " ${OLD_IMAGE} -> ${NEW_IMAGE}" + else + echo " (already using ${NEW_IMAGE} or not present)" + fi + + echo "[4/4] Building ${dst}" + # Reconstruct labels from the original image + labels=$(docker inspect "${src}" | python3 -c " +import json, sys +d = json.load(sys.stdin)[0] +for k, v in d.get('Config', {}).get('Labels', {}).items(): + print(f'LABEL {k}={v}') +") + dockerfile="${dir}/Dockerfile" + cat > "${dockerfile}" < bytes for all files.""" + data = subprocess.check_output(["docker", "save", image]) + outer = tarfile.open(fileobj=io.BytesIO(data)) + files = {} + for m in outer.getmembers(): + f = outer.extractfile(m) + if f: + files[m.name] = f.read() + manifest = json.loads(files["manifest.json"]) + for layer_path in manifest[0]["Layers"]: + layer_tar = tarfile.open(fileobj=io.BytesIO(files[layer_path])) + for lm in layer_tar.getmembers(): + try: + lf = layer_tar.extractfile(lm) + if lf: + files[lm.name] = lf.read() + except KeyError: + pass # skip symlinks to missing targets + return files + +# --- Extract package/channel/bundle skeleton from the index catalog.json --- +index_files = extract_image("${SOURCE_INDEX}") +catalog_json = index_files.get("catalog/webhook-operator/catalog.json", b"").decode() +# Parse multiple concatenated JSON objects (may be pretty-printed or one per line). +index_docs = [] +decoder = json.JSONDecoder() +pos, text = 0, catalog_json.lstrip() +while text[pos:].strip(): + obj, idx = decoder.raw_decode(text, pos) + index_docs.append(obj) + pos = idx + pos += len(text[pos:]) - len(text[pos:].lstrip()) + +# Collect non-blob properties from the bundle stanza; drop the image: field. +bundle_base_props = [] +for doc in index_docs: + if doc.get("schema") == "olm.bundle": + bundle_base_props = [ + p for p in doc.get("properties", []) + if p["type"] != "olm.bundle.object" + ] + break + +# --- Extract manifests from the bundle image, patch, encode as inline objects --- +bundle_files = extract_image("${SOURCE_BUNDLE}") + +bundle_object_props = [] +manifest_names = sorted( + name for name in bundle_files + if name.startswith("manifests/") and + any(name.endswith(ext) for ext in (".yaml", ".yml", ".json")) +) + +for name in manifest_names: + raw = bundle_files[name].decode() + raw = raw.replace(OLD_PROXY, NEW_PROXY) + # Parse YAML, re-encode as compact JSON (handles both YAML and JSON input). + import yaml as _yaml + obj = _yaml.safe_load(raw) + compact = json.dumps(obj, separators=(",", ":")) + compact = compact.replace(OLD_PROXY, NEW_PROXY) # belt-and-suspenders + data = base64.b64encode(compact.encode()).decode() + kind = obj.get("kind", os.path.basename(name)) + print(f" encoded {os.path.basename(name)} ({kind})") + bundle_object_props.append({"type": "olm.bundle.object", "value": {"data": data}}) + +# --- Assemble the new catalog --- +out_docs = [] +for doc in index_docs: + if doc.get("schema") == "olm.bundle": + doc = dict(doc) + doc.pop("image", None) + doc["properties"] = bundle_base_props + bundle_object_props + out_docs.append(doc) + +catalog_path = os.path.join(WORKDIR, "catalog", "webhook-operator", "catalog.json") +with open(catalog_path, "w") as f: + for doc in out_docs: + json.dump(doc, f) + f.write("\n") + +print(f" wrote {catalog_path}") +EOF + +echo "[4/4] Building ${DST}" +cat > "${WORKDIR}/Dockerfile" < Date: Thu, 12 Mar 2026 12:46:00 -0500 Subject: [PATCH 2/2] delete obsolete files and shift webhook testing to use a kube-native approach (#3792) * diving CI problems by debriding Signed-off-by: grokspawn * enabled cert-man for e2e, switched path for webhook-operator --------- Signed-off-by: grokspawn Upstream-repository: operator-lifecycle-manager Upstream-commit: 50e42fb6547f30ef1100c8ba0bd074cc338c0c25 --- staging/operator-lifecycle-manager/Makefile | 6 +- .../0.10.0/0000_50_olm_00-namespace.yaml | 13 - ...50_olm_01-olm-operator.serviceaccount.yaml | 31 - ...0_50_olm_03-clusterserviceversion.crd.yaml | 768 - .../0000_50_olm_04-installplan.crd.yaml | 80 - .../0000_50_olm_05-subscription.crd.yaml | 75 - .../0000_50_olm_06-catalogsource.crd.yaml | 130 - ...000_50_olm_07-olm-operator.deployment.yaml | 58 - ...50_olm_08-catalog-operator.deployment.yaml | 53 - ...0000_50_olm_09-aggregated.clusterrole.yaml | 34 - .../0000_50_olm_10-operatorgroup.crd.yaml | 99 - ...000_50_olm_11-olm-operators.configmap.yaml | 132 - ...50_olm_12-olm-operators.catalogsource.yaml | 14 - .../0000_50_olm_13-operatorgroup-default.yaml | 16 - ..._50_olm_14-packageserver.subscription.yaml | 14 - ...m_18-upstream-operators.catalogsource.yaml | 12 - .../0.10.1/0000_50_olm_00-namespace.yaml | 13 - ...50_olm_01-olm-operator.serviceaccount.yaml | 31 - ...0_50_olm_03-clusterserviceversion.crd.yaml | 768 - .../0000_50_olm_04-installplan.crd.yaml | 80 - .../0000_50_olm_05-subscription.crd.yaml | 75 - .../0000_50_olm_06-catalogsource.crd.yaml | 130 - ...000_50_olm_07-olm-operator.deployment.yaml | 58 - ...50_olm_08-catalog-operator.deployment.yaml | 53 - ...0000_50_olm_09-aggregated.clusterrole.yaml | 34 - .../0000_50_olm_10-operatorgroup.crd.yaml | 101 - ...000_50_olm_11-olm-operators.configmap.yaml | 132 - ...50_olm_12-olm-operators.catalogsource.yaml | 14 - .../0000_50_olm_13-operatorgroup-default.yaml | 16 - ..._50_olm_14-packageserver.subscription.yaml | 14 - ...m_18-upstream-operators.catalogsource.yaml | 12 - .../0.11.0/0000_50_olm_00-namespace.yaml | 13 - ...50_olm_01-olm-operator.serviceaccount.yaml | 31 - ...0_50_olm_03-clusterserviceversion.crd.yaml | 768 - .../0000_50_olm_04-installplan.crd.yaml | 80 - .../0000_50_olm_05-subscription.crd.yaml | 75 - .../0000_50_olm_06-catalogsource.crd.yaml | 130 - ...000_50_olm_07-olm-operator.deployment.yaml | 65 - ...50_olm_08-catalog-operator.deployment.yaml | 58 - ...0000_50_olm_09-aggregated.clusterrole.yaml | 34 - .../0000_50_olm_10-operatorgroup.crd.yaml | 101 - .../0000_50_olm_13-operatorgroup-default.yaml | 16 - ...5-packageserver.clusterserviceversion.yaml | 126 - ...m_17-upstream-operators.catalogsource.yaml | 12 - .../0.12.0/0000_50_olm_00-namespace.yaml | 13 - ...50_olm_01-olm-operator.serviceaccount.yaml | 31 - ...0_50_olm_03-clusterserviceversion.crd.yaml | 768 - .../0000_50_olm_04-installplan.crd.yaml | 76 - .../0000_50_olm_05-subscription.crd.yaml | 1465 -- .../0000_50_olm_06-catalogsource.crd.yaml | 130 - ...000_50_olm_07-olm-operator.deployment.yaml | 65 - ...50_olm_08-catalog-operator.deployment.yaml | 58 - ...0000_50_olm_09-aggregated.clusterrole.yaml | 34 - .../0000_50_olm_10-operatorgroup.crd.yaml | 101 - .../0000_50_olm_13-operatorgroup-default.yaml | 16 - ...5-packageserver.clusterserviceversion.yaml | 126 - ...m_17-upstream-operators.catalogsource.yaml | 12 - .../0.13.0/0000_50_olm_00-namespace.yaml | 13 - ...50_olm_01-olm-operator.serviceaccount.yaml | 31 - ...0_50_olm_03-clusterserviceversion.crd.yaml | 768 - .../0000_50_olm_04-installplan.crd.yaml | 76 - .../0000_50_olm_05-subscription.crd.yaml | 1465 -- .../0000_50_olm_06-catalogsource.crd.yaml | 130 - ...000_50_olm_07-olm-operator.deployment.yaml | 65 - ...50_olm_08-catalog-operator.deployment.yaml | 58 - ...0000_50_olm_09-aggregated.clusterrole.yaml | 34 - .../0000_50_olm_10-operatorgroup.crd.yaml | 101 - .../0000_50_olm_13-operatorgroup-default.yaml | 16 - ...5-packageserver.clusterserviceversion.yaml | 126 - ...m_17-upstream-operators.catalogsource.yaml | 12 - .../0.14.1/0000_50_olm_00-namespace.yaml | 12 - ...50_olm_01-olm-operator.serviceaccount.yaml | 33 - ...0_50_olm_03-clusterserviceversion.crd.yaml | 8435 ---------- .../0000_50_olm_04-installplan.crd.yaml | 288 - .../0000_50_olm_05-subscription.crd.yaml | 1780 --- .../0000_50_olm_06-catalogsource.crd.yaml | 192 - ...000_50_olm_07-olm-operator.deployment.yaml | 63 - ...50_olm_08-catalog-operator.deployment.yaml | 56 - ...0000_50_olm_09-aggregated.clusterrole.yaml | 35 - .../0000_50_olm_10-operatorgroup.crd.yaml | 162 - .../0000_50_olm_13-operatorgroup-default.yaml | 17 - ...5-packageserver.clusterserviceversion.yaml | 124 - ...m_17-upstream-operators.catalogsource.yaml | 12 - .../0.15.0/0000_50_olm_00-catalogsources.yaml | 196 - ...0000_50_olm_00-clusterserviceversions.yaml | 8957 ----------- .../0.15.0/0000_50_olm_00-installplans.yaml | 308 - .../0.15.0/0000_50_olm_00-namespace.yaml | 12 - .../0.15.0/0000_50_olm_00-operatorgroups.yaml | 313 - .../0.15.0/0000_50_olm_00-subscriptions.yaml | 1842 --- ...50_olm_01-olm-operator.serviceaccount.yaml | 33 - ...000_50_olm_07-olm-operator.deployment.yaml | 63 - ...50_olm_08-catalog-operator.deployment.yaml | 58 - ...0000_50_olm_09-aggregated.clusterrole.yaml | 35 - .../0000_50_olm_13-operatorgroup-default.yaml | 17 - ...5-packageserver.clusterserviceversion.yaml | 132 - ...m_17-upstream-operators.catalogsource.yaml | 12 - .../0000_50_olm_00-catalogsources.crd.yaml | 196 - ..._50_olm_00-clusterserviceversions.crd.yaml | 8957 ----------- .../0000_50_olm_00-installplans.crd.yaml | 308 - .../0.15.1/0000_50_olm_00-namespace.yaml | 12 - .../0000_50_olm_00-operatorgroups.crd.yaml | 313 - .../0000_50_olm_00-subscriptions.crd.yaml | 1842 --- ...50_olm_01-olm-operator.serviceaccount.yaml | 33 - ...000_50_olm_07-olm-operator.deployment.yaml | 63 - ...50_olm_08-catalog-operator.deployment.yaml | 58 - ...0000_50_olm_09-aggregated.clusterrole.yaml | 35 - .../0000_50_olm_13-operatorgroup-default.yaml | 17 - ...5-packageserver.clusterserviceversion.yaml | 132 - ...m_17-upstream-operators.catalogsource.yaml | 12 - .../0000_50_olm_00-catalogsources.crd.yaml | 201 - ..._50_olm_00-clusterserviceversions.crd.yaml | 8967 ----------- .../0000_50_olm_00-installplans.crd.yaml | 303 - .../0.16.1/0000_50_olm_00-namespace.yaml | 12 - .../0000_50_olm_00-operatorgroups.crd.yaml | 307 - .../0.16.1/0000_50_olm_00-operators.crd.yaml | 179 - .../0000_50_olm_00-subscriptions.crd.yaml | 1837 --- ...50_olm_01-olm-operator.serviceaccount.yaml | 33 - ...000_50_olm_07-olm-operator.deployment.yaml | 63 - ...50_olm_08-catalog-operator.deployment.yaml | 58 - ...0000_50_olm_09-aggregated.clusterrole.yaml | 35 - .../0000_50_olm_13-operatorgroup-default.yaml | 17 - ...5-packageserver.clusterserviceversion.yaml | 132 - ...m_17-upstream-operators.catalogsource.yaml | 12 - .../0000_50_olm_00-catalogsources.crd.yaml | 201 - ..._50_olm_00-clusterserviceversions.crd.yaml | 8970 ----------- .../0000_50_olm_00-installplans.crd.yaml | 306 - .../0.17.0/0000_50_olm_00-namespace.yaml | 12 - .../0000_50_olm_00-operatorgroups.crd.yaml | 307 - .../0.17.0/0000_50_olm_00-operators.crd.yaml | 179 - .../0000_50_olm_00-subscriptions.crd.yaml | 1837 --- ...50_olm_01-olm-operator.serviceaccount.yaml | 33 - ...000_50_olm_07-olm-operator.deployment.yaml | 63 - ...50_olm_08-catalog-operator.deployment.yaml | 58 - ...0000_50_olm_09-aggregated.clusterrole.yaml | 35 - .../0000_50_olm_13-operatorgroup-default.yaml | 17 - ...5-packageserver.clusterserviceversion.yaml | 132 - ...m_17-upstream-operators.catalogsource.yaml | 12 - .../0000_50_olm_00-catalogsources.crd.yaml | 169 - ..._50_olm_00-clusterserviceversions.crd.yaml | 4841 ------ .../0000_50_olm_00-installplans.crd.yaml | 265 - .../0.18.0/0000_50_olm_00-namespace.yaml | 12 - ...0000_50_olm_00-operatorconditions.crd.yaml | 144 - .../0000_50_olm_00-operatorgroups.crd.yaml | 235 - .../0.18.0/0000_50_olm_00-operators.crd.yaml | 140 - .../0000_50_olm_00-subscriptions.crd.yaml | 1344 -- ...50_olm_01-olm-operator.serviceaccount.yaml | 33 - ...000_50_olm_07-olm-operator.deployment.yaml | 63 - ...50_olm_08-catalog-operator.deployment.yaml | 58 - ...0000_50_olm_09-aggregated.clusterrole.yaml | 35 - .../0000_50_olm_13-operatorgroup-default.yaml | 17 - ...5-packageserver.clusterserviceversion.yaml | 132 - ...m_17-upstream-operators.catalogsource.yaml | 12 - .../0000_50_olm_00-catalogsources.crd.yaml | 169 - ..._50_olm_00-clusterserviceversions.crd.yaml | 4841 ------ .../0000_50_olm_00-installplans.crd.yaml | 265 - .../0.18.1/0000_50_olm_00-namespace.yaml | 12 - ...0000_50_olm_00-operatorconditions.crd.yaml | 144 - .../0000_50_olm_00-operatorgroups.crd.yaml | 235 - .../0.18.1/0000_50_olm_00-operators.crd.yaml | 140 - .../0000_50_olm_00-subscriptions.crd.yaml | 1344 -- ...50_olm_01-olm-operator.serviceaccount.yaml | 33 - ...000_50_olm_07-olm-operator.deployment.yaml | 63 - ...50_olm_08-catalog-operator.deployment.yaml | 58 - ...0000_50_olm_09-aggregated.clusterrole.yaml | 35 - .../0000_50_olm_13-operatorgroup-default.yaml | 17 - ...5-packageserver.clusterserviceversion.yaml | 135 - ...m_17-upstream-operators.catalogsource.yaml | 12 - .../0000_50_olm_00-catalogsources.crd.yaml | 169 - ..._50_olm_00-clusterserviceversions.crd.yaml | 4841 ------ .../0000_50_olm_00-installplans.crd.yaml | 265 - .../0.18.3/0000_50_olm_00-namespace.yaml | 12 - ...0000_50_olm_00-operatorconditions.crd.yaml | 308 - .../0000_50_olm_00-operatorgroups.crd.yaml | 235 - .../0.18.3/0000_50_olm_00-operators.crd.yaml | 140 - .../0000_50_olm_00-subscriptions.crd.yaml | 1344 -- ...50_olm_01-olm-operator.serviceaccount.yaml | 33 - ...000_50_olm_07-olm-operator.deployment.yaml | 60 - ...50_olm_08-catalog-operator.deployment.yaml | 54 - ...0000_50_olm_09-aggregated.clusterrole.yaml | 35 - .../0000_50_olm_13-operatorgroup-default.yaml | 17 - ...5-packageserver.clusterserviceversion.yaml | 135 - ...m_17-upstream-operators.catalogsource.yaml | 15 - .../0.4.0/01-alm-operator.serviceaccount.yaml | 11 - .../0.4.0/02-alm-operator.rolebinding.yaml | 16 - .../0.4.0/03-clusterserviceversion.crd.yaml | 413 - .../manifests/0.4.0/05-catalogsource.crd.yaml | 54 - .../manifests/0.4.0/06-installplan.crd.yaml | 60 - .../manifests/0.4.0/07-subscription.crd.yaml | 49 - .../0.4.0/08-tectonicocs.configmap.yaml | 1810 --- .../09-tectoniccomponents.configmap.yaml | 444 - .../0.4.0/10-tectonicocs.catalogsource.yaml | 19 - .../11-tectoniccomponents.catalogsource.yaml | 19 - .../0.4.0/12-alm-operator.deployment.yaml | 48 - .../0.4.0/13-catalog-operator.deployment.yaml | 44 - .../18-upstreamcomponents.configmap.yaml | 462 - .../19-upstreamcomponents.catalogsource.yaml | 19 - .../0.5.0/01-alm-operator.serviceaccount.yaml | 11 - .../0.5.0/02-alm-operator.rolebinding.yaml | 16 - .../0.5.0/03-clusterserviceversion.crd.yaml | 413 - .../manifests/0.5.0/05-catalogsource.crd.yaml | 54 - .../manifests/0.5.0/06-installplan.crd.yaml | 60 - .../manifests/0.5.0/07-subscription.crd.yaml | 49 - .../0.5.0/08-tectonicocs.configmap.yaml | 1810 --- .../09-tectoniccomponents.configmap.yaml | 444 - .../0.5.0/10-tectonicocs.catalogsource.yaml | 19 - .../11-tectoniccomponents.catalogsource.yaml | 19 - .../0.5.0/12-alm-operator.deployment.yaml | 48 - .../0.5.0/13-catalog-operator.deployment.yaml | 44 - .../18-upstreamcomponents.configmap.yaml | 462 - .../19-upstreamcomponents.catalogsource.yaml | 19 - .../0.6.0/01-alm-operator.serviceaccount.yaml | 9 - .../0.6.0/02-alm-operator.rolebinding.yaml | 14 - .../0.6.0/03-clusterserviceversion.crd.yaml | 438 - .../manifests/0.6.0/05-catalogsource.crd.yaml | 81 - .../manifests/0.6.0/06-installplan.crd.yaml | 78 - .../manifests/0.6.0/07-subscription.crd.yaml | 72 - .../manifests/0.6.0/08-ocs.configmap.yaml | 7254 --------- .../manifests/0.6.0/10-ocs.catalogsource.yaml | 16 - .../0.6.0/12-alm-operator.deployment.yaml | 47 - .../0.6.0/13-catalog-operator.deployment.yaml | 43 - .../0.6.0/20-aggregated-edit.clusterrole.yaml | 14 - .../0.6.0/21-aggregated-view.clusterrole.yaml | 13 - .../0.7.0/00-olm-operator.clusterrole.yaml | 12 - .../0.7.0/01-olm-operator.serviceaccount.yaml | 7 - .../0.7.0/02-olm-operator.rolebinding.yaml | 14 - .../0.7.0/03-clusterserviceversion.crd.yaml | 465 - .../manifests/0.7.0/05-catalogsource.crd.yaml | 81 - .../manifests/0.7.0/06-installplan.crd.yaml | 78 - .../manifests/0.7.0/07-subscription.crd.yaml | 72 - .../0.7.0/08-rh-operators.configmap.yaml | 9699 ------------ .../0.7.0/10-rh-operators.catalogsource.yaml | 16 - .../0.7.0/12-olm-operator.deployment.yaml | 47 - .../0.7.0/13-catalog-operator.deployment.yaml | 43 - .../0.7.0/20-aggregated-edit.clusterrole.yaml | 14 - .../0.7.0/21-aggregated-view.clusterrole.yaml | 13 - .../manifests/0.7.0/22-packageserver.yaml | 149 - .../manifests/0.7.1/0000_30_00-namespace.yaml | 6 - ...000_30_01-olm-operator.serviceaccount.yaml | 31 - .../0000_30_02-clusterserviceversion.crd.yaml | 694 - .../0.7.1/0000_30_03-installplan.crd.yaml | 78 - .../0.7.1/0000_30_04-subscription.crd.yaml | 72 - .../0.7.1/0000_30_05-catalogsource.crd.yaml | 81 - .../0000_30_06-rh-operators.configmap.yaml | 11364 ------------- ...0000_30_09-rh-operators.catalogsource.yaml | 16 - .../0000_30_10-olm-operator.deployment.yaml | 47 - ...000_30_11-catalog-operator.deployment.yaml | 43 - .../0000_30_12-aggregated.clusterrole.yaml | 26 - .../0.7.1/0000_30_13-packageserver.yaml | 149 - .../manifests/0.7.2/0000_30_00-namespace.yaml | 8 - ...000_30_01-olm-operator.serviceaccount.yaml | 31 - .../0000_30_02-clusterserviceversion.crd.yaml | 709 - .../0.7.2/0000_30_03-installplan.crd.yaml | 78 - .../0.7.2/0000_30_04-subscription.crd.yaml | 72 - .../0.7.2/0000_30_05-catalogsource.crd.yaml | 81 - .../0000_30_06-rh-operators.configmap.yaml | 11748 -------------- ...0000_30_09-rh-operators.catalogsource.yaml | 16 - .../0000_30_10-olm-operator.deployment.yaml | 47 - ...000_30_11-catalog-operator.deployment.yaml | 43 - .../0000_30_12-aggregated.clusterrole.yaml | 26 - .../0.7.2/0000_30_13-packageserver.yaml | 151 - .../manifests/0.7.4/0000_30_00-namespace.yaml | 8 - ...000_30_01-olm-operator.serviceaccount.yaml | 31 - .../0000_30_02-clusterserviceversion.crd.yaml | 718 - .../0.7.4/0000_30_03-installplan.crd.yaml | 78 - .../0.7.4/0000_30_04-subscription.crd.yaml | 72 - .../0.7.4/0000_30_05-catalogsource.crd.yaml | 81 - .../0000_30_06-rh-operators.configmap.yaml | 11756 -------------- ...0000_30_09-rh-operators.catalogsource.yaml | 16 - .../0000_30_10-olm-operator.deployment.yaml | 47 - ...000_30_11-catalog-operator.deployment.yaml | 42 - .../0000_30_12-aggregated.clusterrole.yaml | 26 - .../0.7.4/0000_30_13-packageserver.yaml | 151 - .../manifests/0.8.0/0000_30_00-namespace.yaml | 15 - ...000_30_01-olm-operator.serviceaccount.yaml | 31 - .../0000_30_02-clusterserviceversion.crd.yaml | 760 - .../0.8.0/0000_30_03-installplan.crd.yaml | 79 - .../0.8.0/0000_30_04-subscription.crd.yaml | 74 - .../0.8.0/0000_30_05-catalogsource.crd.yaml | 120 - .../0000_30_06-rh-operators.configmap.yaml | 13200 ---------------- ...0000_30_09-rh-operators.catalogsource.yaml | 16 - .../0000_30_10-olm-operator.deployment.yaml | 46 - ...000_30_11-catalog-operator.deployment.yaml | 41 - .../0000_30_12-aggregated.clusterrole.yaml | 26 - .../0.8.0/0000_30_13-operatorgroup.crd.yaml | 86 - .../0000_30_14-olm-operators.configmap.yaml | 128 - ...000_30_15-olm-operators.catalogsource.yaml | 14 - .../0000_30_16-operatorgroup-default.yaml | 16 - ...0000_30_17-packageserver.subscription.yaml | 14 - .../0.8.1/0000_50_olm_00-namespace.yaml | 15 - ...50_olm_01-olm-operator.serviceaccount.yaml | 31 - ...0_50_olm_02-clusterserviceversion.crd.yaml | 767 - .../0.8.1/0000_50_olm_03-installplan.crd.yaml | 79 - .../0000_50_olm_04-subscription.crd.yaml | 74 - .../0000_50_olm_05-catalogsource.crd.yaml | 129 - ...000_50_olm_06-olm-operator.deployment.yaml | 52 - ...50_olm_07-catalog-operator.deployment.yaml | 45 - ...0000_50_olm_08-aggregated.clusterrole.yaml | 28 - .../0000_50_olm_09-operatorgroup.crd.yaml | 96 - ...000_50_olm_10-olm-operators.configmap.yaml | 128 - ...50_olm_11-olm-operators.catalogsource.yaml | 14 - .../0000_50_olm_12-operatorgroup-default.yaml | 16 - ..._50_olm_13-packageserver.subscription.yaml | 14 - ...m_17-upstream-operators.catalogsource.yaml | 14 - .../0.9.0/0000_50_olm_00-namespace.yaml | 13 - ...50_olm_01-olm-operator.serviceaccount.yaml | 31 - ...0_50_olm_03-clusterserviceversion.crd.yaml | 767 - .../0.9.0/0000_50_olm_04-installplan.crd.yaml | 79 - .../0000_50_olm_05-subscription.crd.yaml | 74 - .../0000_50_olm_06-catalogsource.crd.yaml | 129 - ...000_50_olm_07-olm-operator.deployment.yaml | 57 - ...50_olm_08-catalog-operator.deployment.yaml | 52 - ...0000_50_olm_09-aggregated.clusterrole.yaml | 28 - .../0000_50_olm_10-operatorgroup.crd.yaml | 99 - ...000_50_olm_11-olm-operators.configmap.yaml | 131 - ...50_olm_12-olm-operators.catalogsource.yaml | 14 - .../0000_50_olm_13-operatorgroup-default.yaml | 16 - ..._50_olm_14-packageserver.subscription.yaml | 14 - ...m_18-upstream-operators.catalogsource.yaml | 12 - .../deploy/upstream/manifests/latest | 1 - .../test/e2e/collect-ci-artifacts.sh | 1 - .../test/e2e/webhook_e2e_test.go | 94 +- 321 files changed, 88 insertions(+), 174574 deletions(-) delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_00-namespace.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_03-clusterserviceversion.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_04-installplan.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_05-subscription.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_06-catalogsource.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_07-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_08-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_09-aggregated.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_10-operatorgroup.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_11-olm-operators.configmap.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_12-olm-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_13-operatorgroup-default.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_14-packageserver.subscription.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_18-upstream-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_00-namespace.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_03-clusterserviceversion.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_04-installplan.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_05-subscription.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_06-catalogsource.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_07-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_08-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_09-aggregated.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_10-operatorgroup.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_11-olm-operators.configmap.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_12-olm-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_13-operatorgroup-default.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_14-packageserver.subscription.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_18-upstream-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_00-namespace.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_03-clusterserviceversion.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_04-installplan.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_05-subscription.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_06-catalogsource.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_07-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_08-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_09-aggregated.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_10-operatorgroup.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_13-operatorgroup-default.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_17-upstream-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_00-namespace.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_03-clusterserviceversion.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_04-installplan.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_05-subscription.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_06-catalogsource.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_07-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_08-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_09-aggregated.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_10-operatorgroup.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_13-operatorgroup-default.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_17-upstream-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_00-namespace.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_03-clusterserviceversion.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_04-installplan.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_05-subscription.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_06-catalogsource.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_07-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_08-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_09-aggregated.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_10-operatorgroup.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_13-operatorgroup-default.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_17-upstream-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_00-namespace.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_03-clusterserviceversion.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_04-installplan.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_05-subscription.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_06-catalogsource.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_07-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_08-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_09-aggregated.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_10-operatorgroup.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_13-operatorgroup-default.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_15-packageserver.clusterserviceversion.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_17-upstream-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-catalogsources.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-clusterserviceversions.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-installplans.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-namespace.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-operatorgroups.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-subscriptions.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_07-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_08-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_09-aggregated.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_13-operatorgroup-default.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_17-upstream-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-catalogsources.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-clusterserviceversions.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-installplans.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-namespace.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-operatorgroups.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-subscriptions.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_07-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_08-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_09-aggregated.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_13-operatorgroup-default.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_15-packageserver.clusterserviceversion.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_17-upstream-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-catalogsources.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-clusterserviceversions.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-installplans.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-namespace.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-operatorgroups.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-operators.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-subscriptions.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_07-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_08-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_09-aggregated.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_13-operatorgroup-default.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_15-packageserver.clusterserviceversion.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_17-upstream-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-catalogsources.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-clusterserviceversions.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-installplans.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-namespace.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-operatorgroups.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-operators.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-subscriptions.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_07-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_08-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_09-aggregated.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_13-operatorgroup-default.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_17-upstream-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-catalogsources.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-clusterserviceversions.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-installplans.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-namespace.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-operatorconditions.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-operatorgroups.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-operators.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-subscriptions.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_07-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_08-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_09-aggregated.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_13-operatorgroup-default.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_17-upstream-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-catalogsources.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-clusterserviceversions.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-installplans.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-namespace.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-operatorconditions.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-operatorgroups.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-operators.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-subscriptions.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_07-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_08-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_09-aggregated.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_13-operatorgroup-default.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_15-packageserver.clusterserviceversion.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_17-upstream-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-catalogsources.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-clusterserviceversions.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-installplans.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-namespace.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-operatorconditions.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-operatorgroups.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-operators.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-subscriptions.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_07-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_08-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_09-aggregated.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_13-operatorgroup-default.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_15-packageserver.clusterserviceversion.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_17-upstream-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/01-alm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/02-alm-operator.rolebinding.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/03-clusterserviceversion.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/05-catalogsource.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/06-installplan.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/07-subscription.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/08-tectonicocs.configmap.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/09-tectoniccomponents.configmap.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/10-tectonicocs.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/11-tectoniccomponents.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/12-alm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/13-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/18-upstreamcomponents.configmap.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/19-upstreamcomponents.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/01-alm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/02-alm-operator.rolebinding.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/03-clusterserviceversion.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/05-catalogsource.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/06-installplan.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/07-subscription.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/08-tectonicocs.configmap.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/09-tectoniccomponents.configmap.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/10-tectonicocs.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/11-tectoniccomponents.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/12-alm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/13-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/18-upstreamcomponents.configmap.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/19-upstreamcomponents.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/01-alm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/02-alm-operator.rolebinding.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/03-clusterserviceversion.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/05-catalogsource.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/06-installplan.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/07-subscription.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/08-ocs.configmap.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/10-ocs.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/12-alm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/13-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/21-aggregated-view.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/00-olm-operator.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/02-olm-operator.rolebinding.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/03-clusterserviceversion.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/05-catalogsource.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/06-installplan.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/07-subscription.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/08-rh-operators.configmap.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/10-rh-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/12-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/13-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/20-aggregated-edit.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/21-aggregated-view.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/22-packageserver.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_00-namespace.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_02-clusterserviceversion.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_03-installplan.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_04-subscription.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_05-catalogsource.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_06-rh-operators.configmap.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_09-rh-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_10-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_11-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_12-aggregated.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_13-packageserver.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_00-namespace.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_02-clusterserviceversion.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_03-installplan.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_04-subscription.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_05-catalogsource.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_06-rh-operators.configmap.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_09-rh-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_10-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_11-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_12-aggregated.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_13-packageserver.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_00-namespace.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_02-clusterserviceversion.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_03-installplan.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_04-subscription.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_05-catalogsource.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_06-rh-operators.configmap.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_09-rh-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_10-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_11-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_12-aggregated.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_13-packageserver.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_00-namespace.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_02-clusterserviceversion.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_03-installplan.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_04-subscription.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_05-catalogsource.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_06-rh-operators.configmap.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_09-rh-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_10-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_11-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_12-aggregated.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_13-operatorgroup.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_14-olm-operators.configmap.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_15-olm-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_16-operatorgroup-default.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_17-packageserver.subscription.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_00-namespace.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_02-clusterserviceversion.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_03-installplan.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_04-subscription.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_05-catalogsource.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_06-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_07-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_08-aggregated.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_09-operatorgroup.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_10-olm-operators.configmap.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_11-olm-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_12-operatorgroup-default.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_13-packageserver.subscription.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_17-upstream-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_00-namespace.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_01-olm-operator.serviceaccount.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_03-clusterserviceversion.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_04-installplan.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_05-subscription.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_06-catalogsource.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_07-olm-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_08-catalog-operator.deployment.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_09-aggregated.clusterrole.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_10-operatorgroup.crd.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_11-olm-operators.configmap.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_12-olm-operators.catalogsource.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_13-operatorgroup-default.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_14-packageserver.subscription.yaml delete mode 100644 staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_18-upstream-operators.catalogsource.yaml delete mode 120000 staging/operator-lifecycle-manager/deploy/upstream/manifests/latest diff --git a/staging/operator-lifecycle-manager/Makefile b/staging/operator-lifecycle-manager/Makefile index dc22f4002d..43556ed53f 100644 --- a/staging/operator-lifecycle-manager/Makefile +++ b/staging/operator-lifecycle-manager/Makefile @@ -297,14 +297,14 @@ e2e: #HELP Run e2e tests against a cluster running OLM (params: $E2E_TEST_NS (op $(GO_TEST_ENV) $(GINKGO) -timeout $(E2E_TIMEOUT) $(GINKGO_OPTS) $(E2E_GINKGO_OPTS) ./test/e2e -- -namespace=$(E2E_TEST_NS) -olmNamespace=$(E2E_INSTALL_NS) -catalogNamespace=$(E2E_CATALOG_NS) $(E2E_OPTS) .PHONY: e2e-local -e2e-local: e2e-build kind-create e2e-local-deploy e2e +e2e-local: e2e-build kind-create cert-manager-install e2e-local-deploy e2e .PHONY: e2e-local-deploy -e2e-local-deploy: $(KIND) $(HELM) #HELP Deploy OLM for e2e testing (without cert-manager) +e2e-local-deploy: $(KIND) $(HELM) #HELP Deploy OLM for e2e testing $(KIND) load docker-image $(OLM_IMAGE) --name $(KIND_CLUSTER_NAME); \ $(HELM) upgrade --install olm deploy/chart \ --set debug=true \ - --set certManager.enabled=false \ + --set certManager.enabled=true \ --set olm.image.ref=$(OLM_IMAGE) \ --set olm.image.pullPolicy=IfNotPresent \ --set catalog.image.ref=$(OLM_IMAGE) \ diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_00-namespace.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_00-namespace.yaml deleted file mode 100644 index f2eda530b0..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_00-namespace.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: olm - ---- -apiVersion: v1 -kind: Namespace -metadata: - name: operators - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_01-olm-operator.serviceaccount.yaml deleted file mode 100644 index 1a2e303d86..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] ---- -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-olm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_03-clusterserviceversion.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_03-clusterserviceversion.crd.yaml deleted file mode 100644 index 404109e5e0..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_03-clusterserviceversion.crd.yaml +++ /dev/null @@ -1,768 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_03-clusterserviceversion.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterserviceversions.operators.coreos.com - annotations: - displayName: Operator Version - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. -spec: - names: - plural: clusterserviceversions - singular: clusterserviceversion - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - shortNames: - - csv - - csvs - categories: - - olm - additionalPrinterColumns: - - name: Display - type: string - description: The name of the CSV - JSONPath: .spec.displayName - - name: Version - type: string - description: The version of the CSV - JSONPath: .spec.version - - name: Replaces - type: string - description: The name of a CSV that this one replaces - JSONPath: .spec.replaces - - name: Phase - type: string - JSONPath: .status.phase - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. - properties: - spec: - type: object - description: Spec for a ClusterServiceVersion - required: - - displayName - - install - properties: - displayName: - type: string - description: Human readable name of the application that will be displayed in the ALM UI - - description: - type: string - description: Human readable description of what the application does - - minKubeVersion: - type: string - description: Minimum kubernetes version requirement on the server to deploy operator - pattern: ^\bv?(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - keywords: - type: array - description: List of keywords which will be used to discover and categorize app types - items: - type: string - - maintainers: - type: array - description: Those responsible for the creation of this specific app type - items: - type: object - description: Information for a single maintainer - required: - - name - - email - properties: - name: - type: string - description: Maintainer's name - email: - type: string - description: Maintainer's email address - format: email - optionalProperties: - type: string - description: "Any additional key-value metadata you wish to expose about the maintainer, e.g. github: " - - links: - type: array - description: Interesting links to find more information about the project, such as marketing page, documentation, or github page - items: - type: object - description: A single link to describe one aspect of the project - required: - - name - - url - properties: - name: - type: string - description: Name of the link type, e.g. homepage or github url - url: - type: string - description: URL to which the link should point - format: uri - - icon: - type: array - description: Icon which should be rendered with the application information - items: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - description: Base64 binary representation of the icon image - mediatype: - type: string - description: Mediatype for the binary data specified in the base64data property - enum: - - image/gif - - image/jpeg - - image/png - - image/svg+xml - version: - type: string - description: Version string, recommended that users use semantic versioning - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - replaces: - type: string - description: Name of the ClusterServiceVersion custom resource that this version replaces - - maturity: - type: string - description: What level of maturity the software has achieved at this version - enum: - - planning - - pre-alpha - - alpha - - beta - - stable - - mature - - inactive - - deprecated - labels: - type: object - description: Labels that will be applied to associated resources created by the operator. - selector: - type: object - description: Label selector to find resources associated with or managed by the operator - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - nativeAPIs: - type: array - description: What resources are required by the Operator, but must be provided by the underlying cluster and not as an extension. - items: - type: object - required: - - group - - version - - kind - properties: - group: - type: string - description: Group of the API resource - version: - type: string - description: Version of the API resource - kind: - type: string - description: Kind of the API resource - apiservicedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - name - - deploymentName - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - name: - type: string - description: The plural name for the APIService provided - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the APIService - required: - - kind - - version - properties: - name: - type: string - description: If a APIService, the fully qualified name of the APIService (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the API resource and can be found here instead of on the API resource. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the APIService resource. - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this spec is the same for all instances of the API Resource and can be found here instead of on the API resource. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - description: If present, the value of this action is the same for all instances of the API resource and can be found here instead of on the API resource. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - name - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - name: - type: string - description: The plural name for the APIService provided - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the APIService - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API Resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the API Resource and can be found here instead of on the API Resource. - - customresourcedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the CRD - required: - - kind - - version - properties: - name: - type: string - description: If a CRD, the fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this spec is the same for all instances of the CRD and can be found here instead of on the CR. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - description: If present, the value of this action is the same for all instances of the CRD and can be found here instead of on the CR. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - - - install: - type: object - description: Information required to install this specific version of the operator software - oneOf: - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['image'] - spec: - type: object - required: - - image - properties: - image: - type: string - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['deployment'] - spec: - type: object - required: - - deployments - properties: - installModes: - type: array - description: List of supported install modes for the operator - items: - type: object - description: A tuple representing a mode of installation and whether the operator supports it - required: - - type - - supported - properties: - type: - type: string - description: A type of install mode - enum: - - OwnNamespace - - SingleNamespace - - MultiNamespace - - AllNamespaces - supported: - type: boolean - description: Represents if the install mode type is supported - deployments: - type: array - description: List of deployments to create - items: - type: object - description: A name and deployment to create in the cluster - required: - - name - - spec - properties: - name: - type: string - description: the consistent name of the deployment - spec: - type: object - description: The deployment spec to create in the cluster - permissions: - type: array - description: Permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - assign - - get - - list - - watch - - create - - update - - patch - - delete - - deletecollection - - initialize - - use - clusterPermissions: - type: array - description: Cluster permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - required: - - verbs - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - nonResourceURLs: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - assign - - get - - list - - watch - - create - - update - - patch - - put - - post - - delete - - deletecollection - - initialize - - use - status: - type: object - description: Status for a ClusterServiceVersion diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_04-installplan.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_04-installplan.crd.yaml deleted file mode 100644 index 627ce931e3..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_04-installplan.crd.yaml +++ /dev/null @@ -1,80 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_04-installplan.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: installplans.operators.coreos.com - annotations: - displayName: Install Plan - description: Represents a plan to install and resolve dependencies for Cluster Services -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: installplans - singular: installplan - kind: InstallPlan - listKind: InstallPlanList - shortNames: - - ip - categories: - - olm - additionalPrinterColumns: - - name: CSV - type: string - description: The first CSV in the list of clusterServiceVersionNames - JSONPath: .spec.clusterServiceVersionNames[0] - - name: Source - type: string - description: The catalog source for the specified CSVs. - JSONPath: .spec.source - - name: Approval - type: string - description: The approval mode - JSONPath: .spec.approval - - name: Approved - type: boolean - JSONPath: .spec.approved - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: Represents a plan to install and resolve dependencies for Cluster Services. - properties: - spec: - type: object - description: Spec for an InstallPlan - required: - - clusterServiceVersionNames - - approval - properties: - source: - type: string - description: Name of the preferred CatalogSource - sourceNamespace: - type: string - description: Namespace that contains the preffered CatalogSource - clusterServiceVersionNames: - type: array - description: A list of the names of the Cluster Services - items: - type: string - anyOf: - - properties: - approval: - enum: - - Manual - approved: - type: boolean - required: - - approved - - properties: - approval: - enum: - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_05-subscription.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_05-subscription.crd.yaml deleted file mode 100644 index b9265baa0b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_05-subscription.crd.yaml +++ /dev/null @@ -1,75 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_05-subscription.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.operators.coreos.com - annotations: - displayName: Subscription - description: Subscribes service catalog to a source and channel to recieve updates for packages. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: subscriptions - singular: subscription - kind: Subscription - listKind: SubscriptionList - shortNames: - - sub - - subs - categories: - - olm - additionalPrinterColumns: - - name: Package - type: string - description: The package subscribed to - JSONPath: .spec.name - - name: Source - type: string - description: The catalog source for the specified package - JSONPath: .spec.source - - name: Channel - type: string - description: The channel of updates to subscribe to - JSONPath: .spec.channel - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: Subscribes service catalog to a source and channel to recieve updates for packages. - properties: - spec: - type: object - description: Spec for a Subscription - required: - - source - - name - properties: - source: - type: string - description: Name of a CatalogSource that defines where and how to find the channel - sourceNamespace: - type: string - description: The Kubernetes namespace where the CatalogSource used is located - name: - type: string - description: Name of the package that defines the application - channel: - type: string - description: Name of the channel to track - startingCSV: - type: string - description: Name of the AppType that this subscription tracks - installPlanApproval: - type: string - description: Approval mode for emitted InstallPlans - enum: - - Manual - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_06-catalogsource.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_06-catalogsource.crd.yaml deleted file mode 100644 index 991a5e72c2..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_06-catalogsource.crd.yaml +++ /dev/null @@ -1,130 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_06-catalogsource.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: catalogsources.operators.coreos.com - annotations: - displayName: CatalogSource - description: A source configured to find packages and updates. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: catalogsources - singular: catalogsource - kind: CatalogSource - listKind: CatalogSourceList - shortNames: - - catsrc - categories: - - olm - additionalPrinterColumns: - - name: Name - type: string - description: The pretty name of the catalog - JSONPath: .spec.displayName - - name: Type - type: string - description: The type of the catalog - JSONPath: .spec.sourceType - - name: Publisher - type: string - description: The publisher of the catalog - JSONPath: .spec.publisher - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: A source configured to find packages and updates. - properties: - spec: - type: object - description: Spec for a catalog source. - required: - - sourceType - properties: - sourceType: - type: string - description: The type of the source. `configmap` is the new name for `internal` - enum: - - internal # deprecated - - configmap - - grpc - - configMap: - type: string - description: The name of a ConfigMap that holds the entries for an in-memory catalog. - - address: - type: string - description: An optional address. When set, directs OLM to connect to use a pre-existing registry server at this address. - - image: - type: string - description: An image that serves a grpc registry. Only valid for `grpc` sourceType. If both image and address are set, OLM does not use the address field. - - displayName: - type: string - description: Pretty name for display - - publisher: - type: string - description: The name of an entity that publishes this catalog - - secrets: - type: array - description: A set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. - items: - type: string - description: A name of a secret in the namespace where the CatalogSource is defined. - status: - type: object - description: The status of the CatalogSource - properties: - configMapReference: - type: object - description: If sourceType is `internal` or `configmap`, then this holds a reference to the configmap associated with this CatalogSource. - properties: - name: - type: string - description: name of the configmap - namespace: - type: string - description: namespace of the configmap - resourceVersion: - type: string - description: resourceVersion of the configmap - uid: - type: string - description: uid of the configmap - registryService: - type: object - properties: - protocol: - type: string - description: protocol of the registry service - enum: - - grpc - serviceName: - type: string - description: name of the registry service - serviceNamespace: - type: string - description: namespace of the registry service - port: - type: string - description: port of the registry service - lastSync: - type: string - description: the last time the catalog was updated. If this time is less than the last updated time on the object, the catalog will be re-cached. - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_07-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_07-olm-operator.deployment.yaml deleted file mode 100644 index 9a2cf186f5..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_07-olm-operator.deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_07-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: olm - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - args: - - -writeStatusName - - "" - image: quay.io/operator-framework/olm@sha256:93751ae9d398d571c2cb3d11b0ac4ae052117fd1726025364a6f2f3a5caef68e - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator - - - nodeSelector: - beta.kubernetes.io/os: linux - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_08-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_08-catalog-operator.deployment.yaml deleted file mode 100644 index f66fd49b58..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_08-catalog-operator.deployment.yaml +++ /dev/null @@ -1,53 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_08-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: olm - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - args: - - '-namespace' - - olm - - -configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest - image: quay.io/operator-framework/olm@sha256:93751ae9d398d571c2cb3d11b0ac4ae052117fd1726025364a6f2f3a5caef68e - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - - - nodeSelector: - beta.kubernetes.io/os: linux - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_09-aggregated.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_09-aggregated.clusterrole.yaml deleted file mode 100644 index 5665a36a99..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_09-aggregated.clusterrole.yaml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["subscriptions"] - verbs: ["create", "update", "patch", "delete"] -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] - verbs: ["delete"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "admin", "edit" and "view" default roles - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "operatorgroups"] - verbs: ["get", "list", "watch"] -- apiGroups: ["packages.operators.coreos.com"] - resources: ["packagemanifests"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_10-operatorgroup.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_10-operatorgroup.crd.yaml deleted file mode 100644 index 43c9b708e5..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_10-operatorgroup.crd.yaml +++ /dev/null @@ -1,99 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_10-operatorgroup.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: operatorgroups.operators.coreos.com -spec: - group: operators.coreos.com - version: v1 - versions: - - name: v1 - served: true - storage: true - - name: v1alpha2 - served: true - storage: false - names: - plural: operatorgroups - singular: operatorgroup - kind: OperatorGroup - listKind: OperatorGroupList - shortNames: - - og - categories: - - olm - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: A grouping of namespaces for usage with an operator. - properties: - spec: - properties: - selector: - type: object - description: Optional label selector to find resources associated with or managed by the operator - anyOf: - - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - required: - - matchLabels - - properties: - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - required: - - matchExpressions - targetNamespaces: - type: array - description: Optional list of target namespaces. If set, OLM will ignore selector. - items: - type: string - pattern: ^\S+$ - serviceAccountName: - type: string - staticProvidedAPIs: - type: boolean - description: If true, OLM will not modify the OperatorGroup's providedAPIs annotation. - type: object - status: - properties: - lastUpdated: - format: date-time - type: string - namespaces: - items: - type: string - type: array - required: - - lastUpdated - type: object - required: - - metadata diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_11-olm-operators.configmap.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_11-olm-operators.configmap.yaml deleted file mode 100644 index 344fb376d8..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_11-olm-operators.configmap.yaml +++ /dev/null @@ -1,132 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_11-olm-operators.configmap.yaml -kind: ConfigMap -apiVersion: v1 -metadata: - name: olm-operators - namespace: olm -data: - customResourceDefinitions: |- - clusterServiceVersions: |- - - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: packageserver.v0.10.0 - namespace: olm - spec: - displayName: Package Server - description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion. - minKubeVersion: 1.11.0 - keywords: ['packagemanifests', 'olm', 'packages'] - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - provider: - name: Red Hat - links: - - name: Package Server - url: https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/package-server - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: true - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - clusterPermissions: - - serviceAccountName: packageserver - rules: - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - get - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "operators.coreos.com" - resources: - - catalogsources - verbs: - - get - - list - - watch - - apiGroups: - - "packages.operators.coreos.com" - resources: - - packagemanifests - verbs: - - get - - list - deployments: - - name: packageserver - spec: - strategy: - type: RollingUpdate - replicas: 2 - selector: - matchLabels: - app: packageserver - template: - metadata: - labels: - app: packageserver - spec: - serviceAccountName: packageserver - nodeSelector: - beta.kubernetes.io/os: linux - - containers: - - name: packageserver - command: - - /bin/package-server - - -v=4 - - --secure-port - - "5443" - - --global-namespace - - olm - image: quay.io/operator-framework/olm@sha256:93751ae9d398d571c2cb3d11b0ac4ae052117fd1726025364a6f2f3a5caef68e - imagePullPolicy: Always - ports: - - containerPort: 5443 - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - terminationMessagePolicy: FallbackToLogsOnError - maturity: alpha - version: 0.10.0 - apiservicedefinitions: - owned: - - group: packages.operators.coreos.com - version: v1 - kind: PackageManifest - name: packagemanifests - displayName: PackageManifest - description: A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps - deploymentName: packageserver - containerPort: 5443 - packages: |- - - packageName: packageserver - channels: - - name: alpha - currentCSV: packageserver.v0.10.0 diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_12-olm-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_12-olm-operators.catalogsource.yaml deleted file mode 100644 index b1be6a6556..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_12-olm-operators.catalogsource.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_12-olm-operators.catalogsource.yaml -#! validate-crd: ./deploy/chart/templates/06-catalogsource.crd.yaml -#! parse-kind: CatalogSource -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: olm-operators - namespace: olm -spec: - sourceType: internal - configMap: olm-operators - displayName: OLM Operators - publisher: Red Hat diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_13-operatorgroup-default.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_13-operatorgroup-default.yaml deleted file mode 100644 index 0284583006..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_13-operatorgroup-default.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: global-operators - namespace: operators ---- -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: olm-operators - namespace: olm -spec: - targetNamespaces: - - olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_14-packageserver.subscription.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_14-packageserver.subscription.yaml deleted file mode 100644 index 69ea7b01aa..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_14-packageserver.subscription.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_14-packageserver.subscription.yaml -#! validate-crd: ./deploy/chart/templates/05-subscription.crd.yaml -#! parse-kind: Subscription -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - name: packageserver - namespace: olm -spec: - source: olm-operators - sourceNamespace: olm - name: packageserver - channel: alpha diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_18-upstream-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_18-upstream-operators.catalogsource.yaml deleted file mode 100644 index 3275c6f278..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.0/0000_50_olm_18-upstream-operators.catalogsource.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_18-upstream-operators.catalogsource.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: operatorhubio-catalog - namespace: olm -spec: - sourceType: grpc - image: quay.io/operator-framework/upstream-community-operators:latest - displayName: Community Operators - publisher: OperatorHub.io diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_00-namespace.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_00-namespace.yaml deleted file mode 100644 index f2eda530b0..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_00-namespace.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: olm - ---- -apiVersion: v1 -kind: Namespace -metadata: - name: operators - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_01-olm-operator.serviceaccount.yaml deleted file mode 100644 index 1a2e303d86..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] ---- -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-olm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_03-clusterserviceversion.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_03-clusterserviceversion.crd.yaml deleted file mode 100644 index 404109e5e0..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_03-clusterserviceversion.crd.yaml +++ /dev/null @@ -1,768 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_03-clusterserviceversion.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterserviceversions.operators.coreos.com - annotations: - displayName: Operator Version - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. -spec: - names: - plural: clusterserviceversions - singular: clusterserviceversion - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - shortNames: - - csv - - csvs - categories: - - olm - additionalPrinterColumns: - - name: Display - type: string - description: The name of the CSV - JSONPath: .spec.displayName - - name: Version - type: string - description: The version of the CSV - JSONPath: .spec.version - - name: Replaces - type: string - description: The name of a CSV that this one replaces - JSONPath: .spec.replaces - - name: Phase - type: string - JSONPath: .status.phase - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. - properties: - spec: - type: object - description: Spec for a ClusterServiceVersion - required: - - displayName - - install - properties: - displayName: - type: string - description: Human readable name of the application that will be displayed in the ALM UI - - description: - type: string - description: Human readable description of what the application does - - minKubeVersion: - type: string - description: Minimum kubernetes version requirement on the server to deploy operator - pattern: ^\bv?(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - keywords: - type: array - description: List of keywords which will be used to discover and categorize app types - items: - type: string - - maintainers: - type: array - description: Those responsible for the creation of this specific app type - items: - type: object - description: Information for a single maintainer - required: - - name - - email - properties: - name: - type: string - description: Maintainer's name - email: - type: string - description: Maintainer's email address - format: email - optionalProperties: - type: string - description: "Any additional key-value metadata you wish to expose about the maintainer, e.g. github: " - - links: - type: array - description: Interesting links to find more information about the project, such as marketing page, documentation, or github page - items: - type: object - description: A single link to describe one aspect of the project - required: - - name - - url - properties: - name: - type: string - description: Name of the link type, e.g. homepage or github url - url: - type: string - description: URL to which the link should point - format: uri - - icon: - type: array - description: Icon which should be rendered with the application information - items: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - description: Base64 binary representation of the icon image - mediatype: - type: string - description: Mediatype for the binary data specified in the base64data property - enum: - - image/gif - - image/jpeg - - image/png - - image/svg+xml - version: - type: string - description: Version string, recommended that users use semantic versioning - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - replaces: - type: string - description: Name of the ClusterServiceVersion custom resource that this version replaces - - maturity: - type: string - description: What level of maturity the software has achieved at this version - enum: - - planning - - pre-alpha - - alpha - - beta - - stable - - mature - - inactive - - deprecated - labels: - type: object - description: Labels that will be applied to associated resources created by the operator. - selector: - type: object - description: Label selector to find resources associated with or managed by the operator - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - nativeAPIs: - type: array - description: What resources are required by the Operator, but must be provided by the underlying cluster and not as an extension. - items: - type: object - required: - - group - - version - - kind - properties: - group: - type: string - description: Group of the API resource - version: - type: string - description: Version of the API resource - kind: - type: string - description: Kind of the API resource - apiservicedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - name - - deploymentName - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - name: - type: string - description: The plural name for the APIService provided - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the APIService - required: - - kind - - version - properties: - name: - type: string - description: If a APIService, the fully qualified name of the APIService (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the API resource and can be found here instead of on the API resource. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the APIService resource. - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this spec is the same for all instances of the API Resource and can be found here instead of on the API resource. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - description: If present, the value of this action is the same for all instances of the API resource and can be found here instead of on the API resource. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - name - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - name: - type: string - description: The plural name for the APIService provided - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the APIService - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API Resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the API Resource and can be found here instead of on the API Resource. - - customresourcedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the CRD - required: - - kind - - version - properties: - name: - type: string - description: If a CRD, the fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this spec is the same for all instances of the CRD and can be found here instead of on the CR. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - description: If present, the value of this action is the same for all instances of the CRD and can be found here instead of on the CR. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - - - install: - type: object - description: Information required to install this specific version of the operator software - oneOf: - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['image'] - spec: - type: object - required: - - image - properties: - image: - type: string - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['deployment'] - spec: - type: object - required: - - deployments - properties: - installModes: - type: array - description: List of supported install modes for the operator - items: - type: object - description: A tuple representing a mode of installation and whether the operator supports it - required: - - type - - supported - properties: - type: - type: string - description: A type of install mode - enum: - - OwnNamespace - - SingleNamespace - - MultiNamespace - - AllNamespaces - supported: - type: boolean - description: Represents if the install mode type is supported - deployments: - type: array - description: List of deployments to create - items: - type: object - description: A name and deployment to create in the cluster - required: - - name - - spec - properties: - name: - type: string - description: the consistent name of the deployment - spec: - type: object - description: The deployment spec to create in the cluster - permissions: - type: array - description: Permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - assign - - get - - list - - watch - - create - - update - - patch - - delete - - deletecollection - - initialize - - use - clusterPermissions: - type: array - description: Cluster permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - required: - - verbs - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - nonResourceURLs: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - assign - - get - - list - - watch - - create - - update - - patch - - put - - post - - delete - - deletecollection - - initialize - - use - status: - type: object - description: Status for a ClusterServiceVersion diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_04-installplan.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_04-installplan.crd.yaml deleted file mode 100644 index 627ce931e3..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_04-installplan.crd.yaml +++ /dev/null @@ -1,80 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_04-installplan.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: installplans.operators.coreos.com - annotations: - displayName: Install Plan - description: Represents a plan to install and resolve dependencies for Cluster Services -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: installplans - singular: installplan - kind: InstallPlan - listKind: InstallPlanList - shortNames: - - ip - categories: - - olm - additionalPrinterColumns: - - name: CSV - type: string - description: The first CSV in the list of clusterServiceVersionNames - JSONPath: .spec.clusterServiceVersionNames[0] - - name: Source - type: string - description: The catalog source for the specified CSVs. - JSONPath: .spec.source - - name: Approval - type: string - description: The approval mode - JSONPath: .spec.approval - - name: Approved - type: boolean - JSONPath: .spec.approved - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: Represents a plan to install and resolve dependencies for Cluster Services. - properties: - spec: - type: object - description: Spec for an InstallPlan - required: - - clusterServiceVersionNames - - approval - properties: - source: - type: string - description: Name of the preferred CatalogSource - sourceNamespace: - type: string - description: Namespace that contains the preffered CatalogSource - clusterServiceVersionNames: - type: array - description: A list of the names of the Cluster Services - items: - type: string - anyOf: - - properties: - approval: - enum: - - Manual - approved: - type: boolean - required: - - approved - - properties: - approval: - enum: - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_05-subscription.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_05-subscription.crd.yaml deleted file mode 100644 index b9265baa0b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_05-subscription.crd.yaml +++ /dev/null @@ -1,75 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_05-subscription.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.operators.coreos.com - annotations: - displayName: Subscription - description: Subscribes service catalog to a source and channel to recieve updates for packages. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: subscriptions - singular: subscription - kind: Subscription - listKind: SubscriptionList - shortNames: - - sub - - subs - categories: - - olm - additionalPrinterColumns: - - name: Package - type: string - description: The package subscribed to - JSONPath: .spec.name - - name: Source - type: string - description: The catalog source for the specified package - JSONPath: .spec.source - - name: Channel - type: string - description: The channel of updates to subscribe to - JSONPath: .spec.channel - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: Subscribes service catalog to a source and channel to recieve updates for packages. - properties: - spec: - type: object - description: Spec for a Subscription - required: - - source - - name - properties: - source: - type: string - description: Name of a CatalogSource that defines where and how to find the channel - sourceNamespace: - type: string - description: The Kubernetes namespace where the CatalogSource used is located - name: - type: string - description: Name of the package that defines the application - channel: - type: string - description: Name of the channel to track - startingCSV: - type: string - description: Name of the AppType that this subscription tracks - installPlanApproval: - type: string - description: Approval mode for emitted InstallPlans - enum: - - Manual - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_06-catalogsource.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_06-catalogsource.crd.yaml deleted file mode 100644 index 991a5e72c2..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_06-catalogsource.crd.yaml +++ /dev/null @@ -1,130 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_06-catalogsource.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: catalogsources.operators.coreos.com - annotations: - displayName: CatalogSource - description: A source configured to find packages and updates. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: catalogsources - singular: catalogsource - kind: CatalogSource - listKind: CatalogSourceList - shortNames: - - catsrc - categories: - - olm - additionalPrinterColumns: - - name: Name - type: string - description: The pretty name of the catalog - JSONPath: .spec.displayName - - name: Type - type: string - description: The type of the catalog - JSONPath: .spec.sourceType - - name: Publisher - type: string - description: The publisher of the catalog - JSONPath: .spec.publisher - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: A source configured to find packages and updates. - properties: - spec: - type: object - description: Spec for a catalog source. - required: - - sourceType - properties: - sourceType: - type: string - description: The type of the source. `configmap` is the new name for `internal` - enum: - - internal # deprecated - - configmap - - grpc - - configMap: - type: string - description: The name of a ConfigMap that holds the entries for an in-memory catalog. - - address: - type: string - description: An optional address. When set, directs OLM to connect to use a pre-existing registry server at this address. - - image: - type: string - description: An image that serves a grpc registry. Only valid for `grpc` sourceType. If both image and address are set, OLM does not use the address field. - - displayName: - type: string - description: Pretty name for display - - publisher: - type: string - description: The name of an entity that publishes this catalog - - secrets: - type: array - description: A set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. - items: - type: string - description: A name of a secret in the namespace where the CatalogSource is defined. - status: - type: object - description: The status of the CatalogSource - properties: - configMapReference: - type: object - description: If sourceType is `internal` or `configmap`, then this holds a reference to the configmap associated with this CatalogSource. - properties: - name: - type: string - description: name of the configmap - namespace: - type: string - description: namespace of the configmap - resourceVersion: - type: string - description: resourceVersion of the configmap - uid: - type: string - description: uid of the configmap - registryService: - type: object - properties: - protocol: - type: string - description: protocol of the registry service - enum: - - grpc - serviceName: - type: string - description: name of the registry service - serviceNamespace: - type: string - description: namespace of the registry service - port: - type: string - description: port of the registry service - lastSync: - type: string - description: the last time the catalog was updated. If this time is less than the last updated time on the object, the catalog will be re-cached. - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_07-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_07-olm-operator.deployment.yaml deleted file mode 100644 index 6ecef18f72..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_07-olm-operator.deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_07-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: olm - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - args: - - -writeStatusName - - "" - image: quay.io/operator-framework/olm@sha256:f965474776bada158e4bf7be5c84b54460843e7478f06060990d2fdeb31b0b90 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator - - - nodeSelector: - beta.kubernetes.io/os: linux - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_08-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_08-catalog-operator.deployment.yaml deleted file mode 100644 index 0cd42eafef..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_08-catalog-operator.deployment.yaml +++ /dev/null @@ -1,53 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_08-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: olm - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - args: - - '-namespace' - - olm - - -configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest - image: quay.io/operator-framework/olm@sha256:f965474776bada158e4bf7be5c84b54460843e7478f06060990d2fdeb31b0b90 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - - - nodeSelector: - beta.kubernetes.io/os: linux - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_09-aggregated.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_09-aggregated.clusterrole.yaml deleted file mode 100644 index 5665a36a99..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_09-aggregated.clusterrole.yaml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["subscriptions"] - verbs: ["create", "update", "patch", "delete"] -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] - verbs: ["delete"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "admin", "edit" and "view" default roles - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "operatorgroups"] - verbs: ["get", "list", "watch"] -- apiGroups: ["packages.operators.coreos.com"] - resources: ["packagemanifests"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_10-operatorgroup.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_10-operatorgroup.crd.yaml deleted file mode 100644 index 18235816a2..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_10-operatorgroup.crd.yaml +++ /dev/null @@ -1,101 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_10-operatorgroup.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: operatorgroups.operators.coreos.com -spec: - group: operators.coreos.com - version: v1 - versions: - - name: v1 - served: true - storage: true - - name: v1alpha2 - served: true - storage: false - names: - plural: operatorgroups - singular: operatorgroup - kind: OperatorGroup - listKind: OperatorGroupList - shortNames: - - og - categories: - - olm - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: A grouping of namespaces for usage with an operator. - properties: - spec: - type: object - description: Spec for an OperatorGroup. - properties: - selector: - type: object - description: Optional label selector to find resources associated with or managed by the operator - anyOf: - - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - required: - - matchLabels - - properties: - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - required: - - matchExpressions - targetNamespaces: - type: array - description: Optional list of target namespaces. If set, OLM will ignore selector. - items: - type: string - pattern: ^\S+$ - serviceAccountName: - type: string - staticProvidedAPIs: - type: boolean - description: If true, OLM will not modify the OperatorGroup's providedAPIs annotation. - status: - type: object - description: The status of the OperatorGroup. - properties: - lastUpdated: - format: date-time - type: string - namespaces: - items: - type: string - type: array - required: - - lastUpdated - required: - - metadata diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_11-olm-operators.configmap.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_11-olm-operators.configmap.yaml deleted file mode 100644 index c1e5e74677..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_11-olm-operators.configmap.yaml +++ /dev/null @@ -1,132 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_11-olm-operators.configmap.yaml -kind: ConfigMap -apiVersion: v1 -metadata: - name: olm-operators - namespace: olm -data: - customResourceDefinitions: |- - clusterServiceVersions: |- - - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: packageserver.v0.10.1 - namespace: olm - spec: - displayName: Package Server - description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion. - minKubeVersion: 1.11.0 - keywords: ['packagemanifests', 'olm', 'packages'] - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - provider: - name: Red Hat - links: - - name: Package Server - url: https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/package-server - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: true - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - clusterPermissions: - - serviceAccountName: packageserver - rules: - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - get - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "operators.coreos.com" - resources: - - catalogsources - verbs: - - get - - list - - watch - - apiGroups: - - "packages.operators.coreos.com" - resources: - - packagemanifests - verbs: - - get - - list - deployments: - - name: packageserver - spec: - strategy: - type: RollingUpdate - replicas: 2 - selector: - matchLabels: - app: packageserver - template: - metadata: - labels: - app: packageserver - spec: - serviceAccountName: packageserver - nodeSelector: - beta.kubernetes.io/os: linux - - containers: - - name: packageserver - command: - - /bin/package-server - - -v=4 - - --secure-port - - "5443" - - --global-namespace - - olm - image: quay.io/operator-framework/olm@sha256:f965474776bada158e4bf7be5c84b54460843e7478f06060990d2fdeb31b0b90 - imagePullPolicy: Always - ports: - - containerPort: 5443 - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - terminationMessagePolicy: FallbackToLogsOnError - maturity: alpha - version: 0.10.1 - apiservicedefinitions: - owned: - - group: packages.operators.coreos.com - version: v1 - kind: PackageManifest - name: packagemanifests - displayName: PackageManifest - description: A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps - deploymentName: packageserver - containerPort: 5443 - packages: |- - - packageName: packageserver - channels: - - name: alpha - currentCSV: packageserver.v0.10.1 diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_12-olm-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_12-olm-operators.catalogsource.yaml deleted file mode 100644 index b1be6a6556..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_12-olm-operators.catalogsource.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_12-olm-operators.catalogsource.yaml -#! validate-crd: ./deploy/chart/templates/06-catalogsource.crd.yaml -#! parse-kind: CatalogSource -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: olm-operators - namespace: olm -spec: - sourceType: internal - configMap: olm-operators - displayName: OLM Operators - publisher: Red Hat diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_13-operatorgroup-default.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_13-operatorgroup-default.yaml deleted file mode 100644 index 0284583006..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_13-operatorgroup-default.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: global-operators - namespace: operators ---- -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: olm-operators - namespace: olm -spec: - targetNamespaces: - - olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_14-packageserver.subscription.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_14-packageserver.subscription.yaml deleted file mode 100644 index 69ea7b01aa..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_14-packageserver.subscription.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_14-packageserver.subscription.yaml -#! validate-crd: ./deploy/chart/templates/05-subscription.crd.yaml -#! parse-kind: Subscription -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - name: packageserver - namespace: olm -spec: - source: olm-operators - sourceNamespace: olm - name: packageserver - channel: alpha diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_18-upstream-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_18-upstream-operators.catalogsource.yaml deleted file mode 100644 index 3275c6f278..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.10.1/0000_50_olm_18-upstream-operators.catalogsource.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_18-upstream-operators.catalogsource.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: operatorhubio-catalog - namespace: olm -spec: - sourceType: grpc - image: quay.io/operator-framework/upstream-community-operators:latest - displayName: Community Operators - publisher: OperatorHub.io diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_00-namespace.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_00-namespace.yaml deleted file mode 100644 index 102855aa48..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_00-namespace.yaml +++ /dev/null @@ -1,13 +0,0 @@ -##--- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: olm - ---- -apiVersion: v1 -kind: Namespace -metadata: - name: operators - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_01-olm-operator.serviceaccount.yaml deleted file mode 100644 index 39c3acc80f..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,31 +0,0 @@ -##--- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] ---- -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-olm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_03-clusterserviceversion.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_03-clusterserviceversion.crd.yaml deleted file mode 100644 index cb6c18cc4c..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_03-clusterserviceversion.crd.yaml +++ /dev/null @@ -1,768 +0,0 @@ -##--- -# Source: olm/templates/0000_50_olm_03-clusterserviceversion.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterserviceversions.operators.coreos.com - annotations: - displayName: Operator Version - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. -spec: - names: - plural: clusterserviceversions - singular: clusterserviceversion - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - shortNames: - - csv - - csvs - categories: - - olm - additionalPrinterColumns: - - name: Display - type: string - description: The name of the CSV - JSONPath: .spec.displayName - - name: Version - type: string - description: The version of the CSV - JSONPath: .spec.version - - name: Replaces - type: string - description: The name of a CSV that this one replaces - JSONPath: .spec.replaces - - name: Phase - type: string - JSONPath: .status.phase - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. - properties: - spec: - type: object - description: Spec for a ClusterServiceVersion - required: - - displayName - - install - properties: - displayName: - type: string - description: Human readable name of the application that will be displayed in the ALM UI - - description: - type: string - description: Human readable description of what the application does - - minKubeVersion: - type: string - description: Minimum kubernetes version requirement on the server to deploy operator - pattern: ^\bv?(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - keywords: - type: array - description: List of keywords which will be used to discover and categorize app types - items: - type: string - - maintainers: - type: array - description: Those responsible for the creation of this specific app type - items: - type: object - description: Information for a single maintainer - required: - - name - - email - properties: - name: - type: string - description: Maintainer's name - email: - type: string - description: Maintainer's email address - format: email - optionalProperties: - type: string - description: "Any additional key-value metadata you wish to expose about the maintainer, e.g. github: " - - links: - type: array - description: Interesting links to find more information about the project, such as marketing page, documentation, or github page - items: - type: object - description: A single link to describe one aspect of the project - required: - - name - - url - properties: - name: - type: string - description: Name of the link type, e.g. homepage or github url - url: - type: string - description: URL to which the link should point - format: uri - - icon: - type: array - description: Icon which should be rendered with the application information - items: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - description: Base64 binary representation of the icon image - mediatype: - type: string - description: Mediatype for the binary data specified in the base64data property - enum: - - image/gif - - image/jpeg - - image/png - - image/svg+xml - version: - type: string - description: Version string, recommended that users use semantic versioning - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - replaces: - type: string - description: Name of the ClusterServiceVersion custom resource that this version replaces - - maturity: - type: string - description: What level of maturity the software has achieved at this version - enum: - - planning - - pre-alpha - - alpha - - beta - - stable - - mature - - inactive - - deprecated - labels: - type: object - description: Labels that will be applied to associated resources created by the operator. - selector: - type: object - description: Label selector to find resources associated with or managed by the operator - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - nativeAPIs: - type: array - description: What resources are required by the Operator, but must be provided by the underlying cluster and not as an extension. - items: - type: object - required: - - group - - version - - kind - properties: - group: - type: string - description: Group of the API resource - version: - type: string - description: Version of the API resource - kind: - type: string - description: Kind of the API resource - apiservicedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - name - - deploymentName - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - name: - type: string - description: The plural name for the APIService provided - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the APIService - required: - - kind - - version - properties: - name: - type: string - description: If a APIService, the fully qualified name of the APIService (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the API resource and can be found here instead of on the API resource. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the APIService resource. - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this spec is the same for all instances of the API Resource and can be found here instead of on the API resource. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - description: If present, the value of this action is the same for all instances of the API resource and can be found here instead of on the API resource. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - name - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - name: - type: string - description: The plural name for the APIService provided - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the APIService - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API Resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the API Resource and can be found here instead of on the API Resource. - - customresourcedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the CRD - required: - - kind - - version - properties: - name: - type: string - description: If a CRD, the fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this spec is the same for all instances of the CRD and can be found here instead of on the CR. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - description: If present, the value of this action is the same for all instances of the CRD and can be found here instead of on the CR. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - - - install: - type: object - description: Information required to install this specific version of the operator software - oneOf: - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['image'] - spec: - type: object - required: - - image - properties: - image: - type: string - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['deployment'] - spec: - type: object - required: - - deployments - properties: - installModes: - type: array - description: List of supported install modes for the operator - items: - type: object - description: A tuple representing a mode of installation and whether the operator supports it - required: - - type - - supported - properties: - type: - type: string - description: A type of install mode - enum: - - OwnNamespace - - SingleNamespace - - MultiNamespace - - AllNamespaces - supported: - type: boolean - description: Represents if the install mode type is supported - deployments: - type: array - description: List of deployments to create - items: - type: object - description: A name and deployment to create in the cluster - required: - - name - - spec - properties: - name: - type: string - description: the consistent name of the deployment - spec: - type: object - description: The deployment spec to create in the cluster - permissions: - type: array - description: Permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - assign - - get - - list - - watch - - create - - update - - patch - - delete - - deletecollection - - initialize - - use - clusterPermissions: - type: array - description: Cluster permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - required: - - verbs - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - nonResourceURLs: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - assign - - get - - list - - watch - - create - - update - - patch - - put - - post - - delete - - deletecollection - - initialize - - use - status: - type: object - description: Status for a ClusterServiceVersion diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_04-installplan.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_04-installplan.crd.yaml deleted file mode 100644 index d7f013beed..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_04-installplan.crd.yaml +++ /dev/null @@ -1,80 +0,0 @@ -##--- -# Source: olm/templates/0000_50_olm_04-installplan.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: installplans.operators.coreos.com - annotations: - displayName: Install Plan - description: Represents a plan to install and resolve dependencies for Cluster Services -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: installplans - singular: installplan - kind: InstallPlan - listKind: InstallPlanList - shortNames: - - ip - categories: - - olm - additionalPrinterColumns: - - name: CSV - type: string - description: The first CSV in the list of clusterServiceVersionNames - JSONPath: .spec.clusterServiceVersionNames[0] - - name: Source - type: string - description: The catalog source for the specified CSVs. - JSONPath: .spec.source - - name: Approval - type: string - description: The approval mode - JSONPath: .spec.approval - - name: Approved - type: boolean - JSONPath: .spec.approved - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: Represents a plan to install and resolve dependencies for Cluster Services. - properties: - spec: - type: object - description: Spec for an InstallPlan - required: - - clusterServiceVersionNames - - approval - properties: - source: - type: string - description: Name of the preferred CatalogSource - sourceNamespace: - type: string - description: Namespace that contains the preffered CatalogSource - clusterServiceVersionNames: - type: array - description: A list of the names of the Cluster Services - items: - type: string - anyOf: - - properties: - approval: - enum: - - Manual - approved: - type: boolean - required: - - approved - - properties: - approval: - enum: - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_05-subscription.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_05-subscription.crd.yaml deleted file mode 100644 index 8413f40fc4..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_05-subscription.crd.yaml +++ /dev/null @@ -1,75 +0,0 @@ -##--- -# Source: olm/templates/0000_50_olm_05-subscription.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.operators.coreos.com - annotations: - displayName: Subscription - description: Subscribes service catalog to a source and channel to recieve updates for packages. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: subscriptions - singular: subscription - kind: Subscription - listKind: SubscriptionList - shortNames: - - sub - - subs - categories: - - olm - additionalPrinterColumns: - - name: Package - type: string - description: The package subscribed to - JSONPath: .spec.name - - name: Source - type: string - description: The catalog source for the specified package - JSONPath: .spec.source - - name: Channel - type: string - description: The channel of updates to subscribe to - JSONPath: .spec.channel - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: Subscribes service catalog to a source and channel to recieve updates for packages. - properties: - spec: - type: object - description: Spec for a Subscription - required: - - source - - name - properties: - source: - type: string - description: Name of a CatalogSource that defines where and how to find the channel - sourceNamespace: - type: string - description: The Kubernetes namespace where the CatalogSource used is located - name: - type: string - description: Name of the package that defines the application - channel: - type: string - description: Name of the channel to track - startingCSV: - type: string - description: Name of the AppType that this subscription tracks - installPlanApproval: - type: string - description: Approval mode for emitted InstallPlans - enum: - - Manual - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_06-catalogsource.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_06-catalogsource.crd.yaml deleted file mode 100644 index 0b5d2206e6..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_06-catalogsource.crd.yaml +++ /dev/null @@ -1,130 +0,0 @@ -##--- -# Source: olm/templates/0000_50_olm_06-catalogsource.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: catalogsources.operators.coreos.com - annotations: - displayName: CatalogSource - description: A source configured to find packages and updates. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: catalogsources - singular: catalogsource - kind: CatalogSource - listKind: CatalogSourceList - shortNames: - - catsrc - categories: - - olm - additionalPrinterColumns: - - name: Name - type: string - description: The pretty name of the catalog - JSONPath: .spec.displayName - - name: Type - type: string - description: The type of the catalog - JSONPath: .spec.sourceType - - name: Publisher - type: string - description: The publisher of the catalog - JSONPath: .spec.publisher - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: A source configured to find packages and updates. - properties: - spec: - type: object - description: Spec for a catalog source. - required: - - sourceType - properties: - sourceType: - type: string - description: The type of the source. `configmap` is the new name for `internal` - enum: - - internal # deprecated - - configmap - - grpc - - configMap: - type: string - description: The name of a ConfigMap that holds the entries for an in-memory catalog. - - address: - type: string - description: An optional address. When set, directs OLM to connect to use a pre-existing registry server at this address. - - image: - type: string - description: An image that serves a grpc registry. Only valid for `grpc` sourceType. If both image and address are set, OLM does not use the address field. - - displayName: - type: string - description: Pretty name for display - - publisher: - type: string - description: The name of an entity that publishes this catalog - - secrets: - type: array - description: A set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. - items: - type: string - description: A name of a secret in the namespace where the CatalogSource is defined. - status: - type: object - description: The status of the CatalogSource - properties: - configMapReference: - type: object - description: If sourceType is `internal` or `configmap`, then this holds a reference to the configmap associated with this CatalogSource. - properties: - name: - type: string - description: name of the configmap - namespace: - type: string - description: namespace of the configmap - resourceVersion: - type: string - description: resourceVersion of the configmap - uid: - type: string - description: uid of the configmap - registryService: - type: object - properties: - protocol: - type: string - description: protocol of the registry service - enum: - - grpc - serviceName: - type: string - description: name of the registry service - serviceNamespace: - type: string - description: namespace of the registry service - port: - type: string - description: port of the registry service - lastSync: - type: string - description: the last time the catalog was updated. If this time is less than the last updated time on the object, the catalog will be re-cached. - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_07-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_07-olm-operator.deployment.yaml deleted file mode 100644 index 6770d8a824..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_07-olm-operator.deployment.yaml +++ /dev/null @@ -1,65 +0,0 @@ -##--- -# Source: olm/templates/0000_50_olm_07-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: olm - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - args: - - -namespace - - $(OPERATOR_NAMESPACE) - - -writeStatusName - - "" - image: quay.io/operator-framework/olm@sha256:81813ac9c937187c29e080c0975bb18489c1f232009c38c8d3a27bc9956ddd21 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator - resources: - requests: - cpu: 10m - memory: 160Mi - - - - nodeSelector: - beta.kubernetes.io/os: linux - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_08-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_08-catalog-operator.deployment.yaml deleted file mode 100644 index fb94816c5c..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_08-catalog-operator.deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ -##--- -# Source: olm/templates/0000_50_olm_08-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: olm - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - args: - - '-namespace' - - olm - - -configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest - image: quay.io/operator-framework/olm@sha256:81813ac9c937187c29e080c0975bb18489c1f232009c38c8d3a27bc9956ddd21 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - resources: - requests: - cpu: 10m - memory: 80Mi - - - - nodeSelector: - beta.kubernetes.io/os: linux - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_09-aggregated.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_09-aggregated.clusterrole.yaml deleted file mode 100644 index c0eccc3e5c..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_09-aggregated.clusterrole.yaml +++ /dev/null @@ -1,34 +0,0 @@ -##--- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["subscriptions"] - verbs: ["create", "update", "patch", "delete"] -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] - verbs: ["delete"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "admin", "edit" and "view" default roles - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "operatorgroups"] - verbs: ["get", "list", "watch"] -- apiGroups: ["packages.operators.coreos.com"] - resources: ["packagemanifests"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_10-operatorgroup.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_10-operatorgroup.crd.yaml deleted file mode 100644 index e1457c3713..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_10-operatorgroup.crd.yaml +++ /dev/null @@ -1,101 +0,0 @@ -##--- -# Source: olm/templates/0000_50_olm_10-operatorgroup.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: operatorgroups.operators.coreos.com -spec: - group: operators.coreos.com - version: v1 - versions: - - name: v1 - served: true - storage: true - - name: v1alpha2 - served: true - storage: false - names: - plural: operatorgroups - singular: operatorgroup - kind: OperatorGroup - listKind: OperatorGroupList - shortNames: - - og - categories: - - olm - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: A grouping of namespaces for usage with an operator. - properties: - spec: - type: object - description: Spec for an OperatorGroup. - properties: - selector: - type: object - description: Optional label selector to find resources associated with or managed by the operator - anyOf: - - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - required: - - matchLabels - - properties: - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - required: - - matchExpressions - targetNamespaces: - type: array - description: Optional list of target namespaces. If set, OLM will ignore selector. - items: - type: string - pattern: ^\S+$ - serviceAccountName: - type: string - staticProvidedAPIs: - type: boolean - description: If true, OLM will not modify the OperatorGroup's providedAPIs annotation. - status: - type: object - description: The status of the OperatorGroup. - properties: - lastUpdated: - format: date-time - type: string - namespaces: - items: - type: string - type: array - required: - - lastUpdated - required: - - metadata diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_13-operatorgroup-default.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_13-operatorgroup-default.yaml deleted file mode 100644 index 63ab7afd0d..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_13-operatorgroup-default.yaml +++ /dev/null @@ -1,16 +0,0 @@ -##--- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: global-operators - namespace: operators ---- -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: olm-operators - namespace: olm -spec: - targetNamespaces: - - olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml deleted file mode 100644 index 238a754428..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml +++ /dev/null @@ -1,126 +0,0 @@ -##--- -# Source: olm/templates/0000_50_olm_15-packageserver.clusterserviceversion.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - name: packageserver - namespace: olm - labels: - olm.version: 0.11.0 -spec: - displayName: Package Server - description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion. - minKubeVersion: 1.11.0 - keywords: ['packagemanifests', 'olm', 'packages'] - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - provider: - name: Red Hat - links: - - name: Package Server - url: https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/package-server - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: true - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - clusterPermissions: - - serviceAccountName: olm-operator-serviceaccount - rules: - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - get - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "operators.coreos.com" - resources: - - catalogsources - verbs: - - get - - list - - watch - - apiGroups: - - "packages.operators.coreos.com" - resources: - - packagemanifests - verbs: - - get - - list - deployments: - - name: packageserver - spec: - strategy: - type: RollingUpdate - replicas: 2 - selector: - matchLabels: - app: packageserver - template: - metadata: - labels: - app: packageserver - spec: - serviceAccountName: olm-operator-serviceaccount - nodeSelector: - beta.kubernetes.io/os: linux - - containers: - - name: packageserver - command: - - /bin/package-server - - -v=4 - - --secure-port - - "5443" - - --global-namespace - - olm - image: quay.io/operator-framework/olm@sha256:81813ac9c937187c29e080c0975bb18489c1f232009c38c8d3a27bc9956ddd21 - imagePullPolicy: Always - ports: - - containerPort: 5443 - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - terminationMessagePolicy: FallbackToLogsOnError - resources: - requests: - cpu: 10m - memory: 50Mi - - maturity: alpha - version: 0.11.0 - apiservicedefinitions: - owned: - - group: packages.operators.coreos.com - version: v1 - kind: PackageManifest - name: packagemanifests - displayName: PackageManifest - description: A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps - deploymentName: packageserver - containerPort: 5443 diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_17-upstream-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_17-upstream-operators.catalogsource.yaml deleted file mode 100644 index 609b5c06f9..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.11.0/0000_50_olm_17-upstream-operators.catalogsource.yaml +++ /dev/null @@ -1,12 +0,0 @@ -##--- -# Source: olm/templates/0000_50_olm_17-upstream-operators.catalogsource.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: operatorhubio-catalog - namespace: olm -spec: - sourceType: grpc - image: quay.io/operator-framework/upstream-community-operators:latest - displayName: Community Operators - publisher: OperatorHub.io diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_00-namespace.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_00-namespace.yaml deleted file mode 100644 index f2eda530b0..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_00-namespace.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: olm - ---- -apiVersion: v1 -kind: Namespace -metadata: - name: operators - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_01-olm-operator.serviceaccount.yaml deleted file mode 100644 index 1a2e303d86..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] ---- -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-olm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_03-clusterserviceversion.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_03-clusterserviceversion.crd.yaml deleted file mode 100644 index 404109e5e0..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_03-clusterserviceversion.crd.yaml +++ /dev/null @@ -1,768 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_03-clusterserviceversion.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterserviceversions.operators.coreos.com - annotations: - displayName: Operator Version - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. -spec: - names: - plural: clusterserviceversions - singular: clusterserviceversion - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - shortNames: - - csv - - csvs - categories: - - olm - additionalPrinterColumns: - - name: Display - type: string - description: The name of the CSV - JSONPath: .spec.displayName - - name: Version - type: string - description: The version of the CSV - JSONPath: .spec.version - - name: Replaces - type: string - description: The name of a CSV that this one replaces - JSONPath: .spec.replaces - - name: Phase - type: string - JSONPath: .status.phase - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. - properties: - spec: - type: object - description: Spec for a ClusterServiceVersion - required: - - displayName - - install - properties: - displayName: - type: string - description: Human readable name of the application that will be displayed in the ALM UI - - description: - type: string - description: Human readable description of what the application does - - minKubeVersion: - type: string - description: Minimum kubernetes version requirement on the server to deploy operator - pattern: ^\bv?(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - keywords: - type: array - description: List of keywords which will be used to discover and categorize app types - items: - type: string - - maintainers: - type: array - description: Those responsible for the creation of this specific app type - items: - type: object - description: Information for a single maintainer - required: - - name - - email - properties: - name: - type: string - description: Maintainer's name - email: - type: string - description: Maintainer's email address - format: email - optionalProperties: - type: string - description: "Any additional key-value metadata you wish to expose about the maintainer, e.g. github: " - - links: - type: array - description: Interesting links to find more information about the project, such as marketing page, documentation, or github page - items: - type: object - description: A single link to describe one aspect of the project - required: - - name - - url - properties: - name: - type: string - description: Name of the link type, e.g. homepage or github url - url: - type: string - description: URL to which the link should point - format: uri - - icon: - type: array - description: Icon which should be rendered with the application information - items: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - description: Base64 binary representation of the icon image - mediatype: - type: string - description: Mediatype for the binary data specified in the base64data property - enum: - - image/gif - - image/jpeg - - image/png - - image/svg+xml - version: - type: string - description: Version string, recommended that users use semantic versioning - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - replaces: - type: string - description: Name of the ClusterServiceVersion custom resource that this version replaces - - maturity: - type: string - description: What level of maturity the software has achieved at this version - enum: - - planning - - pre-alpha - - alpha - - beta - - stable - - mature - - inactive - - deprecated - labels: - type: object - description: Labels that will be applied to associated resources created by the operator. - selector: - type: object - description: Label selector to find resources associated with or managed by the operator - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - nativeAPIs: - type: array - description: What resources are required by the Operator, but must be provided by the underlying cluster and not as an extension. - items: - type: object - required: - - group - - version - - kind - properties: - group: - type: string - description: Group of the API resource - version: - type: string - description: Version of the API resource - kind: - type: string - description: Kind of the API resource - apiservicedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - name - - deploymentName - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - name: - type: string - description: The plural name for the APIService provided - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the APIService - required: - - kind - - version - properties: - name: - type: string - description: If a APIService, the fully qualified name of the APIService (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the API resource and can be found here instead of on the API resource. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the APIService resource. - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this spec is the same for all instances of the API Resource and can be found here instead of on the API resource. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - description: If present, the value of this action is the same for all instances of the API resource and can be found here instead of on the API resource. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - name - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - name: - type: string - description: The plural name for the APIService provided - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the APIService - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API Resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the API Resource and can be found here instead of on the API Resource. - - customresourcedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the CRD - required: - - kind - - version - properties: - name: - type: string - description: If a CRD, the fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this spec is the same for all instances of the CRD and can be found here instead of on the CR. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - description: If present, the value of this action is the same for all instances of the CRD and can be found here instead of on the CR. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - - - install: - type: object - description: Information required to install this specific version of the operator software - oneOf: - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['image'] - spec: - type: object - required: - - image - properties: - image: - type: string - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['deployment'] - spec: - type: object - required: - - deployments - properties: - installModes: - type: array - description: List of supported install modes for the operator - items: - type: object - description: A tuple representing a mode of installation and whether the operator supports it - required: - - type - - supported - properties: - type: - type: string - description: A type of install mode - enum: - - OwnNamespace - - SingleNamespace - - MultiNamespace - - AllNamespaces - supported: - type: boolean - description: Represents if the install mode type is supported - deployments: - type: array - description: List of deployments to create - items: - type: object - description: A name and deployment to create in the cluster - required: - - name - - spec - properties: - name: - type: string - description: the consistent name of the deployment - spec: - type: object - description: The deployment spec to create in the cluster - permissions: - type: array - description: Permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - assign - - get - - list - - watch - - create - - update - - patch - - delete - - deletecollection - - initialize - - use - clusterPermissions: - type: array - description: Cluster permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - required: - - verbs - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - nonResourceURLs: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - assign - - get - - list - - watch - - create - - update - - patch - - put - - post - - delete - - deletecollection - - initialize - - use - status: - type: object - description: Status for a ClusterServiceVersion diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_04-installplan.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_04-installplan.crd.yaml deleted file mode 100644 index 923f0c23b8..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_04-installplan.crd.yaml +++ /dev/null @@ -1,76 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_04-installplan.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: installplans.operators.coreos.com - annotations: - displayName: Install Plan - description: Represents a plan to install and resolve dependencies for Cluster Services -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: installplans - singular: installplan - kind: InstallPlan - listKind: InstallPlanList - shortNames: - - ip - categories: - - olm - additionalPrinterColumns: - - name: CSV - type: string - description: The first CSV in the list of clusterServiceVersionNames - JSONPath: .spec.clusterServiceVersionNames[0] - - name: Approval - type: string - description: The approval mode - JSONPath: .spec.approval - - name: Approved - type: boolean - JSONPath: .spec.approved - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: Represents a plan to install and resolve dependencies for Cluster Services. - properties: - spec: - type: object - description: Spec for an InstallPlan - required: - - clusterServiceVersionNames - - approval - properties: - source: - type: string - description: Name of the preferred CatalogSource - sourceNamespace: - type: string - description: Namespace that contains the preffered CatalogSource - clusterServiceVersionNames: - type: array - description: A list of the names of the Cluster Services - items: - type: string - anyOf: - - properties: - approval: - enum: - - Manual - approved: - type: boolean - required: - - approved - - properties: - approval: - enum: - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_05-subscription.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_05-subscription.crd.yaml deleted file mode 100644 index af29ed79a6..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_05-subscription.crd.yaml +++ /dev/null @@ -1,1465 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_05-subscription.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.operators.coreos.com - annotations: - displayName: Subscription - description: Subscribes service catalog to a source and channel to recieve updates for packages. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: subscriptions - singular: subscription - kind: Subscription - listKind: SubscriptionList - shortNames: - - sub - - subs - categories: - - olm - additionalPrinterColumns: - - name: Package - type: string - description: The package subscribed to - JSONPath: .spec.name - - name: Source - type: string - description: The catalog source for the specified package - JSONPath: .spec.source - - name: Channel - type: string - description: The channel of updates to subscribe to - JSONPath: .spec.channel - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: Subscribes service catalog to a source and channel to recieve updates for packages. - properties: - spec: - type: object - description: Spec for a Subscription - required: - - source - - name - properties: - source: - type: string - description: Name of a CatalogSource that defines where and how to find the channel - sourceNamespace: - type: string - description: The Kubernetes namespace where the CatalogSource used is located - name: - type: string - description: Name of the package that defines the application - channel: - type: string - description: Name of the channel to track - startingCSV: - type: string - description: Name of the AppType that this subscription tracks - installPlanApproval: - type: string - description: Approval mode for emitted InstallPlans - enum: - - Manual - - Automatic - config: - type: object - description: Operator Pod configuration, it is applied to the operator during install. It has higher precedence than the same configuration specified in a ClusterServiveVersion. - properties: - env: - type: array - description: List of environment variables to set in the container - items: - type: object - description: EnvVar represents an environment variable present in a Container - required: - - name - properties: - name: - type: string - description: EnvVar represents an environment variable present in a Container - value: - type: string - description: Value of the environment variable specified - valueFrom: - type: object - description: Source for the environment variable's value. Cannot be used if value is not empty - properties: - configMapKeyRef: - type: object - description: Selects a key of a ConfigMap - required: - - key - properties: - key: - type: string - description: The key to select - name: - type: string - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - optional: - type: boolean - description: Specify whether the ConfigMap or its key must be defined - fieldRef: - type: object - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP" - required: - - fieldPath - properties: - apiVersion: - type: string - description: Version of the schema the FieldPath is written in terms of, defaults to v1 - fieldPath: - type: string - description: Path of the field to select in the specified API version - resourceFieldRef: - type: object - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." - required: - - resource - properties: - containerName: - type: string - description: "Container name: required for volumes, optional for env vars" - divisor: - type: string - description: Specifies the output format of the exposed resources, defaults to 1 - resource: - type: string - description: "Required: resource to select" - secretKeyRef: - type: object - description: Selects a key of a secret in the pod's namespace - required: - - key - properties: - key: - type: string - description: The key of the secret to select from. Must be a valid secret key - name: - type: string - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - optional: - type: boolean - description: Specify whether the Secret or its key must be defined - envFrom: - type: array - description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated" - items: - type: object - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - type: object - description: "ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.\n\nThe contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables" - properties: - name: - type: string - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - optional: - type: boolean - description: Specify whether the ConfigMap must be defined - prefix: - type: string - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER - secretRef: - type: object - description: "SecretEnvSource selects a Secret to populate the environment variables with.\n\nThe contents of the target Secret's Data field will represent the key-value pairs as environment variables" - properties: - name: - type: string - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - optional: - type: boolean - description: Specify whether the Secret must be defined - - volumeMounts: - description: List of VolumeMounts to set in the container. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationNone is used. This - field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. This field is beta in 1.15. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: List of Volumes to set in the podSpec. - items: - description: Volume represents a named volume in a pod that - may be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk - resource that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property - empty).' - format: int32 - type: integer - readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the - default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: AzureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read - Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob - disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults - to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: AzureFile represents an Azure File Service - mount on the host and bind mount to the pod. - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure - Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: CephFS represents a Ceph FS mount on the host - that shares a pod's lifetime - properties: - monitors: - description: 'Required: Monitors is a collection of - Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'Optional: Used as the mounted root, rather - than the full Ceph tree, default is /' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key - ring for User, default is /etc/ceph/user.secret More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef is reference to the - authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - user: - description: 'Optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'Cinder represents a cinder volume attached - and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - volumeID: - description: 'volume id used to identify the volume - in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: ConfigMap represents a configMap that should - populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be - projected into the volume as a file whose name is - the key and content is the value. If specified, the - listed keys will be projected into the specified paths, - and unlisted keys will not be present. If a key is - specified which is not present in the ConfigMap, the - volume setup will error unless it is marked optional. - Paths must be relative and may not contain the '..' - path or start with '..'. - items: - description: Maps a string key to a path within a - volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to - map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys - must be defined - type: boolean - type: object - csi: - description: CSI (Container Storage Interface) represents - storage that is handled by an external CSI driver (Alpha - feature). - properties: - driver: - description: Driver is the name of the CSI driver that - handles this volume. Consult with your admin for the - correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed - to the associated CSI driver which will determine - the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to - the secret object containing sensitive information - to pass to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the - secret object contains more than one secret, all secret - references are passed. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - readOnly: - description: Specifies a read-only configuration for - the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: VolumeAttributes stores driver-specific - properties that are passed to the CSI driver. Consult - your driver's documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: DownwardAPI represents downward API about the - pod that should populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward API volume - file - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects a field of the - pod: only annotations, labels, name and namespace - are supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must not - be absolute or contain the ''..'' path. Must - be utf-8 encoded. The first item of the relative - path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of - the exposed resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'EmptyDir represents a temporary directory - that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'What type of storage medium should back - this directory. The default is "" which means to use - the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required - for this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all - containers in a pod. The default is nil which means - that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - type: string - type: object - fc: - description: FC represents a Fibre Channel resource that - is attached to a kubelet's host machine and then exposed - to the pod. - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - lun: - description: 'Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - items: - type: string - type: array - wwids: - description: 'Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs - and lun must be set, but not both simultaneously.' - items: - type: string - type: array - type: object - flexVolume: - description: FlexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - properties: - driver: - description: Driver is the name of the driver to use - for this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. - type: string - options: - additionalProperties: - type: string - description: 'Optional: Extra command options if any.' - type: object - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the - secret object containing sensitive information to - pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the - plugin scripts.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - required: - - driver - type: object - flocker: - description: Flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - properties: - datasetName: - description: Name of the dataset stored as metadata - -> name on the dataset for Flocker should be considered - as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property - empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'Unique name of the PD resource in GCE. - Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'GitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an - InitContainer that clones the repo using git, then mount - the EmptyDir into the Pod''s container.' - properties: - directory: - description: Target directory name. Must not contain - or start with '..'. If '.' is supplied, the volume - directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on - the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'EndpointsName is the endpoint name that - details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More - info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs - volume to be mounted with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'HostPath represents a pre-existing file or - directory on the host machine that is directly exposed - to the container. This is generally used for system agents - or other privileged things that are allowed to see the - host machine. Most containers will NOT need this. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host - directory mounts and who can/can not mount host directories - as read/write.' - properties: - path: - description: 'Path of the directory on the host. If - the path is a symlink, it will follow the link to - the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that - is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new - iSCSI interface : will - be created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI - transport. Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: iSCSI Target Portal List. The portal is - either an IP or ip_addr:port if the port is other - than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator - authentication - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - targetPortal: - description: iSCSI Target Portal. The Portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that - shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'Path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export - to be mounted with read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of - the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent - disk - type: string - required: - - pdID - type: object - portworxVolume: - description: PortworxVolume represents a portworx volume - attached and mounted on kubelets host machine - properties: - fsType: - description: FSType represents the filesystem type to - mount Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx - volume - type: string - required: - - volumeID - type: object - projected: - description: Items for all in one resources secrets, configmaps, - and downward API - properties: - defaultMode: - description: Mode bits to use on created files by default. - Must be a value between 0 and 0777. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set. - format: int32 - type: integer - sources: - description: list of volume projections - items: - description: Projection that may be projected along - with other supported volume types - properties: - configMap: - description: information about the configMap data - to project - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced - ConfigMap will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the ConfigMap, the volume setup will - error unless it is marked optional. Paths - must be relative and may not contain the - '..' path or start with '..'. - items: - description: Maps a string key to a path - within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - downwardAPI: - description: information about the downwardAPI - data to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute or - contain the ''..'' path. Must be utf-8 - encoded. The first item of the relative - path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env - vars' - type: string - divisor: - description: Specifies the output - format of the exposed resources, - defaults to "1" - type: string - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - description: information about the secret data - to project - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced - Secret will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the Secret, the volume setup will error - unless it is marked optional. Paths must - be relative and may not contain the '..' - path or start with '..'. - items: - description: Maps a string key to a path - within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - type: object - serviceAccountToken: - description: information about the serviceAccountToken - data to project - properties: - audience: - description: Audience is the intended audience - of the token. A recipient of a token must - identify itself with an identifier specified - in the audience of the token, and otherwise - should reject the token. The audience defaults - to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, - the kubelet volume plugin will proactively - rotate the service account token. The kubelet - will start trying to rotate the token if - the token is older than 80 percent of its - time to live or if the token is older than - 24 hours.Defaults to 1 hour and must be - at least 10 minutes. - format: int64 - type: integer - path: - description: Path is the path relative to - the mount point of the file to project the - token into. - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - description: Quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - properties: - group: - description: Group to map volume access to Default is - no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults - to false. - type: boolean - registry: - description: Registry represents a single or multiple - Quobyte Registry services specified as a string as - host:port pair (multiple entries are separated with - commas) which acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume - in the Backend Used with dynamically provisioned Quobyte - volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to - serivceaccount user - type: string - volume: - description: Volume is a string that references an already - created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'RBD represents a Rados Block Device mount - on the host that shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'The rados pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. - Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - user: - description: 'The rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain - for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for - ScaleIO user and other sensitive information. If this - is not provided, Login operation will fail. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - sslEnabled: - description: Flag to enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with - the protection domain. - type: string - system: - description: The name of the storage system as configured - in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in - the ScaleIO system that is associated with this volume - source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and - content is the value. If specified, the listed keys - will be projected into the specified paths, and unlisted - keys will not be present. If a key is specified which - is not present in the Secret, the volume setup will - error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start - with '..'. - items: - description: Maps a string key to a path within a - volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to - map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: Specify whether the Secret or its keys - must be defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: StorageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for - obtaining the StorageOS API credentials. If not specified, - default values will be attempted. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - volumeName: - description: VolumeName is the human-readable name of - the StorageOS volume. Volume names are only unique - within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of - the volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows - the Kubernetes name scoping to be mirrored within - StorageOS for tighter integration. Set VolumeName - to any name to override the default behaviour. Set - to "default" if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist within - StorageOS will be created. - type: string - type: object - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) - profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) - profile name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_06-catalogsource.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_06-catalogsource.crd.yaml deleted file mode 100644 index 28a616fef7..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_06-catalogsource.crd.yaml +++ /dev/null @@ -1,130 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_06-catalogsource.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: catalogsources.operators.coreos.com - annotations: - displayName: CatalogSource - description: A source configured to find packages and updates. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: catalogsources - singular: catalogsource - kind: CatalogSource - listKind: CatalogSourceList - shortNames: - - catsrc - categories: - - olm - additionalPrinterColumns: - - name: Display - type: string - description: The pretty name of the catalog - JSONPath: .spec.displayName - - name: Type - type: string - description: The type of the catalog - JSONPath: .spec.sourceType - - name: Publisher - type: string - description: The publisher of the catalog - JSONPath: .spec.publisher - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: A source configured to find packages and updates. - properties: - spec: - type: object - description: Spec for a catalog source. - required: - - sourceType - properties: - sourceType: - type: string - description: The type of the source. `configmap` is the new name for `internal` - enum: - - internal # deprecated - - configmap - - grpc - - configMap: - type: string - description: The name of a ConfigMap that holds the entries for an in-memory catalog. - - address: - type: string - description: An optional address. When set, directs OLM to connect to use a pre-existing registry server at this address. - - image: - type: string - description: An image that serves a grpc registry. Only valid for `grpc` sourceType. If both image and address are set, OLM does not use the address field. - - displayName: - type: string - description: Pretty name for display - - publisher: - type: string - description: The name of an entity that publishes this catalog - - secrets: - type: array - description: A set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. - items: - type: string - description: A name of a secret in the namespace where the CatalogSource is defined. - status: - type: object - description: The status of the CatalogSource - properties: - configMapReference: - type: object - description: If sourceType is `internal` or `configmap`, then this holds a reference to the configmap associated with this CatalogSource. - properties: - name: - type: string - description: name of the configmap - namespace: - type: string - description: namespace of the configmap - resourceVersion: - type: string - description: resourceVersion of the configmap - uid: - type: string - description: uid of the configmap - registryService: - type: object - properties: - protocol: - type: string - description: protocol of the registry service - enum: - - grpc - serviceName: - type: string - description: name of the registry service - serviceNamespace: - type: string - description: namespace of the registry service - port: - type: string - description: port of the registry service - lastSync: - type: string - description: the last time the catalog was updated. If this time is less than the last updated time on the object, the catalog will be re-cached. - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_07-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_07-olm-operator.deployment.yaml deleted file mode 100644 index 33a2f9bbc5..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_07-olm-operator.deployment.yaml +++ /dev/null @@ -1,65 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_07-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: olm - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - args: - - -namespace - - $(OPERATOR_NAMESPACE) - - -writeStatusName - - "" - image: quay.io/operator-framework/olm@sha256:91ac5bf350192e063a3c1be994827f67e254997939eda3d471253777cc840c45 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator - resources: - requests: - cpu: 10m - memory: 160Mi - - - - nodeSelector: - beta.kubernetes.io/os: linux - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_08-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_08-catalog-operator.deployment.yaml deleted file mode 100644 index d4917d8809..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_08-catalog-operator.deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_08-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: olm - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - args: - - '-namespace' - - olm - - -configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest - image: quay.io/operator-framework/olm@sha256:91ac5bf350192e063a3c1be994827f67e254997939eda3d471253777cc840c45 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - resources: - requests: - cpu: 10m - memory: 80Mi - - - - nodeSelector: - beta.kubernetes.io/os: linux - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_09-aggregated.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_09-aggregated.clusterrole.yaml deleted file mode 100644 index 2c1ac83d6a..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_09-aggregated.clusterrole.yaml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["subscriptions"] - verbs: ["create", "update", "patch", "delete"] -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] - verbs: ["delete"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "admin", "edit" and "view" default roles - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "operatorgroups"] - verbs: ["get", "list", "watch"] -- apiGroups: ["packages.operators.coreos.com"] - resources: ["packagemanifests", "packagemanifests/icon"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_10-operatorgroup.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_10-operatorgroup.crd.yaml deleted file mode 100644 index 18235816a2..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_10-operatorgroup.crd.yaml +++ /dev/null @@ -1,101 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_10-operatorgroup.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: operatorgroups.operators.coreos.com -spec: - group: operators.coreos.com - version: v1 - versions: - - name: v1 - served: true - storage: true - - name: v1alpha2 - served: true - storage: false - names: - plural: operatorgroups - singular: operatorgroup - kind: OperatorGroup - listKind: OperatorGroupList - shortNames: - - og - categories: - - olm - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: A grouping of namespaces for usage with an operator. - properties: - spec: - type: object - description: Spec for an OperatorGroup. - properties: - selector: - type: object - description: Optional label selector to find resources associated with or managed by the operator - anyOf: - - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - required: - - matchLabels - - properties: - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - required: - - matchExpressions - targetNamespaces: - type: array - description: Optional list of target namespaces. If set, OLM will ignore selector. - items: - type: string - pattern: ^\S+$ - serviceAccountName: - type: string - staticProvidedAPIs: - type: boolean - description: If true, OLM will not modify the OperatorGroup's providedAPIs annotation. - status: - type: object - description: The status of the OperatorGroup. - properties: - lastUpdated: - format: date-time - type: string - namespaces: - items: - type: string - type: array - required: - - lastUpdated - required: - - metadata diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_13-operatorgroup-default.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_13-operatorgroup-default.yaml deleted file mode 100644 index 0284583006..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_13-operatorgroup-default.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: global-operators - namespace: operators ---- -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: olm-operators - namespace: olm -spec: - targetNamespaces: - - olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml deleted file mode 100644 index 398817a324..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml +++ /dev/null @@ -1,126 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_15-packageserver.clusterserviceversion.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - name: packageserver - namespace: olm - labels: - olm.version: 0.12.0 -spec: - displayName: Package Server - description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion. - minKubeVersion: 1.11.0 - keywords: ['packagemanifests', 'olm', 'packages'] - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - provider: - name: Red Hat - links: - - name: Package Server - url: https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/package-server - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: true - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - clusterPermissions: - - serviceAccountName: olm-operator-serviceaccount - rules: - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - get - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "operators.coreos.com" - resources: - - catalogsources - verbs: - - get - - list - - watch - - apiGroups: - - "packages.operators.coreos.com" - resources: - - packagemanifests - verbs: - - get - - list - deployments: - - name: packageserver - spec: - strategy: - type: RollingUpdate - replicas: 2 - selector: - matchLabels: - app: packageserver - template: - metadata: - labels: - app: packageserver - spec: - serviceAccountName: olm-operator-serviceaccount - nodeSelector: - beta.kubernetes.io/os: linux - - containers: - - name: packageserver - command: - - /bin/package-server - - -v=4 - - --secure-port - - "5443" - - --global-namespace - - olm - image: quay.io/operator-framework/olm@sha256:91ac5bf350192e063a3c1be994827f67e254997939eda3d471253777cc840c45 - imagePullPolicy: Always - ports: - - containerPort: 5443 - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - terminationMessagePolicy: FallbackToLogsOnError - resources: - requests: - cpu: 10m - memory: 50Mi - - maturity: alpha - version: 0.12.0 - apiservicedefinitions: - owned: - - group: packages.operators.coreos.com - version: v1 - kind: PackageManifest - name: packagemanifests - displayName: PackageManifest - description: A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps - deploymentName: packageserver - containerPort: 5443 diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_17-upstream-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_17-upstream-operators.catalogsource.yaml deleted file mode 100644 index 4adb582c8b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.12.0/0000_50_olm_17-upstream-operators.catalogsource.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_17-upstream-operators.catalogsource.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: operatorhubio-catalog - namespace: olm -spec: - sourceType: grpc - image: quay.io/operator-framework/upstream-community-operators:latest - displayName: Community Operators - publisher: OperatorHub.io diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_00-namespace.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_00-namespace.yaml deleted file mode 100644 index f2eda530b0..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_00-namespace.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: olm - ---- -apiVersion: v1 -kind: Namespace -metadata: - name: operators - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_01-olm-operator.serviceaccount.yaml deleted file mode 100644 index 1a2e303d86..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] ---- -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-olm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_03-clusterserviceversion.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_03-clusterserviceversion.crd.yaml deleted file mode 100644 index 404109e5e0..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_03-clusterserviceversion.crd.yaml +++ /dev/null @@ -1,768 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_03-clusterserviceversion.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterserviceversions.operators.coreos.com - annotations: - displayName: Operator Version - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. -spec: - names: - plural: clusterserviceversions - singular: clusterserviceversion - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - shortNames: - - csv - - csvs - categories: - - olm - additionalPrinterColumns: - - name: Display - type: string - description: The name of the CSV - JSONPath: .spec.displayName - - name: Version - type: string - description: The version of the CSV - JSONPath: .spec.version - - name: Replaces - type: string - description: The name of a CSV that this one replaces - JSONPath: .spec.replaces - - name: Phase - type: string - JSONPath: .status.phase - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. - properties: - spec: - type: object - description: Spec for a ClusterServiceVersion - required: - - displayName - - install - properties: - displayName: - type: string - description: Human readable name of the application that will be displayed in the ALM UI - - description: - type: string - description: Human readable description of what the application does - - minKubeVersion: - type: string - description: Minimum kubernetes version requirement on the server to deploy operator - pattern: ^\bv?(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - keywords: - type: array - description: List of keywords which will be used to discover and categorize app types - items: - type: string - - maintainers: - type: array - description: Those responsible for the creation of this specific app type - items: - type: object - description: Information for a single maintainer - required: - - name - - email - properties: - name: - type: string - description: Maintainer's name - email: - type: string - description: Maintainer's email address - format: email - optionalProperties: - type: string - description: "Any additional key-value metadata you wish to expose about the maintainer, e.g. github: " - - links: - type: array - description: Interesting links to find more information about the project, such as marketing page, documentation, or github page - items: - type: object - description: A single link to describe one aspect of the project - required: - - name - - url - properties: - name: - type: string - description: Name of the link type, e.g. homepage or github url - url: - type: string - description: URL to which the link should point - format: uri - - icon: - type: array - description: Icon which should be rendered with the application information - items: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - description: Base64 binary representation of the icon image - mediatype: - type: string - description: Mediatype for the binary data specified in the base64data property - enum: - - image/gif - - image/jpeg - - image/png - - image/svg+xml - version: - type: string - description: Version string, recommended that users use semantic versioning - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - replaces: - type: string - description: Name of the ClusterServiceVersion custom resource that this version replaces - - maturity: - type: string - description: What level of maturity the software has achieved at this version - enum: - - planning - - pre-alpha - - alpha - - beta - - stable - - mature - - inactive - - deprecated - labels: - type: object - description: Labels that will be applied to associated resources created by the operator. - selector: - type: object - description: Label selector to find resources associated with or managed by the operator - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - nativeAPIs: - type: array - description: What resources are required by the Operator, but must be provided by the underlying cluster and not as an extension. - items: - type: object - required: - - group - - version - - kind - properties: - group: - type: string - description: Group of the API resource - version: - type: string - description: Version of the API resource - kind: - type: string - description: Kind of the API resource - apiservicedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - name - - deploymentName - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - name: - type: string - description: The plural name for the APIService provided - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the APIService - required: - - kind - - version - properties: - name: - type: string - description: If a APIService, the fully qualified name of the APIService (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the API resource and can be found here instead of on the API resource. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the APIService resource. - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this spec is the same for all instances of the API Resource and can be found here instead of on the API resource. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - description: If present, the value of this action is the same for all instances of the API resource and can be found here instead of on the API resource. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - name - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - name: - type: string - description: The plural name for the APIService provided - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the APIService - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API Resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the API Resource and can be found here instead of on the API Resource. - - customresourcedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the CRD - required: - - kind - - version - properties: - name: - type: string - description: If a CRD, the fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this spec is the same for all instances of the CRD and can be found here instead of on the CR. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - description: If present, the value of this action is the same for all instances of the CRD and can be found here instead of on the CR. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - - - install: - type: object - description: Information required to install this specific version of the operator software - oneOf: - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['image'] - spec: - type: object - required: - - image - properties: - image: - type: string - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['deployment'] - spec: - type: object - required: - - deployments - properties: - installModes: - type: array - description: List of supported install modes for the operator - items: - type: object - description: A tuple representing a mode of installation and whether the operator supports it - required: - - type - - supported - properties: - type: - type: string - description: A type of install mode - enum: - - OwnNamespace - - SingleNamespace - - MultiNamespace - - AllNamespaces - supported: - type: boolean - description: Represents if the install mode type is supported - deployments: - type: array - description: List of deployments to create - items: - type: object - description: A name and deployment to create in the cluster - required: - - name - - spec - properties: - name: - type: string - description: the consistent name of the deployment - spec: - type: object - description: The deployment spec to create in the cluster - permissions: - type: array - description: Permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - assign - - get - - list - - watch - - create - - update - - patch - - delete - - deletecollection - - initialize - - use - clusterPermissions: - type: array - description: Cluster permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - required: - - verbs - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - nonResourceURLs: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - assign - - get - - list - - watch - - create - - update - - patch - - put - - post - - delete - - deletecollection - - initialize - - use - status: - type: object - description: Status for a ClusterServiceVersion diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_04-installplan.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_04-installplan.crd.yaml deleted file mode 100644 index 923f0c23b8..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_04-installplan.crd.yaml +++ /dev/null @@ -1,76 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_04-installplan.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: installplans.operators.coreos.com - annotations: - displayName: Install Plan - description: Represents a plan to install and resolve dependencies for Cluster Services -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: installplans - singular: installplan - kind: InstallPlan - listKind: InstallPlanList - shortNames: - - ip - categories: - - olm - additionalPrinterColumns: - - name: CSV - type: string - description: The first CSV in the list of clusterServiceVersionNames - JSONPath: .spec.clusterServiceVersionNames[0] - - name: Approval - type: string - description: The approval mode - JSONPath: .spec.approval - - name: Approved - type: boolean - JSONPath: .spec.approved - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: Represents a plan to install and resolve dependencies for Cluster Services. - properties: - spec: - type: object - description: Spec for an InstallPlan - required: - - clusterServiceVersionNames - - approval - properties: - source: - type: string - description: Name of the preferred CatalogSource - sourceNamespace: - type: string - description: Namespace that contains the preffered CatalogSource - clusterServiceVersionNames: - type: array - description: A list of the names of the Cluster Services - items: - type: string - anyOf: - - properties: - approval: - enum: - - Manual - approved: - type: boolean - required: - - approved - - properties: - approval: - enum: - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_05-subscription.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_05-subscription.crd.yaml deleted file mode 100644 index af29ed79a6..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_05-subscription.crd.yaml +++ /dev/null @@ -1,1465 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_05-subscription.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.operators.coreos.com - annotations: - displayName: Subscription - description: Subscribes service catalog to a source and channel to recieve updates for packages. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: subscriptions - singular: subscription - kind: Subscription - listKind: SubscriptionList - shortNames: - - sub - - subs - categories: - - olm - additionalPrinterColumns: - - name: Package - type: string - description: The package subscribed to - JSONPath: .spec.name - - name: Source - type: string - description: The catalog source for the specified package - JSONPath: .spec.source - - name: Channel - type: string - description: The channel of updates to subscribe to - JSONPath: .spec.channel - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: Subscribes service catalog to a source and channel to recieve updates for packages. - properties: - spec: - type: object - description: Spec for a Subscription - required: - - source - - name - properties: - source: - type: string - description: Name of a CatalogSource that defines where and how to find the channel - sourceNamespace: - type: string - description: The Kubernetes namespace where the CatalogSource used is located - name: - type: string - description: Name of the package that defines the application - channel: - type: string - description: Name of the channel to track - startingCSV: - type: string - description: Name of the AppType that this subscription tracks - installPlanApproval: - type: string - description: Approval mode for emitted InstallPlans - enum: - - Manual - - Automatic - config: - type: object - description: Operator Pod configuration, it is applied to the operator during install. It has higher precedence than the same configuration specified in a ClusterServiveVersion. - properties: - env: - type: array - description: List of environment variables to set in the container - items: - type: object - description: EnvVar represents an environment variable present in a Container - required: - - name - properties: - name: - type: string - description: EnvVar represents an environment variable present in a Container - value: - type: string - description: Value of the environment variable specified - valueFrom: - type: object - description: Source for the environment variable's value. Cannot be used if value is not empty - properties: - configMapKeyRef: - type: object - description: Selects a key of a ConfigMap - required: - - key - properties: - key: - type: string - description: The key to select - name: - type: string - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - optional: - type: boolean - description: Specify whether the ConfigMap or its key must be defined - fieldRef: - type: object - description: "Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP" - required: - - fieldPath - properties: - apiVersion: - type: string - description: Version of the schema the FieldPath is written in terms of, defaults to v1 - fieldPath: - type: string - description: Path of the field to select in the specified API version - resourceFieldRef: - type: object - description: "Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported." - required: - - resource - properties: - containerName: - type: string - description: "Container name: required for volumes, optional for env vars" - divisor: - type: string - description: Specifies the output format of the exposed resources, defaults to 1 - resource: - type: string - description: "Required: resource to select" - secretKeyRef: - type: object - description: Selects a key of a secret in the pod's namespace - required: - - key - properties: - key: - type: string - description: The key of the secret to select from. Must be a valid secret key - name: - type: string - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - optional: - type: boolean - description: Specify whether the Secret or its key must be defined - envFrom: - type: array - description: "List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated" - items: - type: object - description: EnvFromSource represents the source of a set of ConfigMaps - properties: - configMapRef: - type: object - description: "ConfigMapEnvSource selects a ConfigMap to populate the environment variables with.\n\nThe contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables" - properties: - name: - type: string - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - optional: - type: boolean - description: Specify whether the ConfigMap must be defined - prefix: - type: string - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER - secretRef: - type: object - description: "SecretEnvSource selects a Secret to populate the environment variables with.\n\nThe contents of the target Secret's Data field will represent the key-value pairs as environment variables" - properties: - name: - type: string - description: "Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names" - optional: - type: boolean - description: Specify whether the Secret must be defined - - volumeMounts: - description: List of VolumeMounts to set in the container. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationNone is used. This - field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. This field is beta in 1.15. - type: string - required: - - mountPath - - name - type: object - type: array - volumes: - description: List of Volumes to set in the podSpec. - items: - description: Volume represents a named volume in a pod that - may be accessed by any container in the pod. - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk - resource that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property - empty).' - format: int32 - type: integer - readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the - default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - required: - - volumeID - type: object - azureDisk: - description: AzureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read - Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob - disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults - to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - required: - - diskName - - diskURI - type: object - azureFile: - description: AzureFile represents an Azure File Service - mount on the host and bind mount to the pod. - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure - Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - required: - - secretName - - shareName - type: object - cephfs: - description: CephFS represents a Ceph FS mount on the host - that shares a pod's lifetime - properties: - monitors: - description: 'Required: Monitors is a collection of - Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - items: - type: string - type: array - path: - description: 'Optional: Used as the mounted root, rather - than the full Ceph tree, default is /' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key - ring for User, default is /etc/ceph/user.secret More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef is reference to the - authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - user: - description: 'Optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - required: - - monitors - type: object - cinder: - description: 'Cinder represents a cinder volume attached - and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - volumeID: - description: 'volume id used to identify the volume - in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - required: - - volumeID - type: object - configMap: - description: ConfigMap represents a configMap that should - populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be - projected into the volume as a file whose name is - the key and content is the value. If specified, the - listed keys will be projected into the specified paths, - and unlisted keys will not be present. If a key is - specified which is not present in the ConfigMap, the - volume setup will error unless it is marked optional. - Paths must be relative and may not contain the '..' - path or start with '..'. - items: - description: Maps a string key to a path within a - volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to - map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys - must be defined - type: boolean - type: object - csi: - description: CSI (Container Storage Interface) represents - storage that is handled by an external CSI driver (Alpha - feature). - properties: - driver: - description: Driver is the name of the CSI driver that - handles this volume. Consult with your admin for the - correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed - to the associated CSI driver which will determine - the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to - the secret object containing sensitive information - to pass to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the - secret object contains more than one secret, all secret - references are passed. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - readOnly: - description: Specifies a read-only configuration for - the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - additionalProperties: - type: string - description: VolumeAttributes stores driver-specific - properties that are passed to the CSI driver. Consult - your driver's documentation for supported values. - type: object - required: - - driver - type: object - downwardAPI: - description: DownwardAPI represents downward API about the - pod that should populate this volume - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - format: int32 - type: integer - items: - description: Items is a list of downward API volume - file - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - properties: - fieldRef: - description: 'Required: Selects a field of the - pod: only annotations, labels, name and namespace - are supported.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the relative - path name of the file to be created. Must not - be absolute or contain the ''..'' path. Must - be utf-8 encoded. The first item of the relative - path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of - the exposed resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - emptyDir: - description: 'EmptyDir represents a temporary directory - that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - properties: - medium: - description: 'What type of storage medium should back - this directory. The default is "" which means to use - the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required - for this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all - containers in a pod. The default is nil which means - that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - type: string - type: object - fc: - description: FC represents a Fibre Channel resource that - is attached to a kubelet's host machine and then exposed - to the pod. - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - lun: - description: 'Optional: FC target lun number' - format: int32 - type: integer - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - items: - type: string - type: array - wwids: - description: 'Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs - and lun must be set, but not both simultaneously.' - items: - type: string - type: array - type: object - flexVolume: - description: FlexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - properties: - driver: - description: Driver is the name of the driver to use - for this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. - type: string - options: - additionalProperties: - type: string - description: 'Optional: Extra command options if any.' - type: object - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the - secret object containing sensitive information to - pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the - plugin scripts.' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - required: - - driver - type: object - flocker: - description: Flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - properties: - datasetName: - description: Name of the dataset stored as metadata - -> name on the dataset for Flocker should be considered - as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset - type: string - type: object - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property - empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - format: int32 - type: integer - pdName: - description: 'Unique name of the PD resource in GCE. - Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - required: - - pdName - type: object - gitRepo: - description: 'GitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an - InitContainer that clones the repo using git, then mount - the EmptyDir into the Pod''s container.' - properties: - directory: - description: Target directory name. Must not contain - or start with '..'. If '.' is supplied, the volume - directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - required: - - repository - type: object - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on - the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - properties: - endpoints: - description: 'EndpointsName is the endpoint name that - details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More - info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs - volume to be mounted with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - required: - - endpoints - - path - type: object - hostPath: - description: 'HostPath represents a pre-existing file or - directory on the host machine that is directly exposed - to the container. This is generally used for system agents - or other privileged things that are allowed to see the - host machine. Most containers will NOT need this. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host - directory mounts and who can/can not mount host directories - as read/write.' - properties: - path: - description: 'Path of the directory on the host. If - the path is a symlink, it will follow the link to - the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - required: - - path - type: object - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that - is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new - iSCSI interface : will - be created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI - transport. Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - format: int32 - type: integer - portals: - description: iSCSI Target Portal List. The portal is - either an IP or ip_addr:port if the port is other - than default (typically TCP ports 860 and 3260). - items: - type: string - type: array - readOnly: - description: ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator - authentication - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - targetPortal: - description: iSCSI Target Portal. The Portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). - type: string - required: - - iqn - - lun - - targetPortal - type: object - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that - shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - properties: - path: - description: 'Path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export - to be mounted with read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of - the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - required: - - path - - server - type: object - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - required: - - claimName - type: object - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent - disk - type: string - required: - - pdID - type: object - portworxVolume: - description: PortworxVolume represents a portworx volume - attached and mounted on kubelets host machine - properties: - fsType: - description: FSType represents the filesystem type to - mount Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx - volume - type: string - required: - - volumeID - type: object - projected: - description: Items for all in one resources secrets, configmaps, - and downward API - properties: - defaultMode: - description: Mode bits to use on created files by default. - Must be a value between 0 and 0777. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set. - format: int32 - type: integer - sources: - description: list of volume projections - items: - description: Projection that may be projected along - with other supported volume types - properties: - configMap: - description: information about the configMap data - to project - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced - ConfigMap will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the ConfigMap, the volume setup will - error unless it is marked optional. Paths - must be relative and may not contain the - '..' path or start with '..'. - items: - description: Maps a string key to a path - within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its keys must be defined - type: boolean - type: object - downwardAPI: - description: information about the downwardAPI - data to project - properties: - items: - description: Items is a list of DownwardAPIVolume - file - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - required: - - fieldPath - type: object - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute or - contain the ''..'' path. Must be utf-8 - encoded. The first item of the relative - path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' - properties: - containerName: - description: 'Container name: required - for volumes, optional for env - vars' - type: string - divisor: - description: Specifies the output - format of the exposed resources, - defaults to "1" - type: string - resource: - description: 'Required: resource - to select' - type: string - required: - - resource - type: object - required: - - path - type: object - type: array - type: object - secret: - description: information about the secret data - to project - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced - Secret will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the Secret, the volume setup will error - unless it is marked optional. Paths must - be relative and may not contain the '..' - path or start with '..'. - items: - description: Maps a string key to a path - within a volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - required: - - key - - path - type: object - type: array - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - type: object - serviceAccountToken: - description: information about the serviceAccountToken - data to project - properties: - audience: - description: Audience is the intended audience - of the token. A recipient of a token must - identify itself with an identifier specified - in the audience of the token, and otherwise - should reject the token. The audience defaults - to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, - the kubelet volume plugin will proactively - rotate the service account token. The kubelet - will start trying to rotate the token if - the token is older than 80 percent of its - time to live or if the token is older than - 24 hours.Defaults to 1 hour and must be - at least 10 minutes. - format: int64 - type: integer - path: - description: Path is the path relative to - the mount point of the file to project the - token into. - type: string - required: - - path - type: object - type: object - type: array - required: - - sources - type: object - quobyte: - description: Quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - properties: - group: - description: Group to map volume access to Default is - no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults - to false. - type: boolean - registry: - description: Registry represents a single or multiple - Quobyte Registry services specified as a string as - host:port pair (multiple entries are separated with - commas) which acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume - in the Backend Used with dynamically provisioned Quobyte - volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to - serivceaccount user - type: string - volume: - description: Volume is a string that references an already - created Quobyte volume by name. - type: string - required: - - registry - - volume - type: object - rbd: - description: 'RBD represents a Rados Block Device mount - on the host that shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - items: - type: string - type: array - pool: - description: 'The rados pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. - Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - user: - description: 'The rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - required: - - image - - monitors - type: object - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain - for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for - ScaleIO user and other sensitive information. If this - is not provided, Login operation will fail. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - sslEnabled: - description: Flag to enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with - the protection domain. - type: string - system: - description: The name of the storage system as configured - in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in - the ScaleIO system that is associated with this volume - source. - type: string - required: - - gateway - - secretRef - - system - type: object - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - format: int32 - type: integer - items: - description: If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and - content is the value. If specified, the listed keys - will be projected into the specified paths, and unlisted - keys will not be present. If a key is specified which - is not present in the Secret, the volume setup will - error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start - with '..'. - items: - description: Maps a string key to a path within a - volume. - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - format: int32 - type: integer - path: - description: The relative path of the file to - map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. - type: string - required: - - key - - path - type: object - type: array - optional: - description: Specify whether the Secret or its keys - must be defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - type: object - storageos: - description: StorageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for - obtaining the StorageOS API credentials. If not specified, - default values will be attempted. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - type: object - volumeName: - description: VolumeName is the human-readable name of - the StorageOS volume. Volume names are only unique - within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of - the volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows - the Kubernetes name scoping to be mirrored within - StorageOS for tighter integration. Set VolumeName - to any name to override the default behaviour. Set - to "default" if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist within - StorageOS will be created. - type: string - type: object - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) - profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) - profile name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - required: - - volumePath - type: object - required: - - name - type: object - type: array diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_06-catalogsource.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_06-catalogsource.crd.yaml deleted file mode 100644 index 28a616fef7..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_06-catalogsource.crd.yaml +++ /dev/null @@ -1,130 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_06-catalogsource.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: catalogsources.operators.coreos.com - annotations: - displayName: CatalogSource - description: A source configured to find packages and updates. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: catalogsources - singular: catalogsource - kind: CatalogSource - listKind: CatalogSourceList - shortNames: - - catsrc - categories: - - olm - additionalPrinterColumns: - - name: Display - type: string - description: The pretty name of the catalog - JSONPath: .spec.displayName - - name: Type - type: string - description: The type of the catalog - JSONPath: .spec.sourceType - - name: Publisher - type: string - description: The publisher of the catalog - JSONPath: .spec.publisher - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: A source configured to find packages and updates. - properties: - spec: - type: object - description: Spec for a catalog source. - required: - - sourceType - properties: - sourceType: - type: string - description: The type of the source. `configmap` is the new name for `internal` - enum: - - internal # deprecated - - configmap - - grpc - - configMap: - type: string - description: The name of a ConfigMap that holds the entries for an in-memory catalog. - - address: - type: string - description: An optional address. When set, directs OLM to connect to use a pre-existing registry server at this address. - - image: - type: string - description: An image that serves a grpc registry. Only valid for `grpc` sourceType. If both image and address are set, OLM does not use the address field. - - displayName: - type: string - description: Pretty name for display - - publisher: - type: string - description: The name of an entity that publishes this catalog - - secrets: - type: array - description: A set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. - items: - type: string - description: A name of a secret in the namespace where the CatalogSource is defined. - status: - type: object - description: The status of the CatalogSource - properties: - configMapReference: - type: object - description: If sourceType is `internal` or `configmap`, then this holds a reference to the configmap associated with this CatalogSource. - properties: - name: - type: string - description: name of the configmap - namespace: - type: string - description: namespace of the configmap - resourceVersion: - type: string - description: resourceVersion of the configmap - uid: - type: string - description: uid of the configmap - registryService: - type: object - properties: - protocol: - type: string - description: protocol of the registry service - enum: - - grpc - serviceName: - type: string - description: name of the registry service - serviceNamespace: - type: string - description: namespace of the registry service - port: - type: string - description: port of the registry service - lastSync: - type: string - description: the last time the catalog was updated. If this time is less than the last updated time on the object, the catalog will be re-cached. - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_07-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_07-olm-operator.deployment.yaml deleted file mode 100644 index 51a31456a3..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_07-olm-operator.deployment.yaml +++ /dev/null @@ -1,65 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_07-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: olm - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - args: - - -namespace - - $(OPERATOR_NAMESPACE) - - -writeStatusName - - "" - image: quay.io/operator-framework/olm@sha256:73d60e4f2adbc70ed8df93245fb2d83c9e0062489a22110d897b83c21918e101 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator - resources: - requests: - cpu: 10m - memory: 160Mi - - - - nodeSelector: - beta.kubernetes.io/os: linux - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_08-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_08-catalog-operator.deployment.yaml deleted file mode 100644 index 59e81d74da..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_08-catalog-operator.deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_08-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: olm - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - args: - - '-namespace' - - olm - - -configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest - image: quay.io/operator-framework/olm@sha256:73d60e4f2adbc70ed8df93245fb2d83c9e0062489a22110d897b83c21918e101 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - resources: - requests: - cpu: 10m - memory: 80Mi - - - - nodeSelector: - beta.kubernetes.io/os: linux - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_09-aggregated.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_09-aggregated.clusterrole.yaml deleted file mode 100644 index 2c1ac83d6a..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_09-aggregated.clusterrole.yaml +++ /dev/null @@ -1,34 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["subscriptions"] - verbs: ["create", "update", "patch", "delete"] -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] - verbs: ["delete"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "admin", "edit" and "view" default roles - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "operatorgroups"] - verbs: ["get", "list", "watch"] -- apiGroups: ["packages.operators.coreos.com"] - resources: ["packagemanifests", "packagemanifests/icon"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_10-operatorgroup.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_10-operatorgroup.crd.yaml deleted file mode 100644 index 18235816a2..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_10-operatorgroup.crd.yaml +++ /dev/null @@ -1,101 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_10-operatorgroup.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: operatorgroups.operators.coreos.com -spec: - group: operators.coreos.com - version: v1 - versions: - - name: v1 - served: true - storage: true - - name: v1alpha2 - served: true - storage: false - names: - plural: operatorgroups - singular: operatorgroup - kind: OperatorGroup - listKind: OperatorGroupList - shortNames: - - og - categories: - - olm - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: A grouping of namespaces for usage with an operator. - properties: - spec: - type: object - description: Spec for an OperatorGroup. - properties: - selector: - type: object - description: Optional label selector to find resources associated with or managed by the operator - anyOf: - - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - required: - - matchLabels - - properties: - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - required: - - matchExpressions - targetNamespaces: - type: array - description: Optional list of target namespaces. If set, OLM will ignore selector. - items: - type: string - pattern: ^\S+$ - serviceAccountName: - type: string - staticProvidedAPIs: - type: boolean - description: If true, OLM will not modify the OperatorGroup's providedAPIs annotation. - status: - type: object - description: The status of the OperatorGroup. - properties: - lastUpdated: - format: date-time - type: string - namespaces: - items: - type: string - type: array - required: - - lastUpdated - required: - - metadata diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_13-operatorgroup-default.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_13-operatorgroup-default.yaml deleted file mode 100644 index 0284583006..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_13-operatorgroup-default.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: global-operators - namespace: operators ---- -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: olm-operators - namespace: olm -spec: - targetNamespaces: - - olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml deleted file mode 100644 index 5892411776..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml +++ /dev/null @@ -1,126 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_15-packageserver.clusterserviceversion.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - name: packageserver - namespace: olm - labels: - olm.version: 0.13.0 -spec: - displayName: Package Server - description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion. - minKubeVersion: 1.11.0 - keywords: ['packagemanifests', 'olm', 'packages'] - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - provider: - name: Red Hat - links: - - name: Package Server - url: https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/package-server - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: true - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - clusterPermissions: - - serviceAccountName: olm-operator-serviceaccount - rules: - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - get - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "operators.coreos.com" - resources: - - catalogsources - verbs: - - get - - list - - watch - - apiGroups: - - "packages.operators.coreos.com" - resources: - - packagemanifests - verbs: - - get - - list - deployments: - - name: packageserver - spec: - strategy: - type: RollingUpdate - replicas: 2 - selector: - matchLabels: - app: packageserver - template: - metadata: - labels: - app: packageserver - spec: - serviceAccountName: olm-operator-serviceaccount - nodeSelector: - beta.kubernetes.io/os: linux - - containers: - - name: packageserver - command: - - /bin/package-server - - -v=4 - - --secure-port - - "5443" - - --global-namespace - - olm - image: quay.io/operator-framework/olm@sha256:73d60e4f2adbc70ed8df93245fb2d83c9e0062489a22110d897b83c21918e101 - imagePullPolicy: Always - ports: - - containerPort: 5443 - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - terminationMessagePolicy: FallbackToLogsOnError - resources: - requests: - cpu: 10m - memory: 50Mi - - maturity: alpha - version: 0.13.0 - apiservicedefinitions: - owned: - - group: packages.operators.coreos.com - version: v1 - kind: PackageManifest - name: packagemanifests - displayName: PackageManifest - description: A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps - deploymentName: packageserver - containerPort: 5443 diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_17-upstream-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_17-upstream-operators.catalogsource.yaml deleted file mode 100644 index 4adb582c8b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.13.0/0000_50_olm_17-upstream-operators.catalogsource.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_17-upstream-operators.catalogsource.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: operatorhubio-catalog - namespace: olm -spec: - sourceType: grpc - image: quay.io/operator-framework/upstream-community-operators:latest - displayName: Community Operators - publisher: OperatorHub.io diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_00-namespace.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_00-namespace.yaml deleted file mode 100644 index 13917074d8..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_00-namespace.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: olm ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: operators diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_01-olm-operator.serviceaccount.yaml deleted file mode 100644 index e21d33d03d..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: olm ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-olm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_03-clusterserviceversion.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_03-clusterserviceversion.crd.yaml deleted file mode 100644 index 5ee1926299..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_03-clusterserviceversion.crd.yaml +++ /dev/null @@ -1,8435 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_03-clusterserviceversion.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterserviceversions.operators.coreos.com - annotations: - displayName: Operator Version - description: Represents an Operator that should be running on the cluster, including - requirements and install strategy. -spec: - names: - plural: clusterserviceversions - singular: clusterserviceversion - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - shortNames: - - csv - - csvs - categories: - - olm - additionalPrinterColumns: - - name: Display - type: string - description: The name of the CSV - JSONPath: .spec.displayName - - name: Version - type: string - description: The version of the CSV - JSONPath: .spec.version - - name: Replaces - type: string - description: The name of a CSV that this one replaces - JSONPath: .spec.replaces - - name: Phase - type: string - JSONPath: .status.phase - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - preserveUnknownFields: false - subresources: - status: {} - validation: - openAPIV3Schema: - description: ClusterServiceVersion is a Custom Resource of type `ClusterServiceVersionSpec`. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClusterServiceVersionSpec declarations tell OLM how to install - an operator that can manage apps for a given version. - type: object - required: - - displayName - - install - properties: - annotations: - description: Annotations is an unstructured key value map stored with - a resource that may be set by external tools to store and retrieve - arbitrary metadata. - type: object - additionalProperties: - type: string - apiservicedefinitions: - description: APIServiceDefinitions declares all of the extension apis - managed or required by an operator being ran by ClusterServiceVersion. - type: object - properties: - owned: - type: array - items: - description: APIServiceDescription provides details to OLM about - apis provided via aggregation - type: object - required: - - group - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative action - that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can be - used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - description: - type: string - displayName: - type: string - group: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can be - used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can be - used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - required: - type: array - items: - description: APIServiceDescription provides details to OLM about - apis provided via aggregation - type: object - required: - - group - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative action - that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can be - used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - description: - type: string - displayName: - type: string - group: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can be - used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can be - used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - customresourcedefinitions: - description: "CustomResourceDefinitions declares all of the CRDs managed - or required by an operator being ran by ClusterServiceVersion. \n - If the CRD is present in the Owned list, it is implicitly required." - type: object - properties: - owned: - type: array - items: - description: CRDDescription provides details to OLM about the - CRDs - type: object - required: - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative action - that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can be - used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - description: - type: string - displayName: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can be - used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can be - used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - required: - type: array - items: - description: CRDDescription provides details to OLM about the - CRDs - type: object - required: - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative action - that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can be - used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - description: - type: string - displayName: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can be - used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can be - used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - description: - type: string - displayName: - type: string - icon: - type: array - items: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - mediatype: - type: string - install: - description: NamedInstallStrategy represents the block of an ClusterServiceVersion - resource where the install strategy is specified. - type: object - required: - - strategy - properties: - spec: - description: StrategyDetailsDeployment represents the parsed details - of a Deployment InstallStrategy. - type: object - required: - - deployments - properties: - clusterPermissions: - type: array - items: - description: StrategyDeploymentPermissions describe the rbac - rules and service account needed by the install strategy - type: object - required: - - rules - - serviceAccountName - properties: - rules: - type: array - items: - description: PolicyRule holds information that describes - a policy rule, but does not contain information about - who the rule applies to or which namespace the rule - applies to. - type: object - required: - - verbs - properties: - apiGroups: - description: APIGroups is the name of the APIGroup - that contains the resources. If multiple API - groups are specified, any action requested against - one of the enumerated resources in any API group - will be allowed. - type: array - items: - type: string - nonResourceURLs: - description: NonResourceURLs is a set of partial - urls that a user should have access to. *s are - allowed, but only as the full, final step in the - path Since non-resource URLs are not namespaced, - this field is only applicable for ClusterRoles - referenced from a ClusterRoleBinding. Rules can - either apply to API resources (such as "pods" - or "secrets") or non-resource URL paths (such - as "/api"), but not both. - type: array - items: - type: string - resourceNames: - description: ResourceNames is an optional white - list of names that the rule applies to. An empty - set means that everything is allowed. - type: array - items: - type: string - resources: - description: Resources is a list of resources this - rule applies to. ResourceAll represents all resources. - type: array - items: - type: string - verbs: - description: Verbs is a list of Verbs that apply - to ALL the ResourceKinds and AttributeRestrictions - contained in this rule. VerbAll represents all - kinds. - type: array - items: - type: string - serviceAccountName: - type: string - deployments: - type: array - items: - description: StrategyDeploymentSpec contains the name and - spec for the deployment ALM should create - type: object - required: - - name - - spec - properties: - name: - type: string - spec: - description: DeploymentSpec is the specification of the - desired behavior of the Deployment. - type: object - required: - - selector - - template - properties: - minReadySeconds: - description: Minimum number of seconds for which a - newly created pod should be ready without any of - its container crashing, for it to be considered - available. Defaults to 0 (pod will be considered - available as soon as it is ready) - type: integer - format: int32 - paused: - description: Indicates that the deployment is paused. - type: boolean - progressDeadlineSeconds: - description: The maximum time in seconds for a deployment - to make progress before it is considered to be failed. - The deployment controller will continue to process - failed deployments and a condition with a ProgressDeadlineExceeded - reason will be surfaced in the deployment status. - Note that progress will not be estimated during - the time a deployment is paused. Defaults to 600s. - type: integer - format: int32 - replicas: - description: Number of desired pods. This is a pointer - to distinguish between explicit zero and not specified. - Defaults to 1. - type: integer - format: int32 - revisionHistoryLimit: - description: The number of old ReplicaSets to retain - to allow rollback. This is a pointer to distinguish - between explicit zero and not specified. Defaults - to 10. - type: integer - format: int32 - selector: - description: Label selector for pods. Existing ReplicaSets - whose pods are selected by this will be the ones - affected by this deployment. It must match the pod - template's labels. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - type: array - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - additionalProperties: - type: string - strategy: - description: The deployment strategy to use to replace - existing pods with new ones. - type: object - properties: - rollingUpdate: - description: 'Rolling update config params. Present - only if DeploymentStrategyType = RollingUpdate. - --- TODO: Update this to follow our convention - for oneOf, whatever we decide it to be.' - type: object - properties: - maxSurge: - description: 'The maximum number of pods that - can be scheduled above the desired number - of pods. Value can be an absolute number - (ex: 5) or a percentage of desired pods - (ex: 10%). This can not be 0 if MaxUnavailable - is 0. Absolute number is calculated from - percentage by rounding up. Defaults to 25%. - Example: when this is set to 30%, the new - ReplicaSet can be scaled up immediately - when the rolling update starts, such that - the total number of old and new pods do - not exceed 130% of desired pods. Once old - pods have been killed, new ReplicaSet can - be scaled up further, ensuring that total - number of pods running at any time during - the update is at most 130% of desired pods.' - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - description: 'The maximum number of pods that - can be unavailable during the update. Value - can be an absolute number (ex: 5) or a percentage - of desired pods (ex: 10%). Absolute number - is calculated from percentage by rounding - down. This can not be 0 if MaxSurge is 0. - Defaults to 25%. Example: when this is set - to 30%, the old ReplicaSet can be scaled - down to 70% of desired pods immediately - when the rolling update starts. Once new - pods are ready, old ReplicaSet can be scaled - down further, followed by scaling up the - new ReplicaSet, ensuring that the total - number of pods available at all times during - the update is at least 70% of desired pods.' - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: - description: Type of deployment. Can be "Recreate" - or "RollingUpdate". Default is RollingUpdate. - type: string - template: - description: Template describes the pods that will - be created. - type: object - properties: - metadata: - description: 'Standard object''s metadata. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - description: 'Specification of the desired behavior - of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - containers - properties: - activeDeadlineSeconds: - description: Optional duration in seconds - the pod may be active on the node relative - to StartTime before the system will actively - try to mark it failed and kill associated - containers. Value must be a positive integer. - type: integer - format: int64 - affinity: - description: If specified, the pod's scheduling - constraints - type: object - properties: - nodeAffinity: - description: Describes node affinity scheduling - rules for the pod. - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose - a node that violates one or more - of the expressions. The node that - is most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches the - corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. - type: array - items: - description: An empty preferred - scheduling term matches all objects - with implicit weight 0 (i.e. it's - a no-op). A null preferred scheduling - term matches no objects (i.e. - is also a no-op). - type: object - required: - - preference - - weight - properties: - preference: - description: A node selector - term, associated with the - corresponding weight. - type: object - properties: - matchExpressions: - description: A list of node - selector requirements - by node's labels. - type: array - items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. - type: array - items: - type: string - matchFields: - description: A list of node - selector requirements - by node's fields. - type: array - items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. - type: array - items: - type: string - weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the range - 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the node. - If the affinity requirements specified - by this field cease to be met at - some point during pod execution - (e.g. due to an update), the system - may or may not try to eventually - evict the pod from its node. - type: object - required: - - nodeSelectorTerms - properties: - nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. - type: array - items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset of - the NodeSelectorTerm. - type: object - properties: - matchExpressions: - description: A list of node - selector requirements - by node's labels. - type: array - items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. - type: array - items: - type: string - matchFields: - description: A list of node - selector requirements - by node's fields. - type: array - items: - description: A node selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The label - key that the selector - applies to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, Exists, - DoesNotExist. Gt, - and Lt. - type: string - values: - description: An array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. If - the operator is - Gt or Lt, the values - array must have - a single element, - which will be interpreted - as an integer. This - array is replaced - during a strategic - merge patch. - type: array - items: - type: string - podAffinity: - description: Describes pod affinity scheduling - rules (e.g. co-locate this pod in the - same node, zone, etc. as some other - pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the affinity expressions specified - by this field, but it may choose - a node that violates one or more - of the expressions. The node that - is most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - affinity expressions, etc.), compute - a sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. - type: array - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. - type: array - items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces - specifies which namespaces - the labelSelector applies - to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching - the labelSelector in the - specified namespaces, - where co-located is defined - as running on a node whose - value of the label with - key topologyKey matches - that of any node on which - any of the selected pods - is running. Empty topologyKey - is not allowed. - type: string - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the node. - If the affinity requirements specified - by this field cease to be met at - some point during pod execution - (e.g. due to a pod label update), - the system may or may not try to - eventually evict the pod from its - node. When there are multiple elements, - the lists of nodes corresponding - to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over - a set of resources, in this - case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - type: array - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); - null or empty list means "this - pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. - type: string - podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer - to schedule pods to nodes that satisfy - the anti-affinity expressions specified - by this field, but it may choose - a node that violates one or more - of the expressions. The node that - is most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and adding - "weight" to the sum if the node - has pods which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. - type: array - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to find - the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements are - ANDed. - type: array - items: - description: A label - selector requirement - is a selector that - contains values, - a key, and an operator - that relates the - key and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents a - key's relationship - to a set of - values. Valid - operators are - In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array - of string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or - DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels - map is equivalent - to an element of matchExpressions, - whose key field is - "key", the operator - is "In", and the values - array contains only - "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces - specifies which namespaces - the labelSelector applies - to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching - the labelSelector in the - specified namespaces, - where co-located is defined - as running on a node whose - value of the label with - key topologyKey matches - that of any node on which - any of the selected pods - is running. Empty topologyKey - is not allowed. - type: string - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the range - 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this field - are not met at scheduling time, - the pod will not be scheduled onto - the node. If the anti-affinity requirements - specified by this field cease to - be met at some point during pod - execution (e.g. due to a pod label - update), the system may or may not - try to eventually evict the pod - from its node. When there are multiple - elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of pods - (namely those matching the labelSelector - relative to the given namespace(s)) - that this pod should be co-located - (affinity) or not co-located (anti-affinity) - with, where co-located is defined - as running on a node whose value - of the label with key - matches that of any node on which - a pod of the set of pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over - a set of resources, in this - case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - type: array - items: - description: A label selector - requirement is a selector - that contains values, - a key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key is - the label key that - the selector applies - to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values - is an array of string - values. If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. This - array is replaced - during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an element - of matchExpressions, whose - key field is "key", the - operator is "In", and - the values array contains - only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); - null or empty list means "this - pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should - be co-located (affinity) or - not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on a - node whose value of the label - with key topologyKey matches - that of any node on which - any of the selected pods is - running. Empty topologyKey - is not allowed. - type: string - automountServiceAccountToken: - description: AutomountServiceAccountToken - indicates whether a service account token - should be automatically mounted. - type: boolean - containers: - description: List of containers belonging - to the pod. Containers cannot currently - be added or removed. There must be at least - one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container - that you want to run within a pod. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used if - this is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, - regardless of whether the variable - exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not - executed within a shell. The docker - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, - regardless of whether the variable - exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables - to set in the container. Cannot be - updated. - type: array - items: - description: EnvVar represents an - environment variable present in - a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previous defined environment - variables in the container and - any service environment variables. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. The $(VAR_NAME) - syntax can be escaped with a - double $$, ie: $$(VAR_NAME). - Escaped references will never - be expanded, regardless of whether - the variable exists or not. - Defaults to "".' - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be - used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key - of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to - select. - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether - the ConfigMap or its - key must be defined - type: boolean - fieldRef: - description: 'Selects a field - of the pod: supports metadata.name, - metadata.namespace, metadata.labels, - metadata.annotations, spec.nodeName, - spec.serviceAccountName, - status.hostIP, status.podIP.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of - the schema the FieldPath - is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the - field to select in the - specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies - the output format of - the exposed resources, - defaults to "1" - type: string - resource: - description: 'Required: - resource to select' - type: string - secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key of - the secret to select - from. Must be a valid - secret key. - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether - the Secret or its key - must be defined - type: boolean - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source must - be a C_IDENTIFIER. All invalid keys - will be reported as an event when - the container is starting. When a - key exists in multiple sources, the - value associated with the last source - will take precedence. Values defined - by an Env with a duplicate key will - take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to - select from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier - to prepend to each key in the - ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - image: - description: 'Docker image name. More - info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher - level config management to default - or override container images in workload - controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. Defaults - to Always if :latest tag is specified, - or IfNotPresent otherwise. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management - system should take in response to - container lifecycle events. Cannot - be updated. - type: object - properties: - postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated and - restarted according to its restart - policy. Other management of the - container blocks until the hook - completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one - of the following should be - specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to execute - inside the container, - the working directory - for the command is root - ('/') in the container's - filesystem. The command - is simply exec'd, it is - not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. - To use a shell, you need - to explicitly call out - to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range 1 - to 65535. Name must be - an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the - host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect to, - defaults to the pod IP.' - type: string - port: - description: Number or name - of the port to access - on the container. Number - must be in the range 1 - to 65535. Name must be - an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API request - or management event such as liveness/startup - probe failure, preemption, resource - contention, etc. The handler is - not called if the container crashes - or exits. The reason for termination - is passed to the handler. The - Pod''s termination grace period - countdown begins before the PreStop - hooked is executed. Regardless - of the outcome of the handler, - the container will eventually - terminate within the Pod''s termination - grace period. Other management - of the container blocks until - the hook completes or until the - termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one - of the following should be - specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to execute - inside the container, - the working directory - for the command is root - ('/') in the container's - filesystem. The command - is simply exec'd, it is - not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. - To use a shell, you need - to explicitly call out - to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range 1 - to 65535. Name must be - an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the - host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect to, - defaults to the pod IP.' - type: string - port: - description: Number or name - of the port to access - on the container. Number - must be in the range 1 - to 65535. Name must be - an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of - the following should be specified. - Exec specifies the action to take. - type: object - properties: - command: - description: Command is the - command line to execute inside - the container, the working - directory for the command is - root ('/') in the container's - filesystem. The command is - simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, - you need to explicitly call - out to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be considered - failed after having succeeded. - Defaults to 3. Minimum value is - 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the - http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value is - 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after having - failed. Defaults to 1. Must be - 1 for liveness and startup. Minimum - value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times out. - Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified - as a DNS_LABEL. Each container in - a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose - from the container. Exposing a port - here gives the system additional information - about the network connections a container - uses, but is primarily informational. - Not specifying a port here DOES NOT - prevent that port from being exposed. - Any port which is listening on the - default "0.0.0.0" address inside a - container will be accessible from - the network. Cannot be updated. - type: array - items: - description: ContainerPort represents - a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to - expose on the pod's IP address. - This must be a valid port number, - 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to bind - the external port to. - type: string - hostPort: - description: Number of port to - expose on the host. If specified, - this must be a valid port number, - 0 < x < 65536. If HostNetwork - is specified, this must match - ContainerPort. Most containers - do not need this. - type: integer - format: int32 - name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred to - by services. - type: string - protocol: - description: Protocol for port. - Must be UDP, TCP, or SCTP. Defaults - to "TCP". - type: string - readinessProbe: - description: 'Periodic probe of container - service readiness. Container will - be removed from service endpoints - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of - the following should be specified. - Exec specifies the action to take. - type: object - properties: - command: - description: Command is the - command line to execute inside - the container, the working - directory for the command is - root ('/') in the container's - filesystem. The command is - simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, - you need to explicitly call - out to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be considered - failed after having succeeded. - Defaults to 3. Minimum value is - 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the - http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value is - 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after having - failed. Defaults to 1. Must be - 1 for liveness and startup. Minimum - value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times out. - Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - type: string - requests: - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, it - defaults to Limits if that is - explicitly specified, otherwise - to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - type: string - securityContext: - description: 'Security options the pod - should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs flag - will be set on the container process. - AllowPrivilegeEscalation is true - always when the container is: - 1) run as Privileged 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to - add/drop when running containers. - Defaults to the default set of - capabilities granted by the container - runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability represent - POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent - POSIX capabilities type - type: string - privileged: - description: Run container in privileged - mode. Processes in privileged - containers are essentially equivalent - to root on the host. Defaults - to false. - type: boolean - procMount: - description: procMount denotes the - type of proc mount to use for - the containers. The default is - DefaultProcMount which uses the - container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the - entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext takes - precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to start - the container if it does. If unset - or false, no such validation will - be performed. May also be set - in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the - entrypoint of the container process. - Defaults to user specified in - image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext takes - precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext takes - precedence. - type: object - properties: - level: - description: Level is SELinux - level label that applies to - the container. - type: string - role: - description: Role is a SELinux - role label that applies to - the container. - type: string - type: - description: Type is a SELinux - type label that applies to - the container. - type: string - user: - description: User is a SELinux - user label that applies to - the container. - type: string - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options from - the PodSecurityContext will be - used. If set in both SecurityContext - and PodSecurityContext, the value - specified in SecurityContext takes - precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the - GMSA credential spec named - by the GMSACredentialSpecName - field. This field is alpha-level - and is only honored by servers - that enable the WindowsGMSA - feature flag. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. This field is - alpha-level and is only honored - by servers that enable the - WindowsGMSA feature flag. - type: string - runAsUserName: - description: The UserName in - Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. This field - is alpha-level and it is only - honored by servers that enable - the WindowsRunAsUserName feature - flag. - type: string - startupProbe: - description: 'StartupProbe indicates - that the Pod has successfully initialized. - If specified, no other probes are - executed until this completes successfully. - If this probe fails, the Pod will - be restarted, just as if the livenessProbe - failed. This can be used to provide - different probe parameters at the - beginning of a Pod''s lifecycle, when - it might take a long time to load - data or warm a cache, than during - steady-state operation. This cannot - be updated. This is an alpha feature - enabled by the StartupProbe feature - flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of - the following should be specified. - Exec specifies the action to take. - type: object - properties: - command: - description: Command is the - command line to execute inside - the container, the working - directory for the command is - root ('/') in the container's - filesystem. The command is - simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, - you need to explicitly call - out to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be considered - failed after having succeeded. - Defaults to 3. Minimum value is - 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the - http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value is - 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after having - failed. Defaults to 1. Must be - 1 for liveness and startup. Minimum - value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times out. - Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in the - container will always result in EOF. - Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime - should close the stdin channel after - it has been opened by a single attach. - When stdin is true the stdin stream - will remain open across multiple attach - sessions. If stdinOnce is set to true, - stdin is opened on container start, - is empty until the first client attaches - to stdin, and then remains open and - accepts data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads from - stdin will never receive an EOF. Default - is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s filesystem. - Message written is intended to be - brief final status, such as an assertion - failure message. Will be truncated - by the node if greater than 4096 bytes. - The total message length across all - containers will be limited to 12kb. - Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status message - on both success and failure. FallbackToLogsOnError - will use the last chunk of container - log output if the termination message - file is empty and the container exited - with an error. The log output is limited - to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot - be updated. - type: string - tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list - of block devices to be used by the - container. This is a beta feature. - type: array - items: - description: volumeDevice describes - a mapping of a raw block device - within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. - type: string - name: - description: name must match the - name of a persistentVolumeClaim - in the pod - type: string - volumeMounts: - description: Pod volumes to mount into - the container's filesystem. Cannot - be updated. - type: array - items: - description: VolumeMount describes - a mounting of a Volume within a - container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container - at which the volume should be - mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation - determines how mounts are propagated - from the host to container and - the other way around. When not - set, MountPropagationNone is - used. This field is beta in - 1.10. - type: string - name: - description: This must match the - Name of a Volume. - type: string - readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. - type: boolean - subPath: - description: Path within the volume - from which the container's volume - should be mounted. Defaults - to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the container's - volume should be mounted. Behaves - similarly to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. - This field is beta in 1.15. - type: string - workingDir: - description: Container's working directory. - If not specified, the container runtime's - default will be used, which might - be configured in the container image. - Cannot be updated. - type: string - dnsConfig: - description: Specifies the DNS parameters - of a pod. Parameters specified here will - be merged to the generated DNS configuration - based on DNSPolicy. - type: object - properties: - nameservers: - description: A list of DNS name server - IP addresses. This will be appended - to the base nameservers generated from - DNSPolicy. Duplicated nameservers will - be removed. - type: array - items: - type: string - options: - description: A list of DNS resolver options. - This will be merged with the base options - generated from DNSPolicy. Duplicated - entries will be removed. Resolution - options given in Options will override - those that appear in the base DNSPolicy. - type: array - items: - description: PodDNSConfigOption defines - DNS resolver options of a pod. - type: object - properties: - name: - description: Required. - type: string - value: - type: string - searches: - description: A list of DNS search domains - for host-name lookup. This will be appended - to the base search paths generated from - DNSPolicy. Duplicated search paths will - be removed. - type: array - items: - type: string - dnsPolicy: - description: Set DNS policy for the pod. Defaults - to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', - 'ClusterFirst', 'Default' or 'None'. DNS - parameters given in DNSConfig will be merged - with the policy selected with DNSPolicy. - To have DNS options set along with hostNetwork, - you have to specify DNS policy explicitly - to 'ClusterFirstWithHostNet'. - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates - whether information about services should - be injected into pod''s environment variables, - matching the syntax of Docker links. Optional: - Defaults to true.' - type: boolean - ephemeralContainers: - description: List of ephemeral containers - run in this pod. Ephemeral containers may - be run in an existing pod to perform user-initiated - actions such as debugging. This list cannot - be specified when creating a pod, and it - cannot be modified by updating the pod spec. - In order to add an ephemeral container to - an existing pod, use the pod's ephemeralcontainers - subresource. This field is alpha-level and - is only honored by servers that enable the - EphemeralContainers feature. - type: array - items: - description: An EphemeralContainer is a - container that may be added temporarily - to an existing pod for user-initiated - activities such as debugging. Ephemeral - containers have no resource or scheduling - guarantees, and they will not be restarted - when they exit or when a pod is removed - or restarted. If an ephemeral container - causes a pod to exceed its resource allocation, - the pod may be evicted. Ephemeral containers - may not be added by directly updating - the pod spec. They must be added via the - pod's ephemeralcontainers subresource, - and they will appear in the pod spec once - added. This is an alpha feature enabled - by the EphemeralContainers feature flag. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used if - this is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, - regardless of whether the variable - exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not - executed within a shell. The docker - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, - regardless of whether the variable - exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables - to set in the container. Cannot be - updated. - type: array - items: - description: EnvVar represents an - environment variable present in - a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previous defined environment - variables in the container and - any service environment variables. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. The $(VAR_NAME) - syntax can be escaped with a - double $$, ie: $$(VAR_NAME). - Escaped references will never - be expanded, regardless of whether - the variable exists or not. - Defaults to "".' - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be - used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key - of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to - select. - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether - the ConfigMap or its - key must be defined - type: boolean - fieldRef: - description: 'Selects a field - of the pod: supports metadata.name, - metadata.namespace, metadata.labels, - metadata.annotations, spec.nodeName, - spec.serviceAccountName, - status.hostIP, status.podIP.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of - the schema the FieldPath - is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the - field to select in the - specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies - the output format of - the exposed resources, - defaults to "1" - type: string - resource: - description: 'Required: - resource to select' - type: string - secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key of - the secret to select - from. Must be a valid - secret key. - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether - the Secret or its key - must be defined - type: boolean - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source must - be a C_IDENTIFIER. All invalid keys - will be reported as an event when - the container is starting. When a - key exists in multiple sources, the - value associated with the last source - will take precedence. Values defined - by an Env with a duplicate key will - take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to - select from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier - to prepend to each key in the - ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - image: - description: 'Docker image name. More - info: https://kubernetes.io/docs/concepts/containers/images' - type: string - imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. Defaults - to Always if :latest tag is specified, - or IfNotPresent otherwise. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle is not allowed - for ephemeral containers. - type: object - properties: - postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated and - restarted according to its restart - policy. Other management of the - container blocks until the hook - completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one - of the following should be - specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to execute - inside the container, - the working directory - for the command is root - ('/') in the container's - filesystem. The command - is simply exec'd, it is - not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. - To use a shell, you need - to explicitly call out - to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range 1 - to 65535. Name must be - an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the - host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect to, - defaults to the pod IP.' - type: string - port: - description: Number or name - of the port to access - on the container. Number - must be in the range 1 - to 65535. Name must be - an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API request - or management event such as liveness/startup - probe failure, preemption, resource - contention, etc. The handler is - not called if the container crashes - or exits. The reason for termination - is passed to the handler. The - Pod''s termination grace period - countdown begins before the PreStop - hooked is executed. Regardless - of the outcome of the handler, - the container will eventually - terminate within the Pod''s termination - grace period. Other management - of the container blocks until - the hook completes or until the - termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one - of the following should be - specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to execute - inside the container, - the working directory - for the command is root - ('/') in the container's - filesystem. The command - is simply exec'd, it is - not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. - To use a shell, you need - to explicitly call out - to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range 1 - to 65535. Name must be - an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the - host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect to, - defaults to the pod IP.' - type: string - port: - description: Number or name - of the port to access - on the container. Number - must be in the range 1 - to 65535. Name must be - an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: Probes are not allowed - for ephemeral containers. - type: object - properties: - exec: - description: One and only one of - the following should be specified. - Exec specifies the action to take. - type: object - properties: - command: - description: Command is the - command line to execute inside - the container, the working - directory for the command is - root ('/') in the container's - filesystem. The command is - simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, - you need to explicitly call - out to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be considered - failed after having succeeded. - Defaults to 3. Minimum value is - 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the - http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value is - 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after having - failed. Defaults to 1. Must be - 1 for liveness and startup. Minimum - value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times out. - Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the ephemeral container - specified as a DNS_LABEL. This name - must be unique among all containers, - init containers and ephemeral containers. - type: string - ports: - description: Ports are not allowed for - ephemeral containers. - type: array - items: - description: ContainerPort represents - a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to - expose on the pod's IP address. - This must be a valid port number, - 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to bind - the external port to. - type: string - hostPort: - description: Number of port to - expose on the host. If specified, - this must be a valid port number, - 0 < x < 65536. If HostNetwork - is specified, this must match - ContainerPort. Most containers - do not need this. - type: integer - format: int32 - name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred to - by services. - type: string - protocol: - description: Protocol for port. - Must be UDP, TCP, or SCTP. Defaults - to "TCP". - type: string - readinessProbe: - description: Probes are not allowed - for ephemeral containers. - type: object - properties: - exec: - description: One and only one of - the following should be specified. - Exec specifies the action to take. - type: object - properties: - command: - description: Command is the - command line to execute inside - the container, the working - directory for the command is - root ('/') in the container's - filesystem. The command is - simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, - you need to explicitly call - out to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be considered - failed after having succeeded. - Defaults to 3. Minimum value is - 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the - http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value is - 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after having - failed. Defaults to 1. Must be - 1 for liveness and startup. Minimum - value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times out. - Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: Resources are not allowed - for ephemeral containers. Ephemeral - containers use spare resources already - allocated to the pod. - type: object - properties: - limits: - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - type: string - requests: - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, it - defaults to Limits if that is - explicitly specified, otherwise - to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - type: string - securityContext: - description: SecurityContext is not - allowed for ephemeral containers. - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs flag - will be set on the container process. - AllowPrivilegeEscalation is true - always when the container is: - 1) run as Privileged 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to - add/drop when running containers. - Defaults to the default set of - capabilities granted by the container - runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability represent - POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent - POSIX capabilities type - type: string - privileged: - description: Run container in privileged - mode. Processes in privileged - containers are essentially equivalent - to root on the host. Defaults - to false. - type: boolean - procMount: - description: procMount denotes the - type of proc mount to use for - the containers. The default is - DefaultProcMount which uses the - container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the - entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext takes - precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to start - the container if it does. If unset - or false, no such validation will - be performed. May also be set - in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the - entrypoint of the container process. - Defaults to user specified in - image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext takes - precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext takes - precedence. - type: object - properties: - level: - description: Level is SELinux - level label that applies to - the container. - type: string - role: - description: Role is a SELinux - role label that applies to - the container. - type: string - type: - description: Type is a SELinux - type label that applies to - the container. - type: string - user: - description: User is a SELinux - user label that applies to - the container. - type: string - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options from - the PodSecurityContext will be - used. If set in both SecurityContext - and PodSecurityContext, the value - specified in SecurityContext takes - precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the - GMSA credential spec named - by the GMSACredentialSpecName - field. This field is alpha-level - and is only honored by servers - that enable the WindowsGMSA - feature flag. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. This field is - alpha-level and is only honored - by servers that enable the - WindowsGMSA feature flag. - type: string - runAsUserName: - description: The UserName in - Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. This field - is alpha-level and it is only - honored by servers that enable - the WindowsRunAsUserName feature - flag. - type: string - startupProbe: - description: Probes are not allowed - for ephemeral containers. - type: object - properties: - exec: - description: One and only one of - the following should be specified. - Exec specifies the action to take. - type: object - properties: - command: - description: Command is the - command line to execute inside - the container, the working - directory for the command is - root ('/') in the container's - filesystem. The command is - simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, - you need to explicitly call - out to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be considered - failed after having succeeded. - Defaults to 3. Minimum value is - 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the - http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value is - 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after having - failed. Defaults to 1. Must be - 1 for liveness and startup. Minimum - value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times out. - Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in the - container will always result in EOF. - Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime - should close the stdin channel after - it has been opened by a single attach. - When stdin is true the stdin stream - will remain open across multiple attach - sessions. If stdinOnce is set to true, - stdin is opened on container start, - is empty until the first client attaches - to stdin, and then remains open and - accepts data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads from - stdin will never receive an EOF. Default - is false - type: boolean - targetContainerName: - description: If set, the name of the - container from PodSpec that this ephemeral - container targets. The ephemeral container - will be run in the namespaces (IPC, - PID, etc) of this container. If not - set then the ephemeral container is - run in whatever namespaces are shared - for the pod. Note that the container - runtime must support this feature. - type: string - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s filesystem. - Message written is intended to be - brief final status, such as an assertion - failure message. Will be truncated - by the node if greater than 4096 bytes. - The total message length across all - containers will be limited to 12kb. - Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status message - on both success and failure. FallbackToLogsOnError - will use the last chunk of container - log output if the termination message - file is empty and the container exited - with an error. The log output is limited - to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot - be updated. - type: string - tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list - of block devices to be used by the - container. This is a beta feature. - type: array - items: - description: volumeDevice describes - a mapping of a raw block device - within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. - type: string - name: - description: name must match the - name of a persistentVolumeClaim - in the pod - type: string - volumeMounts: - description: Pod volumes to mount into - the container's filesystem. Cannot - be updated. - type: array - items: - description: VolumeMount describes - a mounting of a Volume within a - container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container - at which the volume should be - mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation - determines how mounts are propagated - from the host to container and - the other way around. When not - set, MountPropagationNone is - used. This field is beta in - 1.10. - type: string - name: - description: This must match the - Name of a Volume. - type: string - readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. - type: boolean - subPath: - description: Path within the volume - from which the container's volume - should be mounted. Defaults - to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the container's - volume should be mounted. Behaves - similarly to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. - This field is beta in 1.15. - type: string - workingDir: - description: Container's working directory. - If not specified, the container runtime's - default will be used, which might - be configured in the container image. - Cannot be updated. - type: string - hostAliases: - description: HostAliases is an optional list - of hosts and IPs that will be injected into - the pod's hosts file if specified. This - is only valid for non-hostNetwork pods. - type: array - items: - description: HostAlias holds the mapping - between IP and hostnames that will be - injected as an entry in the pod's hosts - file. - type: object - properties: - hostnames: - description: Hostnames for the above - IP address. - type: array - items: - type: string - ip: - description: IP address of the host - file entry. - type: string - hostIPC: - description: 'Use the host''s ipc namespace. - Optional: Default to false.' - type: boolean - hostNetwork: - description: Host networking requested for - this pod. Use the host's network namespace. - If this option is set, the ports that will - be used must be specified. Default to false. - type: boolean - hostPID: - description: 'Use the host''s pid namespace. - Optional: Default to false.' - type: boolean - hostname: - description: Specifies the hostname of the - Pod If not specified, the pod's hostname - will be set to a system-defined value. - type: string - imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the same - namespace to use for pulling any of the - images used by this PodSpec. If specified, - these secrets will be passed to individual - puller implementations for them to use. - For example, in the case of docker, only - DockerConfig type secrets are honored. More - info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains - enough information to let you locate the - referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - initContainers: - description: 'List of initialization containers - belonging to the pod. Init containers are - executed in order prior to containers being - started. If any init container fails, the - pod is considered to have failed and is - handled according to its restartPolicy. - The name for an init container or normal - container must be unique among all containers. - Init containers may not have Lifecycle actions, - Readiness probes, Liveness probes, or Startup - probes. The resourceRequirements of an init - container are taken into account during - scheduling by finding the highest request/limit - for each resource type, and then using the - max of of that value or the sum of the normal - containers. Limits are applied to init containers - in a similar fashion. Init containers cannot - currently be added or removed. Cannot be - updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: A single application container - that you want to run within a pod. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used if - this is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, - regardless of whether the variable - exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not - executed within a shell. The docker - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be expanded, - regardless of whether the variable - exists or not. Cannot be updated. - More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables - to set in the container. Cannot be - updated. - type: array - items: - description: EnvVar represents an - environment variable present in - a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previous defined environment - variables in the container and - any service environment variables. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. The $(VAR_NAME) - syntax can be escaped with a - double $$, ie: $$(VAR_NAME). - Escaped references will never - be expanded, regardless of whether - the variable exists or not. - Defaults to "".' - type: string - valueFrom: - description: Source for the environment - variable's value. Cannot be - used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key - of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to - select. - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether - the ConfigMap or its - key must be defined - type: boolean - fieldRef: - description: 'Selects a field - of the pod: supports metadata.name, - metadata.namespace, metadata.labels, - metadata.annotations, spec.nodeName, - spec.serviceAccountName, - status.hostIP, status.podIP.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of - the schema the FieldPath - is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the - field to select in the - specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies - the output format of - the exposed resources, - defaults to "1" - type: string - resource: - description: 'Required: - resource to select' - type: string - secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key of - the secret to select - from. Must be a valid - secret key. - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether - the Secret or its key - must be defined - type: boolean - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source must - be a C_IDENTIFIER. All invalid keys - will be reported as an event when - the container is starting. When a - key exists in multiple sources, the - value associated with the last source - will take precedence. Values defined - by an Env with a duplicate key will - take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to - select from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier - to prepend to each key in the - ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - image: - description: 'Docker image name. More - info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher - level config management to default - or override container images in workload - controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. Defaults - to Always if :latest tag is specified, - or IfNotPresent otherwise. Cannot - be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management - system should take in response to - container lifecycle events. Cannot - be updated. - type: object - properties: - postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated and - restarted according to its restart - policy. Other management of the - container blocks until the hook - completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one - of the following should be - specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to execute - inside the container, - the working directory - for the command is root - ('/') in the container's - filesystem. The command - is simply exec'd, it is - not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. - To use a shell, you need - to explicitly call out - to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range 1 - to 65535. Name must be - an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the - host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect to, - defaults to the pod IP.' - type: string - port: - description: Number or name - of the port to access - on the container. Number - must be in the range 1 - to 65535. Name must be - an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API request - or management event such as liveness/startup - probe failure, preemption, resource - contention, etc. The handler is - not called if the container crashes - or exits. The reason for termination - is passed to the handler. The - Pod''s termination grace period - countdown begins before the PreStop - hooked is executed. Regardless - of the outcome of the handler, - the container will eventually - terminate within the Pod''s termination - grace period. Other management - of the container blocks until - the hook completes or until the - termination grace period is reached. - More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one - of the following should be - specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to execute - inside the container, - the working directory - for the command is root - ('/') in the container's - filesystem. The command - is simply exec'd, it is - not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. - To use a shell, you need - to explicitly call out - to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range 1 - to 65535. Name must be - an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the - host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect to, - defaults to the pod IP.' - type: string - port: - description: Number or name - of the port to access - on the container. Number - must be in the range 1 - to 65535. Name must be - an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of - the following should be specified. - Exec specifies the action to take. - type: object - properties: - command: - description: Command is the - command line to execute inside - the container, the working - directory for the command is - root ('/') in the container's - filesystem. The command is - simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, - you need to explicitly call - out to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be considered - failed after having succeeded. - Defaults to 3. Minimum value is - 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the - http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value is - 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after having - failed. Defaults to 1. Must be - 1 for liveness and startup. Minimum - value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times out. - Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified - as a DNS_LABEL. Each container in - a pod must have a unique name (DNS_LABEL). - Cannot be updated. - type: string - ports: - description: List of ports to expose - from the container. Exposing a port - here gives the system additional information - about the network connections a container - uses, but is primarily informational. - Not specifying a port here DOES NOT - prevent that port from being exposed. - Any port which is listening on the - default "0.0.0.0" address inside a - container will be accessible from - the network. Cannot be updated. - type: array - items: - description: ContainerPort represents - a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to - expose on the pod's IP address. - This must be a valid port number, - 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to bind - the external port to. - type: string - hostPort: - description: Number of port to - expose on the host. If specified, - this must be a valid port number, - 0 < x < 65536. If HostNetwork - is specified, this must match - ContainerPort. Most containers - do not need this. - type: integer - format: int32 - name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred to - by services. - type: string - protocol: - description: Protocol for port. - Must be UDP, TCP, or SCTP. Defaults - to "TCP". - type: string - readinessProbe: - description: 'Periodic probe of container - service readiness. Container will - be removed from service endpoints - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of - the following should be specified. - Exec specifies the action to take. - type: object - properties: - command: - description: Command is the - command line to execute inside - the container, the working - directory for the command is - root ('/') in the container's - filesystem. The command is - simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, - you need to explicitly call - out to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be considered - failed after having succeeded. - Defaults to 3. Minimum value is - 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the - http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value is - 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after having - failed. Defaults to 1. Must be - 1 for liveness and startup. Minimum - value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times out. - Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes the - maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - type: string - requests: - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, it - defaults to Limits if that is - explicitly specified, otherwise - to an implementation-defined value. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - type: string - securityContext: - description: 'Security options the pod - should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs flag - will be set on the container process. - AllowPrivilegeEscalation is true - always when the container is: - 1) run as Privileged 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to - add/drop when running containers. - Defaults to the default set of - capabilities granted by the container - runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability represent - POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent - POSIX capabilities type - type: string - privileged: - description: Run container in privileged - mode. Processes in privileged - containers are essentially equivalent - to root on the host. Defaults - to false. - type: boolean - procMount: - description: procMount denotes the - type of proc mount to use for - the containers. The default is - DefaultProcMount which uses the - container runtime defaults for - readonly paths and masked paths. - This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the - entrypoint of the container process. - Uses runtime default if unset. - May also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext takes - precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to start - the container if it does. If unset - or false, no such validation will - be performed. May also be set - in PodSecurityContext. If set - in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the - entrypoint of the container process. - Defaults to user specified in - image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext takes - precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext takes - precedence. - type: object - properties: - level: - description: Level is SELinux - level label that applies to - the container. - type: string - role: - description: Role is a SELinux - role label that applies to - the container. - type: string - type: - description: Type is a SELinux - type label that applies to - the container. - type: string - user: - description: User is a SELinux - user label that applies to - the container. - type: string - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options from - the PodSecurityContext will be - used. If set in both SecurityContext - and PodSecurityContext, the value - specified in SecurityContext takes - precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the - GMSA credential spec named - by the GMSACredentialSpecName - field. This field is alpha-level - and is only honored by servers - that enable the WindowsGMSA - feature flag. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. This field is - alpha-level and is only honored - by servers that enable the - WindowsGMSA feature flag. - type: string - runAsUserName: - description: The UserName in - Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. This field - is alpha-level and it is only - honored by servers that enable - the WindowsRunAsUserName feature - flag. - type: string - startupProbe: - description: 'StartupProbe indicates - that the Pod has successfully initialized. - If specified, no other probes are - executed until this completes successfully. - If this probe fails, the Pod will - be restarted, just as if the livenessProbe - failed. This can be used to provide - different probe parameters at the - beginning of a Pod''s lifecycle, when - it might take a long time to load - data or warm a cache, than during - steady-state operation. This cannot - be updated. This is an alpha feature - enabled by the StartupProbe feature - flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of - the following should be specified. - Exec specifies the action to take. - type: object - properties: - command: - description: Command is the - command line to execute inside - the container, the working - directory for the command is - root ('/') in the container's - filesystem. The command is - simply exec'd, it is not run - inside a shell, so traditional - shell instructions ('|', etc) - won't work. To use a shell, - you need to explicitly call - out to that shell. Exit status - of 0 is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be considered - failed after having succeeded. - Defaults to 3. Minimum value is - 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the - http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect - to, defaults to the pod IP. - You probably want to set "Host" - in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader describes - a custom header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for - connecting to the host. Defaults - to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value is - 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after having - failed. Defaults to 1. Must be - 1 for liveness and startup. Minimum - value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported TODO: - implement a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on the - container. Number must be - in the range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times out. - Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in the - container will always result in EOF. - Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime - should close the stdin channel after - it has been opened by a single attach. - When stdin is true the stdin stream - will remain open across multiple attach - sessions. If stdinOnce is set to true, - stdin is opened on container start, - is empty until the first client attaches - to stdin, and then remains open and - accepts data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads from - stdin will never receive an EOF. Default - is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s filesystem. - Message written is intended to be - brief final status, such as an assertion - failure message. Will be truncated - by the node if greater than 4096 bytes. - The total message length across all - containers will be limited to 12kb. - Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status message - on both success and failure. FallbackToLogsOnError - will use the last chunk of container - log output if the termination message - file is empty and the container exited - with an error. The log output is limited - to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot - be updated. - type: string - tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list - of block devices to be used by the - container. This is a beta feature. - type: array - items: - description: volumeDevice describes - a mapping of a raw block device - within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. - type: string - name: - description: name must match the - name of a persistentVolumeClaim - in the pod - type: string - volumeMounts: - description: Pod volumes to mount into - the container's filesystem. Cannot - be updated. - type: array - items: - description: VolumeMount describes - a mounting of a Volume within a - container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container - at which the volume should be - mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation - determines how mounts are propagated - from the host to container and - the other way around. When not - set, MountPropagationNone is - used. This field is beta in - 1.10. - type: string - name: - description: This must match the - Name of a Volume. - type: string - readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. - type: boolean - subPath: - description: Path within the volume - from which the container's volume - should be mounted. Defaults - to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the container's - volume should be mounted. Behaves - similarly to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. - This field is beta in 1.15. - type: string - workingDir: - description: Container's working directory. - If not specified, the container runtime's - default will be used, which might - be configured in the container image. - Cannot be updated. - type: string - nodeName: - description: NodeName is a request to schedule - this pod onto a specific node. If it is - non-empty, the scheduler simply schedules - this pod onto that node, assuming that it - fits resource requirements. - type: string - nodeSelector: - description: 'NodeSelector is a selector which - must be true for the pod to fit on a node. - Selector which must match a node''s labels - for the pod to be scheduled on that node. - More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - overhead: - description: 'Overhead represents the resource - overhead associated with running a pod for - a given RuntimeClass. This field will be - autopopulated at admission time by the RuntimeClass - admission controller. If the RuntimeClass - admission controller is enabled, overhead - must not be set in Pod create requests. - The RuntimeClass admission controller will - reject Pod create requests which have the - overhead already set. If RuntimeClass is - configured and selected in the PodSpec, - Overhead will be set to the value defined - in the corresponding RuntimeClass, otherwise - it will remain unset and treated as zero. - More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md - This field is alpha-level as of Kubernetes - v1.16, and is only honored by servers that - enable the PodOverhead feature.' - type: object - additionalProperties: - type: string - preemptionPolicy: - description: PreemptionPolicy is the Policy - for preempting pods with lower priority. - One of Never, PreemptLowerPriority. Defaults - to PreemptLowerPriority if unset. This field - is alpha-level and is only honored by servers - that enable the NonPreemptingPriority feature. - type: string - priority: - description: The priority value. Various system - components use this field to find the priority - of the pod. When Priority Admission Controller - is enabled, it prevents users from setting - this field. The admission controller populates - this field from PriorityClassName. The higher - the value, the higher the priority. - type: integer - format: int32 - priorityClassName: - description: If specified, indicates the pod's - priority. "system-node-critical" and "system-cluster-critical" - are two special keywords which indicate - the highest priorities with the former being - the highest priority. Any other name must - be defined by creating a PriorityClass object - with that name. If not specified, the pod - priority will be default or zero if there - is no default. - type: string - readinessGates: - description: 'If specified, all readiness - gates will be evaluated for pod readiness. - A pod is ready when all its containers are - ready AND all conditions specified in the - readiness gates have status equal to "True" - More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' - type: array - items: - description: PodReadinessGate contains the - reference to a pod condition - type: object - required: - - conditionType - properties: - conditionType: - description: ConditionType refers to - a condition in the pod's condition - list with matching type. - type: string - restartPolicy: - description: 'Restart policy for all containers - within the pod. One of Always, OnFailure, - Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' - type: string - runtimeClassName: - description: 'RuntimeClassName refers to a - RuntimeClass object in the node.k8s.io group, - which should be used to run this pod. If - no RuntimeClass resource matches the named - class, the pod will not be run. If unset - or empty, the "legacy" RuntimeClass will - be used, which is an implicit class with - an empty definition that uses the default - runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is a beta feature as of Kubernetes - v1.14.' - type: string - schedulerName: - description: If specified, the pod will be - dispatched by specified scheduler. If not - specified, the pod will be dispatched by - default scheduler. - type: string - securityContext: - description: 'SecurityContext holds pod-level - security attributes and common container - settings. Optional: Defaults to empty. See - type description for default values of each - field.' - type: object - properties: - fsGroup: - description: "A special supplemental group - that applies to all containers in a - pod. Some volume types allow the Kubelet - to change the ownership of that volume - to be owned by the pod: \n 1. The owning - GID will be the FSGroup 2. The setgid - bit is set (new files created in the - volume will be owned by FSGroup) 3. - The permission bits are OR'd with rw-rw---- - \n If unset, the Kubelet will not modify - the ownership and permissions of any - volume." - type: integer - format: int64 - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set in - SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence - for that container. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does not - run as UID 0 (root) and fail to start - the container if it does. If unset or - false, no such validation will be performed. - May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults to - user specified in image metadata if - unspecified. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context to be - applied to all containers. If unspecified, - the container runtime will allocate - a random SELinux context for each container. May - also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - type: object - properties: - level: - description: Level is SELinux level - label that applies to the container. - type: string - role: - description: Role is a SELinux role - label that applies to the container. - type: string - type: - description: Type is a SELinux type - label that applies to the container. - type: string - user: - description: User is a SELinux user - label that applies to the container. - type: string - supplementalGroups: - description: A list of groups applied - to the first process run in each container, - in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. - type: array - items: - type: integer - format: int64 - sysctls: - description: Sysctls hold a list of namespaced - sysctls used for the pod. Pods with - unsupported sysctls (by the container - runtime) might fail to launch. - type: array - items: - description: Sysctl defines a kernel - parameter to be set - type: object - required: - - name - - value - properties: - name: - description: Name of a property - to set - type: string - value: - description: Value of a property - to set - type: string - windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options within a container's SecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is - where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. This field is alpha-level - and is only honored by servers that - enable the WindowsGMSA feature flag. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. This field is alpha-level - and is only honored by servers that - enable the WindowsGMSA feature flag. - type: string - runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext and - PodSecurityContext, the value specified - in SecurityContext takes precedence. - This field is alpha-level and it - is only honored by servers that - enable the WindowsRunAsUserName - feature flag. - type: string - serviceAccount: - description: 'DeprecatedServiceAccount is - a depreciated alias for ServiceAccountName. - Deprecated: Use serviceAccountName instead.' - type: string - serviceAccountName: - description: 'ServiceAccountName is the name - of the ServiceAccount to use to run this - pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - shareProcessNamespace: - description: 'Share a single process namespace - between all of the containers in a pod. - When this is set containers will be able - to view and signal processes from other - containers in the same pod, and the first - process in each container will not be assigned - PID 1. HostPID and ShareProcessNamespace - cannot both be set. Optional: Default to - false. This field is beta-level and may - be disabled with the PodShareProcessNamespace - feature.' - type: boolean - subdomain: - description: If specified, the fully qualified - Pod hostname will be "...svc.". If not - specified, the pod will not have a domainname - at all. - type: string - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully. May - be decreased in delete request. Value must - be non-negative integer. The value zero - indicates delete immediately. If this value - is nil, the default grace period will be - used instead. The grace period is the duration - in seconds after the processes running in - the pod are sent a termination signal and - the time when the processes are forcibly - halted with a kill signal. Set this value - longer than the expected cleanup time for - your process. Defaults to 30 seconds. - type: integer - format: int64 - tolerations: - description: If specified, the pod's tolerations. - type: array - items: - description: The pod this Toleration is - attached to tolerates any taint that matches - the triple using the - matching operator . - type: object - properties: - effect: - description: Effect indicates the taint - effect to match. Empty means match - all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key that - the toleration applies to. Empty means - match all taint keys. If the key is - empty, operator must be Exists; this - combination means to match all values - and all keys. - type: string - operator: - description: Operator represents a key's - relationship to the value. Valid operators - are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard - for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) tolerates - the taint. By default, it is not set, - which means tolerate the taint forever - (do not evict). Zero and negative - values will be treated as 0 (evict - immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. - type: string - topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across - topology domains. Scheduler will schedule - pods in a way which abides by the constraints. - This field is alpha-level and is only honored - by clusters that enables the EvenPodsSpread - feature. All topologySpreadConstraints are - ANDed. - type: array - items: - description: TopologySpreadConstraint specifies - how to spread matching pods among the - given topology. - type: object - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - properties: - labelSelector: - description: LabelSelector is used to - find matching pods. Pods that match - this label selector are counted to - determine the number of pods in their - corresponding topology domain. - type: object - properties: - matchExpressions: - description: matchExpressions is - a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector - requirement is a selector that - contains values, a key, and - an operator that relates the - key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label - key that the selector applies - to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid operators - are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In or - NotIn, the values array - must be non-empty. If the - operator is Exists or DoesNotExist, - the values array must be - empty. This array is replaced - during a strategic merge - patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map - of {key,value} pairs. A single - {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator is - "In", and the values array contains - only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - maxSkew: - description: 'MaxSkew describes the - degree to which pods may be unevenly - distributed. It''s the maximum permitted - difference between the number of matching - pods in any two topology domains of - a given topology type. For example, - in a 3-zone cluster, MaxSkew is set - to 1, and pods with the same labelSelector - spread as 1/1/0: | zone1 | zone2 | - zone3 | | P | P | | - - if MaxSkew is 1, incoming pod can - only be scheduled to zone3 to become - 1/1/1; scheduling it onto zone1(zone2) - would make the ActualSkew(2-0) on - zone1(zone2) violate MaxSkew(1). - - if MaxSkew is 2, incoming pod can - be scheduled onto any zone. It''s - a required field. Default value is - 1 and 0 is not allowed.' - type: integer - format: int32 - topologyKey: - description: TopologyKey is the key - of node labels. Nodes that have a - label with this key and identical - values are considered to be in the - same topology. We consider each as a "bucket", and try to put - balanced number of pods into each - bucket. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t - satisfy the spread constraint. - DoNotSchedule - (default) tells the scheduler not - to schedule it - ScheduleAnyway tells - the scheduler to still schedule it - It''s considered as "Unsatisfiable" - if and only if placing incoming pod - on any topology violates "MaxSkew". - For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with - the same labelSelector spread as 3/1/1: - | zone1 | zone2 | zone3 | | P P P - | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming - pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can still - be imbalanced, but scheduler won''t - make it *more* imbalanced. It''s a - required field.' - type: string - volumes: - description: 'List of volumes that can be - mounted by containers belonging to the pod. - More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume - in a pod that may be accessed by any container - in the pod. - type: object - required: - - name - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents - an AWS Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type of - the volume that you want to mount. - Tip: Ensure that the filesystem - type is supported by the host - operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - partition: - description: 'The partition in the - volume that you want to mount. - If omitted, the default is to - mount by volume name. Examples: - For volume /dev/sda1, you specify - the partition as "1". Similarly, - the volume partition for /dev/sda - is "0" (or you can leave the property - empty).' - type: integer - format: int32 - readOnly: - description: 'Specify "true" to - force and set the ReadOnly property - in VolumeMounts to "true". If - omitted, the default is "false". - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent - disk resource in AWS (Amazon EBS - volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - azureDisk: - description: AzureDisk represents an - Azure Data Disk mount on the host - and bind mount to the pod. - type: object - required: - - diskName - - diskURI - properties: - cachingMode: - description: 'Host Caching mode: - None, Read Only, Read Write.' - type: string - diskName: - description: The Name of the data - disk in the blob storage - type: string - diskURI: - description: The URI the data disk - in the blob storage - type: string - fsType: - description: Filesystem type to - mount. Must be a filesystem type - supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - kind: - description: 'Expected values Shared: - multiple blob disks per storage - account Dedicated: single blob - disk per storage account Managed: - azure managed data disk (only - in managed availability set). - defaults to shared' - type: string - readOnly: - description: Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts. - type: boolean - azureFile: - description: AzureFile represents an - Azure File Service mount on the host - and bind mount to the pod. - type: object - required: - - secretName - - shareName - properties: - readOnly: - description: Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret - that contains Azure Storage Account - Name and Key - type: string - shareName: - description: Share Name - type: string - cephfs: - description: CephFS represents a Ceph - FS mount on the host that shares a - pod's lifetime - type: object - required: - - monitors - properties: - monitors: - description: 'Required: Monitors - is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: array - items: - type: string - path: - description: 'Optional: Used as - the mounted root, rather than - the full Ceph tree, default is - /' - type: string - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile - is the path to key ring for User, - default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef - is reference to the authentication - secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - user: - description: 'Optional: User is - the rados user name, default is - admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - cinder: - description: 'Cinder represents a cinder - volume attached and mounted on kubelets - host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type to - mount. Must be a filesystem type - supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to - be "ext4" if unspecified. More - info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly setting - in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to - a secret object containing parameters - used to connect to OpenStack.' - type: object - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - volumeID: - description: 'volume id used to - identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - configMap: - description: ConfigMap represents a - configMap that should populate this - volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a value between 0 and - 0777. Defaults to 0644. Directories - within the path are not affected - by this setting. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can be - other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each - key-value pair in the Data field - of the referenced ConfigMap will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, - the listed keys will be projected - into the specified paths, and - unlisted keys will not be present. - If a key is specified which is - not present in the ConfigMap, - the volume setup will error unless - it is marked optional. Paths must - be relative and may not contain - the '..' path or start with '..'. - type: array - items: - description: Maps a string key - to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode - bits to use on this file, - must be a value between - 0 and 0777. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative - path of the file to map - the key to. May not be an - absolute path. May not contain - the path element '..'. May - not start with the string - '..'. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - ConfigMap or its keys must be - defined - type: boolean - csi: - description: CSI (Container Storage - Interface) represents storage that - is handled by an external CSI driver - (Alpha feature). - type: object - required: - - driver - properties: - driver: - description: Driver is the name - of the CSI driver that handles - this volume. Consult with your - admin for the correct name as - registered in the cluster. - type: string - fsType: - description: Filesystem type to - mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value - is passed to the associated CSI - driver which will determine the - default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef - is a reference to the secret object - containing sensitive information - to pass to the CSI driver to complete - the CSI NodePublishVolume and - NodeUnpublishVolume calls. This - field is optional, and may be - empty if no secret is required. - If the secret object contains - more than one secret, all secret - references are passed. - type: object - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - readOnly: - description: Specifies a read-only - configuration for the volume. - Defaults to false (read/write). - type: boolean - volumeAttributes: - description: VolumeAttributes stores - driver-specific properties that - are passed to the CSI driver. - Consult your driver's documentation - for supported values. - type: object - additionalProperties: - type: string - downwardAPI: - description: DownwardAPI represents - downward API about the pod that should - populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a value between 0 and - 0777. Defaults to 0644. Directories - within the path are not affected - by this setting. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can be - other mode bits set.' - type: integer - format: int32 - items: - description: Items is a list of - downward API volume file - type: array - items: - description: DownwardAPIVolumeFile - represents information to create - the file containing the pod - field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects - a field of the pod: only - annotations, labels, name - and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of - the schema the FieldPath - is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the - field to select in the - specified API version. - type: string - mode: - description: 'Optional: mode - bits to use on this file, - must be a value between - 0 and 0777. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path - is the relative path name - of the file to be created. - Must not be absolute or - contain the ''..'' path. - Must be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource - of the container: only resources - limits and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies - the output format of - the exposed resources, - defaults to "1" - type: string - resource: - description: 'Required: - resource to select' - type: string - emptyDir: - description: 'EmptyDir represents a - temporary directory that shares a - pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: object - properties: - medium: - description: 'What type of storage - medium should back this directory. - The default is "" which means - to use the node''s default medium. - Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local - storage required for this EmptyDir - volume. The size limit is also - applicable for memory medium. - The maximum usage on memory medium - EmptyDir would be the minimum - value between the SizeLimit specified - here and the sum of memory limits - of all containers in a pod. The - default is nil which means that - the limit is undefined. More info: - http://kubernetes.io/docs/user-guide/volumes#emptydir' - type: string - fc: - description: FC represents a Fibre Channel - resource that is attached to a kubelet's - host machine and then exposed to the - pod. - type: object - properties: - fsType: - description: 'Filesystem type to - mount. Must be a filesystem type - supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. TODO: how do we - prevent errors in the filesystem - from compromising the machine' - type: string - lun: - description: 'Optional: FC target - lun number' - type: integer - format: int32 - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly setting - in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target - worldwide names (WWNs)' - type: array - items: - type: string - wwids: - description: 'Optional: FC volume - world wide identifiers (wwids) - Either wwids or combination of - targetWWNs and lun must be set, - but not both simultaneously.' - type: array - items: - type: string - flexVolume: - description: FlexVolume represents a - generic volume resource that is provisioned/attached - using an exec based plugin. - type: object - required: - - driver - properties: - driver: - description: Driver is the name - of the driver to use for this - volume. - type: string - fsType: - description: Filesystem type to - mount. Must be a filesystem type - supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends - on FlexVolume script. - type: string - options: - description: 'Optional: Extra command - options if any.' - type: object - additionalProperties: - type: string - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly setting - in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef - is reference to the secret object - containing sensitive information - to pass to the plugin scripts. - This may be empty if no secret - object is specified. If the secret - object contains more than one - secret, all secrets are passed - to the plugin scripts.' - type: object - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - flocker: - description: Flocker represents a Flocker - volume attached to a kubelet's host - machine. This depends on the Flocker - control service being running - type: object - properties: - datasetName: - description: Name of the dataset - stored as metadata -> name on - the dataset for Flocker should - be considered as deprecated - type: string - datasetUUID: - description: UUID of the dataset. - This is unique identifier of a - Flocker dataset - type: string - gcePersistentDisk: - description: 'GCEPersistentDisk represents - a GCE Disk resource that is attached - to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: object - required: - - pdName - properties: - fsType: - description: 'Filesystem type of - the volume that you want to mount. - Tip: Ensure that the filesystem - type is supported by the host - operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - partition: - description: 'The partition in the - volume that you want to mount. - If omitted, the default is to - mount by volume name. Examples: - For volume /dev/sda1, you specify - the partition as "1". Similarly, - the volume partition for /dev/sda - is "0" (or you can leave the property - empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: integer - format: int32 - pdName: - description: 'Unique name of the - PD resource in GCE. Used to identify - the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - gitRepo: - description: 'GitRepo represents a git - repository at a particular revision. - DEPRECATED: GitRepo is deprecated. - To provision a container with a git - repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then - mount the EmptyDir into the Pod''s - container.' - type: object - required: - - repository - properties: - directory: - description: Target directory name. - Must not contain or start with - '..'. If '.' is supplied, the - volume directory will be the git - repository. Otherwise, if specified, - the volume will contain the git - repository in the subdirectory - with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the - specified revision. - type: string - glusterfs: - description: 'Glusterfs represents a - Glusterfs mount on the host that shares - a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - type: object - required: - - endpoints - - path - properties: - endpoints: - description: 'EndpointsName is the - endpoint name that details Glusterfs - topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will - force the Glusterfs volume to - be mounted with read-only permissions. - Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - hostPath: - description: 'HostPath represents a - pre-existing file or directory on - the host machine that is directly - exposed to the container. This is - generally used for system agents or - other privileged things that are allowed - to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts - and who can/can not mount host directories - as read/write.' - type: object - required: - - path - properties: - path: - description: 'Path of the directory - on the host. If the path is a - symlink, it will follow the link - to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath - Volume Defaults to "" More info: - https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - iscsi: - description: 'ISCSI represents an ISCSI - Disk resource that is attached to - a kubelet''s host machine and then - exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - type: object - required: - - iqn - - lun - - targetPortal - properties: - chapAuthDiscovery: - description: whether support iSCSI - Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI - Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of - the volume that you want to mount. - Tip: Ensure that the filesystem - type is supported by the host - operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More - info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator - Name. If initiatorName is specified - with iscsiInterface simultaneously, - new iSCSI interface : will be created for the - connection. - type: string - iqn: - description: Target iSCSI Qualified - Name. - type: string - iscsiInterface: - description: iSCSI Interface Name - that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - type: integer - format: int32 - portals: - description: iSCSI Target Portal - List. The portal is either an - IP or ip_addr:port if the port - is other than default (typically - TCP ports 860 and 3260). - type: array - items: - type: string - readOnly: - description: ReadOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI - target and initiator authentication - type: object - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - targetPortal: - description: iSCSI Target Portal. - The Portal is either an IP or - ip_addr:port if the port is other - than default (typically TCP ports - 860 and 3260). - type: string - name: - description: 'Volume''s name. Must be - a DNS_LABEL and unique within the - pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS - mount on the host that shares a pod''s - lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: object - required: - - path - - server - properties: - path: - description: 'Path that is exported - by the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will - force the NFS export to be mounted - with read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname - or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: object - required: - - claimName - properties: - claimName: - description: 'ClaimName is the name - of a PersistentVolumeClaim in - the same namespace as the pod - using this volume. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly - setting in VolumeMounts. Default - false. - type: boolean - photonPersistentDisk: - description: PhotonPersistentDisk represents - a PhotonController persistent disk - attached and mounted on kubelets host - machine - type: object - required: - - pdID - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem type - supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - pdID: - description: ID that identifies - Photon Controller persistent disk - type: string - portworxVolume: - description: PortworxVolume represents - a portworx volume attached and mounted - on kubelets host machine - type: object - required: - - volumeID - properties: - fsType: - description: FSType represents the - filesystem type to mount Must - be a filesystem type supported - by the host operating system. - Ex. "ext4", "xfs". Implicitly - inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies - a Portworx volume - type: string - projected: - description: Items for all in one resources - secrets, configmaps, and downward - API - type: object - required: - - sources - properties: - defaultMode: - description: Mode bits to use on - created files by default. Must - be a value between 0 and 0777. - Directories within the path are - not affected by this setting. - This might be in conflict with - other options that affect the - file mode, like fsGroup, and the - result can be other mode bits - set. - type: integer - format: int32 - sources: - description: list of volume projections - type: array - items: - description: Projection that may - be projected along with other - supported volume types - type: object - properties: - configMap: - description: information about - the configMap data to project - type: object - properties: - items: - description: If unspecified, - each key-value pair - in the Data field of - the referenced ConfigMap - will be projected into - the volume as a file - whose name is the key - and content is the value. - If specified, the listed - keys will be projected - into the specified paths, - and unlisted keys will - not be present. If a - key is specified which - is not present in the - ConfigMap, the volume - setup will error unless - it is marked optional. - Paths must be relative - and may not contain - the '..' path or start - with '..'. - type: array - items: - description: Maps a - string key to a path - within a volume. - type: object - required: - - key - - path - properties: - key: - description: The - key to project. - type: string - mode: - description: 'Optional: - mode bits to use - on this file, - must be a value - between 0 and - 0777. If not specified, - the volume defaultMode - will be used. - This might be - in conflict with - other options - that affect the - file mode, like - fsGroup, and the - result can be - other mode bits - set.' - type: integer - format: int32 - path: - description: The - relative path - of the file to - map the key to. - May not be an - absolute path. - May not contain - the path element - '..'. May not - start with the - string '..'. - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether - the ConfigMap or its - keys must be defined - type: boolean - downwardAPI: - description: information about - the downwardAPI data to - project - type: object - properties: - items: - description: Items is - a list of DownwardAPIVolume - file - type: array - items: - description: DownwardAPIVolumeFile - represents information - to create the file - containing the pod - field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: - Selects a field - of the pod: only - annotations, labels, - name and namespace - are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema - the FieldPath - is written - in terms of, - defaults to - "v1". - type: string - fieldPath: - description: Path - of the field - to select - in the specified - API version. - type: string - mode: - description: 'Optional: - mode bits to use - on this file, - must be a value - between 0 and - 0777. If not specified, - the volume defaultMode - will be used. - This might be - in conflict with - other options - that affect the - file mode, like - fsGroup, and the - result can be - other mode bits - set.' - type: integer - format: int32 - path: - description: 'Required: - Path is the relative - path name of the - file to be created. - Must not be absolute - or contain the - ''..'' path. Must - be utf-8 encoded. - The first item - of the relative - path must not - start with ''..''' - type: string - resourceFieldRef: - description: 'Selects - a resource of - the container: - only resources - limits and requests - (limits.cpu, limits.memory, - requests.cpu and - requests.memory) - are currently - supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required - for volumes, - optional for - env vars' - type: string - divisor: - description: Specifies - the output - format of - the exposed - resources, - defaults to - "1" - type: string - resource: - description: 'Required: - resource to - select' - type: string - secret: - description: information about - the secret data to project - type: object - properties: - items: - description: If unspecified, - each key-value pair - in the Data field of - the referenced Secret - will be projected into - the volume as a file - whose name is the key - and content is the value. - If specified, the listed - keys will be projected - into the specified paths, - and unlisted keys will - not be present. If a - key is specified which - is not present in the - Secret, the volume setup - will error unless it - is marked optional. - Paths must be relative - and may not contain - the '..' path or start - with '..'. - type: array - items: - description: Maps a - string key to a path - within a volume. - type: object - required: - - key - - path - properties: - key: - description: The - key to project. - type: string - mode: - description: 'Optional: - mode bits to use - on this file, - must be a value - between 0 and - 0777. If not specified, - the volume defaultMode - will be used. - This might be - in conflict with - other options - that affect the - file mode, like - fsGroup, and the - result can be - other mode bits - set.' - type: integer - format: int32 - path: - description: The - relative path - of the file to - map the key to. - May not be an - absolute path. - May not contain - the path element - '..'. May not - start with the - string '..'. - type: string - name: - description: 'Name of - the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether - the Secret or its key - must be defined - type: boolean - serviceAccountToken: - description: information about - the serviceAccountToken - data to project - type: object - required: - - path - properties: - audience: - description: Audience - is the intended audience - of the token. A recipient - of a token must identify - itself with an identifier - specified in the audience - of the token, and otherwise - should reject the token. - The audience defaults - to the identifier of - the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds - is the requested duration - of validity of the service - account token. As the - token approaches expiration, - the kubelet volume plugin - will proactively rotate - the service account - token. The kubelet will - start trying to rotate - the token if the token - is older than 80 percent - of its time to live - or if the token is older - than 24 hours.Defaults - to 1 hour and must be - at least 10 minutes. - type: integer - format: int64 - path: - description: Path is the - path relative to the - mount point of the file - to project the token - into. - type: string - quobyte: - description: Quobyte represents a Quobyte - mount on the host that shares a pod's - lifetime - type: object - required: - - registry - - volume - properties: - group: - description: Group to map volume - access to Default is no group - type: string - readOnly: - description: ReadOnly here will - force the Quobyte volume to be - mounted with read-only permissions. - Defaults to false. - type: boolean - registry: - description: Registry represents - a single or multiple Quobyte Registry - services specified as a string - as host:port pair (multiple entries - are separated with commas) which - acts as the central registry for - volumes - type: string - tenant: - description: Tenant owning the given - Quobyte volume in the Backend - Used with dynamically provisioned - Quobyte volumes, value is set - by the plugin - type: string - user: - description: User to map volume - access to Defaults to serivceaccount - user - type: string - volume: - description: Volume is a string - that references an already created - Quobyte volume by name. - type: string - rbd: - description: 'RBD represents a Rados - Block Device mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' - type: object - required: - - image - - monitors - properties: - fsType: - description: 'Filesystem type of - the volume that you want to mount. - Tip: Ensure that the filesystem - type is supported by the host - operating system. Examples: "ext4", - "xfs", "ntfs". Implicitly inferred - to be "ext4" if unspecified. More - info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - image: - description: 'The rados image name. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path - to key ring for RBDUser. Default - is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph - monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: array - items: - type: string - pool: - description: 'The rados pool name. - Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name - of the authentication secret for - RBDUser. If provided overrides - keyring. Default is nil. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - user: - description: 'The rados user name. - Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - scaleIO: - description: ScaleIO represents a ScaleIO - persistent volume attached and mounted - on Kubernetes nodes. - type: object - required: - - gateway - - secretRef - - system - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem type - supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". - type: string - gateway: - description: The host address of - the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO - Protection Domain for the configured - storage. - type: string - readOnly: - description: Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references - to the secret for ScaleIO user - and other sensitive information. - If this is not provided, Login - operation will fail. - type: object - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - sslEnabled: - description: Flag to enable/disable - SSL communication with Gateway, - default false - type: boolean - storageMode: - description: Indicates whether the - storage for a volume should be - ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage - Pool associated with the protection - domain. - type: string - system: - description: The name of the storage - system as configured in ScaleIO. - type: string - volumeName: - description: The name of a volume - already created in the ScaleIO - system that is associated with - this volume source. - type: string - secret: - description: 'Secret represents a secret - that should populate this volume. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a value between 0 and - 0777. Defaults to 0644. Directories - within the path are not affected - by this setting. This might be - in conflict with other options - that affect the file mode, like - fsGroup, and the result can be - other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each - key-value pair in the Data field - of the referenced Secret will - be projected into the volume as - a file whose name is the key and - content is the value. If specified, - the listed keys will be projected - into the specified paths, and - unlisted keys will not be present. - If a key is specified which is - not present in the Secret, the - volume setup will error unless - it is marked optional. Paths must - be relative and may not contain - the '..' path or start with '..'. - type: array - items: - description: Maps a string key - to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode - bits to use on this file, - must be a value between - 0 and 0777. If not specified, - the volume defaultMode will - be used. This might be in - conflict with other options - that affect the file mode, - like fsGroup, and the result - can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative - path of the file to map - the key to. May not be an - absolute path. May not contain - the path element '..'. May - not start with the string - '..'. - type: string - optional: - description: Specify whether the - Secret or its keys must be defined - type: boolean - secretName: - description: 'Name of the secret - in the pod''s namespace to use. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - storageos: - description: StorageOS represents a - StorageOS volume attached and mounted - on Kubernetes nodes. - type: object - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem type - supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). - ReadOnly here will force the ReadOnly - setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies - the secret to use for obtaining - the StorageOS API credentials. If - not specified, default values - will be attempted. - type: object - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - volumeName: - description: VolumeName is the human-readable - name of the StorageOS volume. Volume - names are only unique within a - namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies - the scope of the volume within - StorageOS. If no namespace is - specified then the Pod's namespace - will be used. This allows the - Kubernetes name scoping to be - mirrored within StorageOS for - tighter integration. Set VolumeName - to any name to override the default - behaviour. Set to "default" if - you are not using namespaces within - StorageOS. Namespaces that do - not pre-exist within StorageOS - will be created. - type: string - vsphereVolume: - description: VsphereVolume represents - a vSphere volume attached and mounted - on kubelets host machine - type: object - required: - - volumePath - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem type - supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based - Management (SPBM) profile ID associated - with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based - Management (SPBM) profile name. - type: string - volumePath: - description: Path that identifies - vSphere volume vmdk - type: string - permissions: - type: array - items: - description: StrategyDeploymentPermissions describe the rbac - rules and service account needed by the install strategy - type: object - required: - - rules - - serviceAccountName - properties: - rules: - type: array - items: - description: PolicyRule holds information that describes - a policy rule, but does not contain information about - who the rule applies to or which namespace the rule - applies to. - type: object - required: - - verbs - properties: - apiGroups: - description: APIGroups is the name of the APIGroup - that contains the resources. If multiple API - groups are specified, any action requested against - one of the enumerated resources in any API group - will be allowed. - type: array - items: - type: string - nonResourceURLs: - description: NonResourceURLs is a set of partial - urls that a user should have access to. *s are - allowed, but only as the full, final step in the - path Since non-resource URLs are not namespaced, - this field is only applicable for ClusterRoles - referenced from a ClusterRoleBinding. Rules can - either apply to API resources (such as "pods" - or "secrets") or non-resource URL paths (such - as "/api"), but not both. - type: array - items: - type: string - resourceNames: - description: ResourceNames is an optional white - list of names that the rule applies to. An empty - set means that everything is allowed. - type: array - items: - type: string - resources: - description: Resources is a list of resources this - rule applies to. ResourceAll represents all resources. - type: array - items: - type: string - verbs: - description: Verbs is a list of Verbs that apply - to ALL the ResourceKinds and AttributeRestrictions - contained in this rule. VerbAll represents all - kinds. - type: array - items: - type: string - serviceAccountName: - type: string - strategy: - type: string - installModes: - description: InstallModes specify supported installation types - type: array - items: - description: InstallMode associates an InstallModeType with a flag - representing if the CSV supports it - type: object - required: - - supported - - type - properties: - supported: - type: boolean - type: - description: InstallModeType is a supported type of install mode - for CSV installation - type: string - keywords: - type: array - items: - type: string - labels: - description: Map of string keys and values that can be used to organize - and categorize (scope and select) objects. - type: object - additionalProperties: - type: string - links: - type: array - items: - type: object - properties: - name: - type: string - url: - type: string - maintainers: - type: array - items: - type: object - properties: - email: - type: string - name: - type: string - maturity: - type: string - minKubeVersion: - type: string - nativeAPIs: - type: array - items: - description: GroupVersionKind unambiguously identifies a kind. It - doesn't anonymously include GroupVersion to avoid automatic coersion. It - doesn't use a GroupVersion to avoid custom marshalling - type: object - required: - - group - - kind - - version - properties: - group: - type: string - kind: - type: string - version: - type: string - provider: - type: object - properties: - name: - type: string - url: - type: string - replaces: - description: The name of a CSV this one replaces. Should match the `metadata.Name` - field of the old CSV. - type: string - selector: - description: Label selector for related resources. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - version: - description: OperatorVersion is a wrapper around semver.Version which - supports correct marshaling to YAML and JSON. - type: string - status: - description: ClusterServiceVersionStatus represents information about the - status of a pod. Status may trail the actual state of a system. - type: object - properties: - certsLastUpdated: - description: Last time the owned APIService certs were updated - type: string - format: date-time - certsRotateAt: - description: Time the owned APIService certs will rotate next - type: string - format: date-time - conditions: - description: List of conditions, a history of state transitions - type: array - items: - description: Conditions appear in the status as a record of state - transitions on the ClusterServiceVersion - type: object - properties: - lastTransitionTime: - description: Last time the status transitioned from one status - to another. - type: string - format: date-time - lastUpdateTime: - description: Last time we updated the status - type: string - format: date-time - message: - description: A human readable message indicating details about - why the ClusterServiceVersion is in this condition. - type: string - phase: - description: Condition of the ClusterServiceVersion - type: string - reason: - description: A brief CamelCase message indicating details about - why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' - type: string - lastTransitionTime: - description: Last time the status transitioned from one status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time we updated the status - type: string - format: date-time - message: - description: A human readable message indicating details about why the - ClusterServiceVersion is in this condition. - type: string - phase: - description: Current condition of the ClusterServiceVersion - type: string - reason: - description: A brief CamelCase message indicating details about why - the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' - type: string - requirementStatus: - description: The status of each requirement for this CSV - type: array - items: - type: object - required: - - group - - kind - - message - - name - - status - - version - properties: - dependents: - type: array - items: - description: DependentStatus is the status for a dependent requirement - (to prevent infinite nesting) - type: object - required: - - group - - kind - - status - - version - properties: - group: - type: string - kind: - type: string - message: - type: string - status: - description: StatusReason is a camelcased reason for the - status of a RequirementStatus or DependentStatus - type: string - uuid: - type: string - version: - type: string - group: - type: string - kind: - type: string - message: - type: string - name: - type: string - status: - description: StatusReason is a camelcased reason for the status - of a RequirementStatus or DependentStatus - type: string - uuid: - type: string - version: - type: string diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_04-installplan.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_04-installplan.crd.yaml deleted file mode 100644 index 8aa1e9534d..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_04-installplan.crd.yaml +++ /dev/null @@ -1,288 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_04-installplan.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: installplans.operators.coreos.com - annotations: - displayName: Install Plan - description: Represents a plan to install and resolve dependencies for Cluster - Services -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: installplans - singular: installplan - kind: InstallPlan - listKind: InstallPlanList - shortNames: - - ip - categories: - - olm - additionalPrinterColumns: - - name: CSV - type: string - description: The first CSV in the list of clusterServiceVersionNames - JSONPath: .spec.clusterServiceVersionNames[0] - - name: Approval - type: string - description: The approval mode - JSONPath: .spec.approval - - name: Approved - type: boolean - JSONPath: .spec.approved - preserveUnknownFields: false - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: InstallPlan defines the installation of a set of operators. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: InstallPlanSpec defines a set of Application resources to be - installed - type: object - required: - - approval - - approved - - clusterServiceVersionNames - properties: - approval: - description: Approval is the user approval policy for an InstallPlan. - type: string - approved: - type: boolean - clusterServiceVersionNames: - type: array - items: - type: string - source: - type: string - sourceNamespace: - type: string - status: - description: "InstallPlanStatus represents the information about the status - of steps required to complete installation. \n Status may trail the actual - state of a system." - type: object - required: - - catalogSources - - phase - properties: - attenuatedServiceAccountRef: - description: AttenuatedServiceAccountRef references the service account - that is used to do scoped operator install. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an - entire object, this string should contain a valid JSON/Go field - access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen only - to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change - in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is - made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - bundleLookups: - type: array - items: - type: object - required: - - catalogSourceRef - - path - - replaces - properties: - catalogSourceRef: - description: ObjectReference contains enough information to let - you inspect or modify the referred object. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part - of an object. TODO: this design is not final and this field - is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - conditions: - type: array - items: - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: Last time the condition transitioned from one - status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time the condition was probed - type: string - format: date-time - message: - description: A human readable message indicating details - about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, - Unknown. - type: string - type: - description: Type of condition. - type: string - path: - type: string - replaces: - type: string - catalogSources: - type: array - items: - type: string - conditions: - type: array - items: - description: InstallPlanCondition represents the overall status of - the execution of an InstallPlan. - type: object - properties: - lastTransitionTime: - type: string - format: date-time - lastUpdateTime: - type: string - format: date-time - message: - type: string - reason: - description: ConditionReason is a camelcased reason for the state - transition. - type: string - status: - type: string - type: - description: InstallPlanConditionType describes the state of an - InstallPlan at a certain point as a whole. - type: string - phase: - description: InstallPlanPhase is the current status of a InstallPlan - as a whole. - type: string - plan: - type: array - items: - description: Step represents the status of an individual step in an - InstallPlan. - type: object - required: - - resolving - - resource - - status - properties: - resolving: - type: string - resource: - description: StepResource represents the status of a resource - to be tracked by an InstallPlan. - type: object - required: - - group - - kind - - name - - sourceName - - sourceNamespace - - version - properties: - group: - type: string - kind: - type: string - manifest: - type: string - name: - type: string - sourceName: - type: string - sourceNamespace: - type: string - version: - type: string - status: - description: StepStatus is the current status of a particular - resource an in InstallPlan - type: string diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_05-subscription.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_05-subscription.crd.yaml deleted file mode 100644 index e7ba809143..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_05-subscription.crd.yaml +++ /dev/null @@ -1,1780 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_05-subscription.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.operators.coreos.com - annotations: - displayName: Subscription - description: Subscribes service catalog to a source and channel to recieve updates - for packages. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: subscriptions - singular: subscription - kind: Subscription - listKind: SubscriptionList - shortNames: - - sub - - subs - categories: - - olm - additionalPrinterColumns: - - name: Package - type: string - description: The package subscribed to - JSONPath: .spec.name - - name: Source - type: string - description: The catalog source for the specified package - JSONPath: .spec.source - - name: Channel - type: string - description: The channel of updates to subscribe to - JSONPath: .spec.channel - preserveUnknownFields: false - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: Subscription keeps operators up to date by tracking changes to - Catalogs. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: SubscriptionSpec defines an Application that can be installed - type: object - required: - - name - - source - - sourceNamespace - properties: - channel: - type: string - config: - description: SubscriptionConfig contains configuration specified for - a subscription. - type: object - properties: - env: - description: Env is a list of environment variables to set in the - container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present - in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a variable - cannot be resolved, the reference in the input string will - be unchanged. The $(VAR_NAME) syntax can be escaped with - a double $$, ie: $$(VAR_NAME). Escaped references will never - be expanded, regardless of whether the variable exists or - not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is - written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified - API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed - resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - envFrom: - description: EnvFrom is a list of sources to populate environment - variables in the container. The keys defined within a source must - be a C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take precedence. - Values defined by an Env with a duplicate key will take precedence. - Immutable. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - nodeSelector: - description: 'NodeSelector is a selector which must be true for - the pod to fit on a node. Selector which must match a node''s - labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - resources: - description: 'Resources represents compute resources required by - this container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - type: string - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - type: string - selector: - description: Selector is the label selector for pods to be configured. - Existing ReplicaSets whose pods are selected by this will be the - ones affected by this deployment. It must match the pod template's - labels. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - tolerations: - description: Tolerations are the pod's tolerations. - type: array - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - type: object - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - volumeMounts: - description: List of VolumeMounts to set in the container. - type: array - items: - description: VolumeMount describes a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated - from the host to container and the other way around. When - not set, MountPropagationNone is used. This field is beta - in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the - container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. This field is beta in 1.15. - type: string - volumes: - description: List of Volumes to set in the podSpec. - type: array - items: - description: Volume represents a named volume in a pod that may - be accessed by any container in the pod. - type: object - required: - - name - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk - resource that is attached to a kubelet''s host machine and - then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty).' - type: integer - format: int32 - readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the - default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - azureDisk: - description: AzureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. - type: object - required: - - diskName - - diskURI - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read - Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob disks - per storage account Dedicated: single blob disk per - storage account Managed: azure managed data disk (only - in managed availability set). defaults to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - azureFile: - description: AzureFile represents an Azure File Service mount - on the host and bind mount to the pod. - type: object - required: - - secretName - - shareName - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure Storage - Account Name and Key - type: string - shareName: - description: Share Name - type: string - cephfs: - description: CephFS represents a Ceph FS mount on the host - that shares a pod's lifetime - type: object - required: - - monitors - properties: - monitors: - description: 'Required: Monitors is a collection of Ceph - monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: array - items: - type: string - path: - description: 'Optional: Used as the mounted root, rather - than the full Ceph tree, default is /' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key - ring for User, default is /etc/ceph/user.secret More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef is reference to the - authentication secret for User, default is empty. More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - user: - description: 'Optional: User is the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - cinder: - description: 'Cinder represents a cinder volume attached and - mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - volumeID: - description: 'volume id used to identify the volume in - cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - configMap: - description: ConfigMap represents a configMap that should - populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in the - Data field of the referenced ConfigMap will be projected - into the volume as a file whose name is the key and - content is the value. If specified, the listed keys - will be projected into the specified paths, and unlisted - keys will not be present. If a key is specified which - is not present in the ConfigMap, the volume setup will - error unless it is marked optional. Paths must be relative - and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys - must be defined - type: boolean - csi: - description: CSI (Container Storage Interface) represents - storage that is handled by an external CSI driver (Alpha - feature). - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the CSI driver that - handles this volume. Consult with your admin for the - correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed to - the associated CSI driver which will determine the default - filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the - secret object containing sensitive information to pass - to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the secret - object contains more than one secret, all secret references - are passed. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - readOnly: - description: Specifies a read-only configuration for the - volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - description: VolumeAttributes stores driver-specific properties - that are passed to the CSI driver. Consult your driver's - documentation for supported values. - type: object - additionalProperties: - type: string - downwardAPI: - description: DownwardAPI represents downward API about the - pod that should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - type: integer - format: int32 - items: - description: Items is a list of downward API volume file - type: array - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: - only annotations, labels, name and namespace are - supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path - name of the file to be created. Must not be absolute - or contain the ''..'' path. Must be utf-8 encoded. - The first item of the relative path must not start - with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies the output format of - the exposed resources, defaults to "1" - type: string - resource: - description: 'Required: resource to select' - type: string - emptyDir: - description: 'EmptyDir represents a temporary directory that - shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: object - properties: - medium: - description: 'What type of storage medium should back - this directory. The default is "" which means to use - the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required for - this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all containers - in a pod. The default is nil which means that the limit - is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - type: string - fc: - description: FC represents a Fibre Channel resource that is - attached to a kubelet's host machine and then exposed to - the pod. - type: object - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - lun: - description: 'Optional: FC target lun number' - type: integer - format: int32 - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - type: array - items: - type: string - wwids: - description: 'Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs and - lun must be set, but not both simultaneously.' - type: array - items: - type: string - flexVolume: - description: FlexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the driver to use for - this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. - type: string - options: - description: 'Optional: Extra command options if any.' - type: object - additionalProperties: - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the - secret object containing sensitive information to pass - to the plugin scripts. This may be empty if no secret - object is specified. If the secret object contains more - than one secret, all secrets are passed to the plugin - scripts.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - flocker: - description: Flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - type: object - properties: - datasetName: - description: Name of the dataset stored as metadata -> - name on the dataset for Flocker should be considered - as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset - type: string - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: object - required: - - pdName - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify the - partition as "1". Similarly, the volume partition for - /dev/sda is "0" (or you can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: integer - format: int32 - pdName: - description: 'Unique name of the PD resource in GCE. Used - to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - gitRepo: - description: 'GitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an InitContainer - that clones the repo using git, then mount the EmptyDir - into the Pod''s container.' - type: object - required: - - repository - properties: - directory: - description: Target directory name. Must not contain or - start with '..'. If '.' is supplied, the volume directory - will be the git repository. Otherwise, if specified, - the volume will contain the git repository in the subdirectory - with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the - host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - type: object - required: - - endpoints - - path - properties: - endpoints: - description: 'EndpointsName is the endpoint name that - details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More - info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs volume - to be mounted with read-only permissions. Defaults to - false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - hostPath: - description: 'HostPath represents a pre-existing file or directory - on the host machine that is directly exposed to the container. - This is generally used for system agents or other privileged - things that are allowed to see the host machine. Most containers - will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host directory - mounts and who can/can not mount host directories as read/write.' - type: object - required: - - path - properties: - path: - description: 'Path of the directory on the host. If the - path is a symlink, it will follow the link to the real - path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that - is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - type: object - required: - - iqn - - lun - - targetPortal - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new - iSCSI interface : will be - created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - type: integer - format: int32 - portals: - description: iSCSI Target Portal List. The portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). - type: array - items: - type: string - readOnly: - description: ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator - authentication - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - targetPortal: - description: iSCSI Target Portal. The Portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). - type: string - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that - shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: object - required: - - path - - server - properties: - path: - description: 'Path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export - to be mounted with read-only permissions. Defaults to - false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of - the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: object - required: - - claimName - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host machine - type: object - required: - - pdID - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent - disk - type: string - portworxVolume: - description: PortworxVolume represents a portworx volume attached - and mounted on kubelets host machine - type: object - required: - - volumeID - properties: - fsType: - description: FSType represents the filesystem type to - mount Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx volume - type: string - projected: - description: Items for all in one resources secrets, configmaps, - and downward API - type: object - required: - - sources - properties: - defaultMode: - description: Mode bits to use on created files by default. - Must be a value between 0 and 0777. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the file - mode, like fsGroup, and the result can be other mode - bits set. - type: integer - format: int32 - sources: - description: list of volume projections - type: array - items: - description: Projection that may be projected along - with other supported volume types - type: object - properties: - configMap: - description: information about the configMap data - to project - type: object - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced ConfigMap - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the ConfigMap, the - volume setup will error unless it is marked - optional. Paths must be relative and may not - contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within - a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode bits - set.' - type: integer - format: int32 - path: - description: The relative path of the - file to map the key to. May not be an - absolute path. May not contain the path - element '..'. May not start with the - string '..'. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or - its keys must be defined - type: boolean - downwardAPI: - description: information about the downwardAPI data - to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume - file - type: array - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode bits - set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative - path name of the file to be created. - Must not be absolute or contain the - ''..'' path. Must be utf-8 encoded. - The first item of the relative path - must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the - container: only resources limits and - requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) are - currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required - for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output - format of the exposed resources, - defaults to "1" - type: string - resource: - description: 'Required: resource to - select' - type: string - secret: - description: information about the secret data to - project - type: object - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced Secret - will be projected into the volume as a file - whose name is the key and content is the value. - If specified, the listed keys will be projected - into the specified paths, and unlisted keys - will not be present. If a key is specified - which is not present in the Secret, the volume - setup will error unless it is marked optional. - Paths must be relative and may not contain - the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within - a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use - on this file, must be a value between - 0 and 0777. If not specified, the volume - defaultMode will be used. This might - be in conflict with other options that - affect the file mode, like fsGroup, - and the result can be other mode bits - set.' - type: integer - format: int32 - path: - description: The relative path of the - file to map the key to. May not be an - absolute path. May not contain the path - element '..'. May not start with the - string '..'. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or its - key must be defined - type: boolean - serviceAccountToken: - description: information about the serviceAccountToken - data to project - type: object - required: - - path - properties: - audience: - description: Audience is the intended audience - of the token. A recipient of a token must - identify itself with an identifier specified - in the audience of the token, and otherwise - should reject the token. The audience defaults - to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, - the kubelet volume plugin will proactively - rotate the service account token. The kubelet - will start trying to rotate the token if the - token is older than 80 percent of its time - to live or if the token is older than 24 hours.Defaults - to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: Path is the path relative to the - mount point of the file to project the token - into. - type: string - quobyte: - description: Quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - type: object - required: - - registry - - volume - properties: - group: - description: Group to map volume access to Default is - no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults to - false. - type: boolean - registry: - description: Registry represents a single or multiple - Quobyte Registry services specified as a string as host:port - pair (multiple entries are separated with commas) which - acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume in - the Backend Used with dynamically provisioned Quobyte - volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to - serivceaccount user - type: string - volume: - description: Volume is a string that references an already - created Quobyte volume by name. - type: string - rbd: - description: 'RBD represents a Rados Block Device mount on - the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - type: object - required: - - image - - monitors - properties: - fsType: - description: 'Filesystem type of the volume that you want - to mount. Tip: Ensure that the filesystem type is supported - by the host operating system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred to be "ext4" if unspecified. - More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: array - items: - type: string - pool: - description: 'The rados pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. Default - is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - user: - description: 'The rados user name. Default is admin. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - type: object - required: - - gateway - - secretRef - - system - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain - for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for ScaleIO - user and other sensitive information. If this is not - provided, Login operation will fail. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - sslEnabled: - description: Flag to enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with - the protection domain. - type: string - system: - description: The name of the storage system as configured - in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in the - ScaleIO system that is associated with this volume source. - type: string - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created files - by default. Must be a value between 0 and 0777. Defaults - to 0644. Directories within the path are not affected - by this setting. This might be in conflict with other - options that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in the - Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and - content is the value. If specified, the listed keys - will be projected into the specified paths, and unlisted - keys will not be present. If a key is specified which - is not present in the Secret, the volume setup will - error unless it is marked optional. Paths must be relative - and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If not - specified, the volume defaultMode will be used. - This might be in conflict with other options that - affect the file mode, like fsGroup, and the result - can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map - the key to. May not be an absolute path. May not - contain the path element '..'. May not start with - the string '..'. - type: string - optional: - description: Specify whether the Secret or its keys must - be defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - storageos: - description: StorageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - type: object - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for - obtaining the StorageOS API credentials. If not specified, - default values will be attempted. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - volumeName: - description: VolumeName is the human-readable name of - the StorageOS volume. Volume names are only unique - within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of the - volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows - the Kubernetes name scoping to be mirrored within StorageOS - for tighter integration. Set VolumeName to any name - to override the default behaviour. Set to "default" - if you are not using namespaces within StorageOS. Namespaces - that do not pre-exist within StorageOS will be created. - type: string - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - type: object - required: - - volumePath - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) profile - ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) profile - name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - installPlanApproval: - description: Approval is the user approval policy for an InstallPlan. - type: string - name: - type: string - source: - type: string - sourceNamespace: - type: string - startingCSV: - type: string - status: - type: object - required: - - lastUpdated - properties: - catalogHealth: - description: CatalogHealth contains the Subscription's view of its relevant - CatalogSources' status. It is used to determine SubscriptionStatusConditions - related to CatalogSources. - type: array - items: - description: SubscriptionCatalogHealth describes the health of a CatalogSource - the Subscription knows about. - type: object - required: - - catalogSourceRef - - healthy - - lastUpdated - properties: - catalogSourceRef: - description: CatalogSourceRef is a reference to a CatalogSource. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part - of an object. TODO: this design is not final and this field - is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - healthy: - description: Healthy is true if the CatalogSource is healthy; - false otherwise. - type: boolean - lastUpdated: - description: LastUpdated represents the last time that the CatalogSourceHealth - changed - type: string - format: date-time - conditions: - description: Conditions is a list of the latest available observations - about a Subscription's current state. - type: array - items: - description: SubscriptionCondition represents the latest available - observations of a Subscription's state. - type: object - required: - - status - - type - properties: - lastHeartbeatTime: - description: LastHeartbeatTime is the last time we got an update - on a given condition - type: string - format: date-time - lastTransitionTime: - description: LastTransitionTime is the last time the condition - transit from one status to another - type: string - format: date-time - message: - description: Message is a human-readable message indicating details - about last transition. - type: string - reason: - description: Reason is a one-word CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition, one of True, - False, Unknown. - type: string - type: - description: Type is the type of Subscription condition. - type: string - currentCSV: - description: CurrentCSV is the CSV the Subscription is progressing to. - type: string - installPlanRef: - description: InstallPlanRef is a reference to the latest InstallPlan - that contains the Subscription's current CSV. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an - entire object, this string should contain a valid JSON/Go field - access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen only - to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change - in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is - made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - installedCSV: - description: InstalledCSV is the CSV currently installed by the Subscription. - type: string - installplan: - description: 'Install is a reference to the latest InstallPlan generated - for the Subscription. DEPRECATED: InstallPlanRef' - type: object - required: - - apiVersion - - kind - - name - - uuid - properties: - apiVersion: - type: string - kind: - type: string - name: - type: string - uuid: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being - a type captures intent and helps make sure that UIDs and names - do not get conflated. - type: string - lastUpdated: - description: LastUpdated represents the last time that the Subscription - status was updated. - type: string - format: date-time - reason: - description: Reason is the reason the Subscription was transitioned - to its current state. - type: string - state: - description: State represents the current state of the Subscription - type: string diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_06-catalogsource.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_06-catalogsource.crd.yaml deleted file mode 100644 index 9eaec26b8c..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_06-catalogsource.crd.yaml +++ /dev/null @@ -1,192 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_06-catalogsource.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: catalogsources.operators.coreos.com - annotations: - displayName: CatalogSource - description: A source configured to find packages and updates. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - preserveUnknownFields: false - scope: Namespaced - names: - plural: catalogsources - singular: catalogsource - kind: CatalogSource - listKind: CatalogSourceList - shortNames: - - catsrc - categories: - - olm - additionalPrinterColumns: - - name: Display - type: string - description: The pretty name of the catalog - JSONPath: .spec.displayName - - name: Type - type: string - description: The type of the catalog - JSONPath: .spec.sourceType - - name: Publisher - type: string - description: The publisher of the catalog - JSONPath: .spec.publisher - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - description: CatalogSource is a repository of CSVs, CRDs, and operator packages. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - required: - - sourceType - properties: - address: - description: 'Address is a host that OLM can use to connect to a pre-existing - registry. Format: : Only used when SourceType - = SourceTypeGrpc. Ignored when the Image field is set.' - type: string - configMap: - description: ConfigMap is the name of the ConfigMap to be used to back - a configmap-server registry. Only used when SourceType = SourceTypeConfigmap - or SourceTypeInternal. - type: string - description: - type: string - displayName: - description: Metadata - type: string - icon: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - mediatype: - type: string - image: - description: Image is an operator-registry container image to instantiate - a registry-server with. Only used when SourceType = SourceTypeGrpc. - If present, the address field is ignored. - type: string - publisher: - type: string - secrets: - description: Secrets represent set of secrets that can be used to access - the contents of the catalog. It is best to keep this list small, since - each will need to be tried for every catalog entry. - type: array - items: - type: string - sourceType: - description: SourceType is the type of source - type: string - updateStrategy: - description: UpdateStrategy defines how updated catalog source images - can be discovered Consists of an interval that defines polling duration - and an embedded strategy type - type: object - properties: - registryPoll: - type: object - properties: - interval: - description: Interval is used to determine the time interval - between checks of the latest catalog source version. The catalog - operator polls to see if a new version of the catalog source - is available. If available, the latest image is pulled and - gRPC traffic is directed to the latest catalog source. - type: string - status: - type: object - properties: - configMapReference: - type: object - required: - - name - - namespace - properties: - lastUpdateTime: - type: string - format: date-time - name: - type: string - namespace: - type: string - resourceVersion: - type: string - uid: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being - a type captures intent and helps make sure that UIDs and names - do not get conflated. - type: string - connectionState: - type: object - required: - - lastObservedState - properties: - address: - type: string - lastConnect: - type: string - format: date-time - lastObservedState: - type: string - latestImageRegistryPoll: - description: The last time the CatalogSource image registry has been - polled to ensure the image is up-to-date - type: string - format: date-time - message: - description: A human readable message indicating details about why the - ClusterServiceVersion is in this condition. - type: string - reason: - description: Reason is the reason the Subscription was transitioned - to its current state. - type: string - registryService: - type: object - properties: - createdAt: - type: string - format: date-time - port: - type: string - protocol: - type: string - serviceName: - type: string - serviceNamespace: - type: string diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_07-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_07-olm-operator.deployment.yaml deleted file mode 100644 index 287e307faf..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_07-olm-operator.deployment.yaml +++ /dev/null @@ -1,63 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_07-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: olm - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - args: - - -namespace - - $(OPERATOR_NAMESPACE) - - -writeStatusName - - "" - image: quay.io/operator-framework/olm@sha256:0d15ffb5d10a176ef6e831d7865f98d51255ea5b0d16403618c94a004d049373 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator - resources: - requests: - cpu: 10m - memory: 160Mi - - - nodeSelector: - beta.kubernetes.io/os: linux diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_08-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_08-catalog-operator.deployment.yaml deleted file mode 100644 index 140f77207a..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_08-catalog-operator.deployment.yaml +++ /dev/null @@ -1,56 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_08-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: olm - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - args: - - '-namespace' - - olm - - -configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest - image: quay.io/operator-framework/olm@sha256:0d15ffb5d10a176ef6e831d7865f98d51255ea5b0d16403618c94a004d049373 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - resources: - requests: - cpu: 10m - memory: 80Mi - - - nodeSelector: - beta.kubernetes.io/os: linux diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_09-aggregated.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_09-aggregated.clusterrole.yaml deleted file mode 100644 index e7aa0af341..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_09-aggregated.clusterrole.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["subscriptions"] - verbs: ["create", "update", "patch", "delete"] -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] - verbs: ["delete"] ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "admin", "edit" and "view" default roles - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "operatorgroups"] - verbs: ["get", "list", "watch"] -- apiGroups: ["packages.operators.coreos.com"] - resources: ["packagemanifests", "packagemanifests/icon"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_10-operatorgroup.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_10-operatorgroup.crd.yaml deleted file mode 100644 index 1213b65807..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_10-operatorgroup.crd.yaml +++ /dev/null @@ -1,162 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_10-operatorgroup.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: operatorgroups.operators.coreos.com -spec: - group: operators.coreos.com - version: v1 - versions: - - name: v1 - served: true - storage: true - names: - plural: operatorgroups - singular: operatorgroup - kind: OperatorGroup - listKind: OperatorGroupList - shortNames: - - og - categories: - - olm - scope: Namespaced - preserveUnknownFields: false - subresources: - # status enables the status subresource. - status: {} - "validation": - "openAPIV3Schema": - description: OperatorGroup is the unit of multitenancy for OLM managed operators. - It constrains the installation of operators in its namespace to a specified - set of target namespaces. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorGroupSpec is the spec for an OperatorGroup resource. - type: object - properties: - selector: - description: Selector selects the OperatorGroup's target namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - serviceAccountName: - description: ServiceAccountName is the admin specified service account - which will be used to deploy operator(s) in this operator group. - type: string - staticProvidedAPIs: - description: Static tells OLM not to update the OperatorGroup's providedAPIs - annotation - type: boolean - targetNamespaces: - description: TargetNamespaces is an explicit set of namespaces to target. - If it is set, Selector is ignored. - type: array - items: - type: string - status: - description: OperatorGroupStatus is the status for an OperatorGroupResource. - type: object - required: - - lastUpdated - properties: - lastUpdated: - description: LastUpdated is a timestamp of the last time the OperatorGroup's - status was Updated. - type: string - format: date-time - namespaces: - description: Namespaces is the set of target namespaces for the OperatorGroup. - type: array - items: - type: string - serviceAccountRef: - description: ServiceAccountRef references the service account object - specified. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an - entire object, this string should contain a valid JSON/Go field - access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen only - to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change - in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is - made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_13-operatorgroup-default.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_13-operatorgroup-default.yaml deleted file mode 100644 index 56f5bca2bd..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_13-operatorgroup-default.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: global-operators - namespace: operators ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: olm-operators - namespace: olm -spec: - targetNamespaces: - - olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_15-packageserver.clusterserviceversion.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_15-packageserver.clusterserviceversion.yaml deleted file mode 100644 index 58107d77da..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_15-packageserver.clusterserviceversion.yaml +++ /dev/null @@ -1,124 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_15-packageserver.clusterserviceversion.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - name: packageserver - namespace: olm - labels: - olm.version: 0.14.1 -spec: - displayName: Package Server - description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion. - minKubeVersion: 1.11.0 - keywords: ['packagemanifests', 'olm', 'packages'] - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - provider: - name: Red Hat - links: - - name: Package Server - url: https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/package-server - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: true - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - clusterPermissions: - - serviceAccountName: olm-operator-serviceaccount - rules: - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - get - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "operators.coreos.com" - resources: - - catalogsources - verbs: - - get - - list - - watch - - apiGroups: - - "packages.operators.coreos.com" - resources: - - packagemanifests - verbs: - - get - - list - deployments: - - name: packageserver - spec: - strategy: - type: RollingUpdate - replicas: 2 - selector: - matchLabels: - app: packageserver - template: - metadata: - labels: - app: packageserver - spec: - serviceAccountName: olm-operator-serviceaccount - nodeSelector: - beta.kubernetes.io/os: linux - containers: - - name: packageserver - command: - - /bin/package-server - - -v=4 - - --secure-port - - "5443" - - --global-namespace - - olm - image: quay.io/operator-framework/olm@sha256:0d15ffb5d10a176ef6e831d7865f98d51255ea5b0d16403618c94a004d049373 - imagePullPolicy: Always - ports: - - containerPort: 5443 - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - terminationMessagePolicy: FallbackToLogsOnError - resources: - requests: - cpu: 10m - memory: 50Mi - maturity: alpha - version: 0.14.1 - apiservicedefinitions: - owned: - - group: packages.operators.coreos.com - version: v1 - kind: PackageManifest - name: packagemanifests - displayName: PackageManifest - description: A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps - deploymentName: packageserver - containerPort: 5443 diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_17-upstream-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_17-upstream-operators.catalogsource.yaml deleted file mode 100644 index 4adb582c8b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.14.1/0000_50_olm_17-upstream-operators.catalogsource.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_17-upstream-operators.catalogsource.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: operatorhubio-catalog - namespace: olm -spec: - sourceType: grpc - image: quay.io/operator-framework/upstream-community-operators:latest - displayName: Community Operators - publisher: OperatorHub.io diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-catalogsources.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-catalogsources.yaml deleted file mode 100644 index 1cf123f7b5..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-catalogsources.yaml +++ /dev/null @@ -1,196 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-catalogsources.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: catalogsources.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: CatalogSource - listKind: CatalogSourceList - plural: catalogsources - shortNames: - - catsrc - singular: catalogsource - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The pretty name of the catalog - jsonPath: .spec.displayName - name: Display - type: string - - description: The type of the catalog - jsonPath: .spec.sourceType - name: Type - type: string - - description: The publisher of the catalog - jsonPath: .spec.publisher - name: Publisher - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: CatalogSource is a repository of CSVs, CRDs, and operator packages. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - required: - - sourceType - properties: - address: - description: 'Address is a host that OLM can use to connect to a pre-existing - registry. Format: : Only used when SourceType - = SourceTypeGrpc. Ignored when the Image field is set.' - type: string - configMap: - description: ConfigMap is the name of the ConfigMap to be used to - back a configmap-server registry. Only used when SourceType = SourceTypeConfigmap - or SourceTypeInternal. - type: string - description: - type: string - displayName: - description: Metadata - type: string - icon: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - mediatype: - type: string - image: - description: Image is an operator-registry container image to instantiate - a registry-server with. Only used when SourceType = SourceTypeGrpc. - If present, the address field is ignored. - type: string - publisher: - type: string - secrets: - description: Secrets represent set of secrets that can be used to - access the contents of the catalog. It is best to keep this list - small, since each will need to be tried for every catalog entry. - type: array - items: - type: string - sourceType: - description: SourceType is the type of source - type: string - updateStrategy: - description: UpdateStrategy defines how updated catalog source images - can be discovered Consists of an interval that defines polling duration - and an embedded strategy type - type: object - properties: - registryPoll: - type: object - properties: - interval: - description: Interval is used to determine the time interval - between checks of the latest catalog source version. The - catalog operator polls to see if a new version of the catalog - source is available. If available, the latest image is pulled - and gRPC traffic is directed to the latest catalog source. - type: string - status: - type: object - properties: - configMapReference: - type: object - required: - - name - - namespace - properties: - lastUpdateTime: - type: string - format: date-time - name: - type: string - namespace: - type: string - resourceVersion: - type: string - uid: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias to - string. Being a type captures intent and helps make sure that - UIDs and names do not get conflated. - type: string - connectionState: - type: object - required: - - lastObservedState - properties: - address: - type: string - lastConnect: - type: string - format: date-time - lastObservedState: - type: string - latestImageRegistryPoll: - description: The last time the CatalogSource image registry has been - polled to ensure the image is up-to-date - type: string - format: date-time - message: - description: A human readable message indicating details about why - the CatalogSource is in this condition. - type: string - reason: - description: Reason is the reason the CatalogSource was transitioned - to its current state. - type: string - registryService: - type: object - properties: - createdAt: - type: string - format: date-time - port: - type: string - protocol: - type: string - serviceName: - type: string - serviceNamespace: - type: string - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-clusterserviceversions.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-clusterserviceversions.yaml deleted file mode 100644 index 2418837374..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-clusterserviceversions.yaml +++ /dev/null @@ -1,8957 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-clusterserviceversions.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: clusterserviceversions.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - plural: clusterserviceversions - shortNames: - - csv - - csvs - singular: clusterserviceversion - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The name of the CSV - jsonPath: .spec.displayName - name: Display - type: string - - description: The version of the CSV - jsonPath: .spec.version - name: Version - type: string - - description: The name of a CSV that this one replaces - jsonPath: .spec.replaces - name: Replaces - type: string - - jsonPath: .status.phase - name: Phase - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: ClusterServiceVersion is a Custom Resource of type `ClusterServiceVersionSpec`. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClusterServiceVersionSpec declarations tell OLM how to install - an operator that can manage apps for a given version. - type: object - required: - - displayName - - install - properties: - annotations: - description: Annotations is an unstructured key value map stored with - a resource that may be set by external tools to store and retrieve - arbitrary metadata. - type: object - additionalProperties: - type: string - apiservicedefinitions: - description: APIServiceDefinitions declares all of the extension apis - managed or required by an operator being ran by ClusterServiceVersion. - type: object - properties: - owned: - type: array - items: - description: APIServiceDescription provides details to OLM about - apis provided via aggregation - type: object - required: - - group - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - description: - type: string - displayName: - type: string - group: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - required: - type: array - items: - description: APIServiceDescription provides details to OLM about - apis provided via aggregation - type: object - required: - - group - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - description: - type: string - displayName: - type: string - group: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - customresourcedefinitions: - description: "CustomResourceDefinitions declares all of the CRDs managed - or required by an operator being ran by ClusterServiceVersion. \n - If the CRD is present in the Owned list, it is implicitly required." - type: object - properties: - owned: - type: array - items: - description: CRDDescription provides details to OLM about the - CRDs - type: object - required: - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - description: - type: string - displayName: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - required: - type: array - items: - description: CRDDescription provides details to OLM about the - CRDs - type: object - required: - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - description: - type: string - displayName: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - description: - type: string - displayName: - type: string - icon: - type: array - items: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - mediatype: - type: string - install: - description: NamedInstallStrategy represents the block of an ClusterServiceVersion - resource where the install strategy is specified. - type: object - required: - - strategy - properties: - spec: - description: StrategyDetailsDeployment represents the parsed details - of a Deployment InstallStrategy. - type: object - required: - - deployments - properties: - clusterPermissions: - type: array - items: - description: StrategyDeploymentPermissions describe the - rbac rules and service account needed by the install strategy - type: object - required: - - rules - - serviceAccountName - properties: - rules: - type: array - items: - description: PolicyRule holds information that describes - a policy rule, but does not contain information - about who the rule applies to or which namespace - the rule applies to. - type: object - required: - - verbs - properties: - apiGroups: - description: APIGroups is the name of the APIGroup - that contains the resources. If multiple API - groups are specified, any action requested against - one of the enumerated resources in any API group - will be allowed. - type: array - items: - type: string - nonResourceURLs: - description: NonResourceURLs is a set of partial - urls that a user should have access to. *s - are allowed, but only as the full, final step - in the path Since non-resource URLs are not - namespaced, this field is only applicable for - ClusterRoles referenced from a ClusterRoleBinding. - Rules can either apply to API resources (such - as "pods" or "secrets") or non-resource URL - paths (such as "/api"), but not both. - type: array - items: - type: string - resourceNames: - description: ResourceNames is an optional white - list of names that the rule applies to. An - empty set means that everything is allowed. - type: array - items: - type: string - resources: - description: Resources is a list of resources - this rule applies to. ResourceAll represents - all resources. - type: array - items: - type: string - verbs: - description: Verbs is a list of Verbs that apply - to ALL the ResourceKinds and AttributeRestrictions - contained in this rule. VerbAll represents - all kinds. - type: array - items: - type: string - serviceAccountName: - type: string - deployments: - type: array - items: - description: StrategyDeploymentSpec contains the name and - spec for the deployment ALM should create - type: object - required: - - name - - spec - properties: - name: - type: string - spec: - description: DeploymentSpec is the specification of - the desired behavior of the Deployment. - type: object - required: - - selector - - template - properties: - minReadySeconds: - description: Minimum number of seconds for which - a newly created pod should be ready without any - of its container crashing, for it to be considered - available. Defaults to 0 (pod will be considered - available as soon as it is ready) - type: integer - format: int32 - paused: - description: Indicates that the deployment is paused. - type: boolean - progressDeadlineSeconds: - description: The maximum time in seconds for a deployment - to make progress before it is considered to be - failed. The deployment controller will continue - to process failed deployments and a condition - with a ProgressDeadlineExceeded reason will be - surfaced in the deployment status. Note that progress - will not be estimated during the time a deployment - is paused. Defaults to 600s. - type: integer - format: int32 - replicas: - description: Number of desired pods. This is a pointer - to distinguish between explicit zero and not specified. - Defaults to 1. - type: integer - format: int32 - revisionHistoryLimit: - description: The number of old ReplicaSets to retain - to allow rollback. This is a pointer to distinguish - between explicit zero and not specified. Defaults - to 10. - type: integer - format: int32 - selector: - description: Label selector for pods. Existing ReplicaSets - whose pods are selected by this will be the ones - affected by this deployment. It must match the - pod template's labels. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - type: array - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - additionalProperties: - type: string - strategy: - description: The deployment strategy to use to replace - existing pods with new ones. - type: object - properties: - rollingUpdate: - description: 'Rolling update config params. - Present only if DeploymentStrategyType = RollingUpdate. - --- TODO: Update this to follow our convention - for oneOf, whatever we decide it to be.' - type: object - properties: - maxSurge: - description: 'The maximum number of pods - that can be scheduled above the desired - number of pods. Value can be an absolute - number (ex: 5) or a percentage of desired - pods (ex: 10%). This can not be 0 if MaxUnavailable - is 0. Absolute number is calculated from - percentage by rounding up. Defaults to - 25%. Example: when this is set to 30%, - the new ReplicaSet can be scaled up immediately - when the rolling update starts, such that - the total number of old and new pods do - not exceed 130% of desired pods. Once - old pods have been killed, new ReplicaSet - can be scaled up further, ensuring that - total number of pods running at any time - during the update is at most 130% of desired - pods.' - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - description: 'The maximum number of pods - that can be unavailable during the update. - Value can be an absolute number (ex: 5) - or a percentage of desired pods (ex: 10%). - Absolute number is calculated from percentage - by rounding down. This can not be 0 if - MaxSurge is 0. Defaults to 25%. Example: - when this is set to 30%, the old ReplicaSet - can be scaled down to 70% of desired pods - immediately when the rolling update starts. - Once new pods are ready, old ReplicaSet - can be scaled down further, followed by - scaling up the new ReplicaSet, ensuring - that the total number of pods available - at all times during the update is at least - 70% of desired pods.' - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: - description: Type of deployment. Can be "Recreate" - or "RollingUpdate". Default is RollingUpdate. - type: string - template: - description: Template describes the pods that will - be created. - type: object - properties: - metadata: - description: 'Standard object''s metadata. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - description: 'Specification of the desired behavior - of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - containers - properties: - activeDeadlineSeconds: - description: Optional duration in seconds - the pod may be active on the node relative - to StartTime before the system will actively - try to mark it failed and kill associated - containers. Value must be a positive integer. - type: integer - format: int64 - affinity: - description: If specified, the pod's scheduling - constraints - type: object - properties: - nodeAffinity: - description: Describes node affinity - scheduling rules for the pod. - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches - the corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. - type: array - items: - description: An empty preferred - scheduling term matches all - objects with implicit weight - 0 (i.e. it's a no-op). A null - preferred scheduling term matches - no objects (i.e. is also a no-op). - type: object - required: - - preference - - weight - properties: - preference: - description: A node selector - term, associated with the - corresponding weight. - type: object - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchFields: - description: A list of - node selector requirements - by node's fields. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the - range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to an - update), the system may or may - not try to eventually evict the - pod from its node. - type: object - required: - - nodeSelectorTerms - properties: - nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. - type: array - items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset - of the NodeSelectorTerm. - type: object - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchFields: - description: A list of - node selector requirements - by node's fields. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - podAffinity: - description: Describes pod affinity - scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as - some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. - type: array - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces - specifies which namespaces - the labelSelector applies - to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to a pod - label update), the system may - or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists - of nodes corresponding to each - podAffinityTerm are intersected, - i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the anti-affinity - expressions specified by this - field, but it may choose a node - that violates one or more of the - expressions. The node that is - most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and - adding "weight" to the sum if - the node has pods which matches - the corresponding podAffinityTerm; - the node(s) with the highest sum - are the most preferred. - type: array - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces - specifies which namespaces - the labelSelector applies - to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this - field are not met at scheduling - time, the pod will not be scheduled - onto the node. If the anti-affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to a pod label update), the - system may or may not try to eventually - evict the pod from its node. When - there are multiple elements, the - lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - automountServiceAccountToken: - description: AutomountServiceAccountToken - indicates whether a service account token - should be automatically mounted. - type: boolean - containers: - description: List of containers belonging - to the pod. Containers cannot currently - be added or removed. There must be at - least one container in a Pod. Cannot be - updated. - type: array - items: - description: A single application container - that you want to run within a pod. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used - if this is not provided. Variable - references $(VAR_NAME) are expanded - using the container''s environment. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless - of whether the variable exists or - not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not - executed within a shell. The docker - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be - expanded, regardless of whether - the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables - to set in the container. Cannot - be updated. - type: array - items: - description: EnvVar represents an - environment variable present in - a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previous defined environment - variables in the container - and any service environment - variables. If a variable cannot - be resolved, the reference - in the input string will be - unchanged. The $(VAR_NAME) - syntax can be escaped with - a double $$, ie: $$(VAR_NAME). - Escaped references will never - be expanded, regardless of - whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the - environment variable's value. - Cannot be used if value is - not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key - of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key - to select. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its key must be - defined - type: boolean - fieldRef: - description: 'Selects a - field of the pod: supports - metadata.name, metadata.namespace, - metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key - of the secret to select - from. Must be a valid - secret key. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source - must be a C_IDENTIFIER. All invalid - keys will be reported as an event - when the container is starting. - When a key exists in multiple sources, - the value associated with the last - source will take precedence. Values - defined by an Env with a duplicate - key will take precedence. Cannot - be updated. - type: array - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to - select from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be - defined - type: boolean - prefix: - description: An optional identifier - to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - image: - description: 'Docker image name. More - info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow - higher level config management to - default or override container images - in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. - Defaults to Always if :latest tag - is specified, or IfNotPresent otherwise. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management - system should take in response to - container lifecycle events. Cannot - be updated. - type: object - properties: - postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated - and restarted according to its - restart policy. Other management - of the container blocks until - the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API - request or management event - such as liveness/startup probe - failure, preemption, resource - contention, etc. The handler - is not called if the container - crashes or exits. The reason - for termination is passed to - the handler. The Pod''s termination - grace period countdown begins - before the PreStop hooked is - executed. Regardless of the - outcome of the handler, the - container will eventually terminate - within the Pod''s termination - grace period. Other management - of the container blocks until - the hook completes or until - the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container - specified as a DNS_LABEL. Each container - in a pod must have a unique name - (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose - from the container. Exposing a port - here gives the system additional - information about the network connections - a container uses, but is primarily - informational. Not specifying a - port here DOES NOT prevent that - port from being exposed. Any port - which is listening on the default - "0.0.0.0" address inside a container - will be accessible from the network. - Cannot be updated. - type: array - items: - description: ContainerPort represents - a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port - to expose on the pod's IP - address. This must be a valid - port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to - bind the external port to. - type: string - hostPort: - description: Number of port - to expose on the host. If - specified, this must be a - valid port number, 0 < x < - 65536. If HostNetwork is specified, - this must match ContainerPort. - Most containers do not need - this. - type: integer - format: int32 - name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. - Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container - service readiness. Container will - be removed from service endpoints - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'Security options the - pod should run with. More info: - https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs - flag will be set on the container - process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities - to add/drop when running containers. - Defaults to the default set - of capabilities granted by the - container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - privileged: - description: Run container in - privileged mode. Processes in - privileged containers are essentially - equivalent to root on the host. - Defaults to false. - type: boolean - procMount: - description: procMount denotes - the type of proc mount to use - for the containers. The default - is DefaultProcMount which uses - the container runtime defaults - for readonly paths and masked - paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the - entrypoint of the container - process. Uses runtime default - if unset. May also be set in - PodSecurityContext. If set - in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext - takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to - start the container if it does. - If unset or false, no such validation - will be performed. May also - be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the - entrypoint of the container - process. Defaults to user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: object - properties: - level: - description: Level is SELinux - level label that applies - to the container. - type: string - role: - description: Role is a SELinux - role label that applies - to the container. - type: string - type: - description: Type is a SELinux - type label that applies - to the container. - type: string - user: - description: User is a SELinux - user label that applies - to the container. - type: string - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options - from the PodSecurityContext - will be used. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of - the GMSA credential spec - named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName - in Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - startupProbe: - description: 'StartupProbe indicates - that the Pod has successfully initialized. - If specified, no other probes are - executed until this completes successfully. - If this probe fails, the Pod will - be restarted, just as if the livenessProbe - failed. This can be used to provide - different probe parameters at the - beginning of a Pod''s lifecycle, - when it might take a long time to - load data or warm a cache, than - during steady-state operation. This - cannot be updated. This is a beta - feature enabled by the StartupProbe - feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in - the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container - runtime should close the stdin channel - after it has been opened by a single - attach. When stdin is true the stdin - stream will remain open across multiple - attach sessions. If stdinOnce is - set to true, stdin is opened on - container start, is empty until - the first client attaches to stdin, - and then remains open and accepts - data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads - from stdin will never receive an - EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s - filesystem. Message written is intended - to be brief final status, such as - an assertion failure message. Will - be truncated by the node if greater - than 4096 bytes. The total message - length across all containers will - be limited to 12kb. Defaults to - /dev/termination-log. Cannot be - updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status - message on both success and failure. - FallbackToLogsOnError will use the - last chunk of container log output - if the termination message file - is empty and the container exited - with an error. The log output is - limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to - File. Cannot be updated. - type: string - tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the - list of block devices to be used - by the container. - type: array - items: - description: volumeDevice describes - a mapping of a raw block device - within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. - type: string - name: - description: name must match - the name of a persistentVolumeClaim - in the pod - type: string - volumeMounts: - description: Pod volumes to mount - into the container's filesystem. - Cannot be updated. - type: array - items: - description: VolumeMount describes - a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the - container at which the volume - should be mounted. Must not - contain ':'. - type: string - mountPropagation: - description: mountPropagation - determines how mounts are - propagated from the host to - container and the other way - around. When not set, MountPropagationNone - is used. This field is beta - in 1.10. - type: string - name: - description: This must match - the Name of a Volume. - type: string - readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. - type: boolean - subPath: - description: Path within the - volume from which the container's - volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the - container's volume should - be mounted. Behaves similarly - to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. - If not specified, the container - runtime's default will be used, - which might be configured in the - container image. Cannot be updated. - type: string - dnsConfig: - description: Specifies the DNS parameters - of a pod. Parameters specified here will - be merged to the generated DNS configuration - based on DNSPolicy. - type: object - properties: - nameservers: - description: A list of DNS name server - IP addresses. This will be appended - to the base nameservers generated - from DNSPolicy. Duplicated nameservers - will be removed. - type: array - items: - type: string - options: - description: A list of DNS resolver - options. This will be merged with - the base options generated from DNSPolicy. - Duplicated entries will be removed. - Resolution options given in Options - will override those that appear in - the base DNSPolicy. - type: array - items: - description: PodDNSConfigOption defines - DNS resolver options of a pod. - type: object - properties: - name: - description: Required. - type: string - value: - type: string - searches: - description: A list of DNS search domains - for host-name lookup. This will be - appended to the base search paths - generated from DNSPolicy. Duplicated - search paths will be removed. - type: array - items: - type: string - dnsPolicy: - description: Set DNS policy for the pod. - Defaults to "ClusterFirst". Valid values - are 'ClusterFirstWithHostNet', 'ClusterFirst', - 'Default' or 'None'. DNS parameters given - in DNSConfig will be merged with the policy - selected with DNSPolicy. To have DNS options - set along with hostNetwork, you have to - specify DNS policy explicitly to 'ClusterFirstWithHostNet'. - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates - whether information about services should - be injected into pod''s environment variables, - matching the syntax of Docker links. Optional: - Defaults to true.' - type: boolean - ephemeralContainers: - description: List of ephemeral containers - run in this pod. Ephemeral containers - may be run in an existing pod to perform - user-initiated actions such as debugging. - This list cannot be specified when creating - a pod, and it cannot be modified by updating - the pod spec. In order to add an ephemeral - container to an existing pod, use the - pod's ephemeralcontainers subresource. - This field is alpha-level and is only - honored by servers that enable the EphemeralContainers - feature. - type: array - items: - description: An EphemeralContainer is - a container that may be added temporarily - to an existing pod for user-initiated - activities such as debugging. Ephemeral - containers have no resource or scheduling - guarantees, and they will not be restarted - when they exit or when a pod is removed - or restarted. If an ephemeral container - causes a pod to exceed its resource - allocation, the pod may be evicted. - Ephemeral containers may not be added - by directly updating the pod spec. They - must be added via the pod's ephemeralcontainers - subresource, and they will appear in - the pod spec once added. This is an - alpha feature enabled by the EphemeralContainers - feature flag. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used - if this is not provided. Variable - references $(VAR_NAME) are expanded - using the container''s environment. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless - of whether the variable exists or - not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not - executed within a shell. The docker - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be - expanded, regardless of whether - the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables - to set in the container. Cannot - be updated. - type: array - items: - description: EnvVar represents an - environment variable present in - a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previous defined environment - variables in the container - and any service environment - variables. If a variable cannot - be resolved, the reference - in the input string will be - unchanged. The $(VAR_NAME) - syntax can be escaped with - a double $$, ie: $$(VAR_NAME). - Escaped references will never - be expanded, regardless of - whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the - environment variable's value. - Cannot be used if value is - not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key - of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key - to select. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its key must be - defined - type: boolean - fieldRef: - description: 'Selects a - field of the pod: supports - metadata.name, metadata.namespace, - metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key - of the secret to select - from. Must be a valid - secret key. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source - must be a C_IDENTIFIER. All invalid - keys will be reported as an event - when the container is starting. - When a key exists in multiple sources, - the value associated with the last - source will take precedence. Values - defined by an Env with a duplicate - key will take precedence. Cannot - be updated. - type: array - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to - select from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be - defined - type: boolean - prefix: - description: An optional identifier - to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - image: - description: 'Docker image name. More - info: https://kubernetes.io/docs/concepts/containers/images' - type: string - imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. - Defaults to Always if :latest tag - is specified, or IfNotPresent otherwise. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle is not allowed - for ephemeral containers. - type: object - properties: - postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated - and restarted according to its - restart policy. Other management - of the container blocks until - the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API - request or management event - such as liveness/startup probe - failure, preemption, resource - contention, etc. The handler - is not called if the container - crashes or exits. The reason - for termination is passed to - the handler. The Pod''s termination - grace period countdown begins - before the PreStop hooked is - executed. Regardless of the - outcome of the handler, the - container will eventually terminate - within the Pod''s termination - grace period. Other management - of the container blocks until - the hook completes or until - the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: Probes are not allowed - for ephemeral containers. - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the ephemeral - container specified as a DNS_LABEL. - This name must be unique among all - containers, init containers and - ephemeral containers. - type: string - ports: - description: Ports are not allowed - for ephemeral containers. - type: array - items: - description: ContainerPort represents - a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port - to expose on the pod's IP - address. This must be a valid - port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to - bind the external port to. - type: string - hostPort: - description: Number of port - to expose on the host. If - specified, this must be a - valid port number, 0 < x < - 65536. If HostNetwork is specified, - this must match ContainerPort. - Most containers do not need - this. - type: integer - format: int32 - name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. - Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - readinessProbe: - description: Probes are not allowed - for ephemeral containers. - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: Resources are not allowed - for ephemeral containers. Ephemeral - containers use spare resources already - allocated to the pod. - type: object - properties: - limits: - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: SecurityContext is not - allowed for ephemeral containers. - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs - flag will be set on the container - process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities - to add/drop when running containers. - Defaults to the default set - of capabilities granted by the - container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - privileged: - description: Run container in - privileged mode. Processes in - privileged containers are essentially - equivalent to root on the host. - Defaults to false. - type: boolean - procMount: - description: procMount denotes - the type of proc mount to use - for the containers. The default - is DefaultProcMount which uses - the container runtime defaults - for readonly paths and masked - paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the - entrypoint of the container - process. Uses runtime default - if unset. May also be set in - PodSecurityContext. If set - in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext - takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to - start the container if it does. - If unset or false, no such validation - will be performed. May also - be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the - entrypoint of the container - process. Defaults to user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: object - properties: - level: - description: Level is SELinux - level label that applies - to the container. - type: string - role: - description: Role is a SELinux - role label that applies - to the container. - type: string - type: - description: Type is a SELinux - type label that applies - to the container. - type: string - user: - description: User is a SELinux - user label that applies - to the container. - type: string - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options - from the PodSecurityContext - will be used. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of - the GMSA credential spec - named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName - in Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - startupProbe: - description: Probes are not allowed - for ephemeral containers. - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in - the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container - runtime should close the stdin channel - after it has been opened by a single - attach. When stdin is true the stdin - stream will remain open across multiple - attach sessions. If stdinOnce is - set to true, stdin is opened on - container start, is empty until - the first client attaches to stdin, - and then remains open and accepts - data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads - from stdin will never receive an - EOF. Default is false - type: boolean - targetContainerName: - description: If set, the name of the - container from PodSpec that this - ephemeral container targets. The - ephemeral container will be run - in the namespaces (IPC, PID, etc) - of this container. If not set then - the ephemeral container is run in - whatever namespaces are shared for - the pod. Note that the container - runtime must support this feature. - type: string - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s - filesystem. Message written is intended - to be brief final status, such as - an assertion failure message. Will - be truncated by the node if greater - than 4096 bytes. The total message - length across all containers will - be limited to 12kb. Defaults to - /dev/termination-log. Cannot be - updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status - message on both success and failure. - FallbackToLogsOnError will use the - last chunk of container log output - if the termination message file - is empty and the container exited - with an error. The log output is - limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to - File. Cannot be updated. - type: string - tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the - list of block devices to be used - by the container. - type: array - items: - description: volumeDevice describes - a mapping of a raw block device - within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. - type: string - name: - description: name must match - the name of a persistentVolumeClaim - in the pod - type: string - volumeMounts: - description: Pod volumes to mount - into the container's filesystem. - Cannot be updated. - type: array - items: - description: VolumeMount describes - a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the - container at which the volume - should be mounted. Must not - contain ':'. - type: string - mountPropagation: - description: mountPropagation - determines how mounts are - propagated from the host to - container and the other way - around. When not set, MountPropagationNone - is used. This field is beta - in 1.10. - type: string - name: - description: This must match - the Name of a Volume. - type: string - readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. - type: boolean - subPath: - description: Path within the - volume from which the container's - volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the - container's volume should - be mounted. Behaves similarly - to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. - If not specified, the container - runtime's default will be used, - which might be configured in the - container image. Cannot be updated. - type: string - hostAliases: - description: HostAliases is an optional - list of hosts and IPs that will be injected - into the pod's hosts file if specified. - This is only valid for non-hostNetwork - pods. - type: array - items: - description: HostAlias holds the mapping - between IP and hostnames that will be - injected as an entry in the pod's hosts - file. - type: object - properties: - hostnames: - description: Hostnames for the above - IP address. - type: array - items: - type: string - ip: - description: IP address of the host - file entry. - type: string - hostIPC: - description: 'Use the host''s ipc namespace. - Optional: Default to false.' - type: boolean - hostNetwork: - description: Host networking requested for - this pod. Use the host's network namespace. - If this option is set, the ports that - will be used must be specified. Default - to false. - type: boolean - hostPID: - description: 'Use the host''s pid namespace. - Optional: Default to false.' - type: boolean - hostname: - description: Specifies the hostname of the - Pod If not specified, the pod's hostname - will be set to a system-defined value. - type: string - imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the same - namespace to use for pulling any of the - images used by this PodSpec. If specified, - these secrets will be passed to individual - puller implementations for them to use. - For example, in the case of docker, only - DockerConfig type secrets are honored. - More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains - enough information to let you locate - the referenced object inside the same - namespace. - type: object - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - initContainers: - description: 'List of initialization containers - belonging to the pod. Init containers - are executed in order prior to containers - being started. If any init container fails, - the pod is considered to have failed and - is handled according to its restartPolicy. - The name for an init container or normal - container must be unique among all containers. - Init containers may not have Lifecycle - actions, Readiness probes, Liveness probes, - or Startup probes. The resourceRequirements - of an init container are taken into account - during scheduling by finding the highest - request/limit for each resource type, - and then using the max of of that value - or the sum of the normal containers. Limits - are applied to init containers in a similar - fashion. Init containers cannot currently - be added or removed. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: A single application container - that you want to run within a pod. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used - if this is not provided. Variable - references $(VAR_NAME) are expanded - using the container''s environment. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless - of whether the variable exists or - not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not - executed within a shell. The docker - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be - expanded, regardless of whether - the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables - to set in the container. Cannot - be updated. - type: array - items: - description: EnvVar represents an - environment variable present in - a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previous defined environment - variables in the container - and any service environment - variables. If a variable cannot - be resolved, the reference - in the input string will be - unchanged. The $(VAR_NAME) - syntax can be escaped with - a double $$, ie: $$(VAR_NAME). - Escaped references will never - be expanded, regardless of - whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the - environment variable's value. - Cannot be used if value is - not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key - of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key - to select. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its key must be - defined - type: boolean - fieldRef: - description: 'Selects a - field of the pod: supports - metadata.name, metadata.namespace, - metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key - of the secret to select - from. Must be a valid - secret key. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source - must be a C_IDENTIFIER. All invalid - keys will be reported as an event - when the container is starting. - When a key exists in multiple sources, - the value associated with the last - source will take precedence. Values - defined by an Env with a duplicate - key will take precedence. Cannot - be updated. - type: array - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to - select from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be - defined - type: boolean - prefix: - description: An optional identifier - to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - image: - description: 'Docker image name. More - info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow - higher level config management to - default or override container images - in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. - Defaults to Always if :latest tag - is specified, or IfNotPresent otherwise. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management - system should take in response to - container lifecycle events. Cannot - be updated. - type: object - properties: - postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated - and restarted according to its - restart policy. Other management - of the container blocks until - the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API - request or management event - such as liveness/startup probe - failure, preemption, resource - contention, etc. The handler - is not called if the container - crashes or exits. The reason - for termination is passed to - the handler. The Pod''s termination - grace period countdown begins - before the PreStop hooked is - executed. Regardless of the - outcome of the handler, the - container will eventually terminate - within the Pod''s termination - grace period. Other management - of the container blocks until - the hook completes or until - the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container - specified as a DNS_LABEL. Each container - in a pod must have a unique name - (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose - from the container. Exposing a port - here gives the system additional - information about the network connections - a container uses, but is primarily - informational. Not specifying a - port here DOES NOT prevent that - port from being exposed. Any port - which is listening on the default - "0.0.0.0" address inside a container - will be accessible from the network. - Cannot be updated. - type: array - items: - description: ContainerPort represents - a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port - to expose on the pod's IP - address. This must be a valid - port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to - bind the external port to. - type: string - hostPort: - description: Number of port - to expose on the host. If - specified, this must be a - valid port number, 0 < x < - 65536. If HostNetwork is specified, - this must match ContainerPort. - Most containers do not need - this. - type: integer - format: int32 - name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. - Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container - service readiness. Container will - be removed from service endpoints - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'Security options the - pod should run with. More info: - https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs - flag will be set on the container - process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities - to add/drop when running containers. - Defaults to the default set - of capabilities granted by the - container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - privileged: - description: Run container in - privileged mode. Processes in - privileged containers are essentially - equivalent to root on the host. - Defaults to false. - type: boolean - procMount: - description: procMount denotes - the type of proc mount to use - for the containers. The default - is DefaultProcMount which uses - the container runtime defaults - for readonly paths and masked - paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the - entrypoint of the container - process. Uses runtime default - if unset. May also be set in - PodSecurityContext. If set - in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext - takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to - start the container if it does. - If unset or false, no such validation - will be performed. May also - be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the - entrypoint of the container - process. Defaults to user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: object - properties: - level: - description: Level is SELinux - level label that applies - to the container. - type: string - role: - description: Role is a SELinux - role label that applies - to the container. - type: string - type: - description: Type is a SELinux - type label that applies - to the container. - type: string - user: - description: User is a SELinux - user label that applies - to the container. - type: string - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options - from the PodSecurityContext - will be used. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of - the GMSA credential spec - named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName - in Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - startupProbe: - description: 'StartupProbe indicates - that the Pod has successfully initialized. - If specified, no other probes are - executed until this completes successfully. - If this probe fails, the Pod will - be restarted, just as if the livenessProbe - failed. This can be used to provide - different probe parameters at the - beginning of a Pod''s lifecycle, - when it might take a long time to - load data or warm a cache, than - during steady-state operation. This - cannot be updated. This is a beta - feature enabled by the StartupProbe - feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in - the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container - runtime should close the stdin channel - after it has been opened by a single - attach. When stdin is true the stdin - stream will remain open across multiple - attach sessions. If stdinOnce is - set to true, stdin is opened on - container start, is empty until - the first client attaches to stdin, - and then remains open and accepts - data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads - from stdin will never receive an - EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s - filesystem. Message written is intended - to be brief final status, such as - an assertion failure message. Will - be truncated by the node if greater - than 4096 bytes. The total message - length across all containers will - be limited to 12kb. Defaults to - /dev/termination-log. Cannot be - updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status - message on both success and failure. - FallbackToLogsOnError will use the - last chunk of container log output - if the termination message file - is empty and the container exited - with an error. The log output is - limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to - File. Cannot be updated. - type: string - tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the - list of block devices to be used - by the container. - type: array - items: - description: volumeDevice describes - a mapping of a raw block device - within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. - type: string - name: - description: name must match - the name of a persistentVolumeClaim - in the pod - type: string - volumeMounts: - description: Pod volumes to mount - into the container's filesystem. - Cannot be updated. - type: array - items: - description: VolumeMount describes - a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the - container at which the volume - should be mounted. Must not - contain ':'. - type: string - mountPropagation: - description: mountPropagation - determines how mounts are - propagated from the host to - container and the other way - around. When not set, MountPropagationNone - is used. This field is beta - in 1.10. - type: string - name: - description: This must match - the Name of a Volume. - type: string - readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. - type: boolean - subPath: - description: Path within the - volume from which the container's - volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the - container's volume should - be mounted. Behaves similarly - to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. - If not specified, the container - runtime's default will be used, - which might be configured in the - container image. Cannot be updated. - type: string - nodeName: - description: NodeName is a request to schedule - this pod onto a specific node. If it is - non-empty, the scheduler simply schedules - this pod onto that node, assuming that - it fits resource requirements. - type: string - nodeSelector: - description: 'NodeSelector is a selector - which must be true for the pod to fit - on a node. Selector which must match a - node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - overhead: - description: 'Overhead represents the resource - overhead associated with running a pod - for a given RuntimeClass. This field will - be autopopulated at admission time by - the RuntimeClass admission controller. - If the RuntimeClass admission controller - is enabled, overhead must not be set in - Pod create requests. The RuntimeClass - admission controller will reject Pod create - requests which have the overhead already - set. If RuntimeClass is configured and - selected in the PodSpec, Overhead will - be set to the value defined in the corresponding - RuntimeClass, otherwise it will remain - unset and treated as zero. More info: - https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md - This field is alpha-level as of Kubernetes - v1.16, and is only honored by servers - that enable the PodOverhead feature.' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preemptionPolicy: - description: PreemptionPolicy is the Policy - for preempting pods with lower priority. - One of Never, PreemptLowerPriority. Defaults - to PreemptLowerPriority if unset. This - field is alpha-level and is only honored - by servers that enable the NonPreemptingPriority - feature. - type: string - priority: - description: The priority value. Various - system components use this field to find - the priority of the pod. When Priority - Admission Controller is enabled, it prevents - users from setting this field. The admission - controller populates this field from PriorityClassName. - The higher the value, the higher the priority. - type: integer - format: int32 - priorityClassName: - description: If specified, indicates the - pod's priority. "system-node-critical" - and "system-cluster-critical" are two - special keywords which indicate the highest - priorities with the former being the highest - priority. Any other name must be defined - by creating a PriorityClass object with - that name. If not specified, the pod priority - will be default or zero if there is no - default. - type: string - readinessGates: - description: 'If specified, all readiness - gates will be evaluated for pod readiness. - A pod is ready when all its containers - are ready AND all conditions specified - in the readiness gates have status equal - to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' - type: array - items: - description: PodReadinessGate contains - the reference to a pod condition - type: object - required: - - conditionType - properties: - conditionType: - description: ConditionType refers - to a condition in the pod's condition - list with matching type. - type: string - restartPolicy: - description: 'Restart policy for all containers - within the pod. One of Always, OnFailure, - Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' - type: string - runtimeClassName: - description: 'RuntimeClassName refers to - a RuntimeClass object in the node.k8s.io - group, which should be used to run this - pod. If no RuntimeClass resource matches - the named class, the pod will not be run. - If unset or empty, the "legacy" RuntimeClass - will be used, which is an implicit class - with an empty definition that uses the - default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is a beta feature as of Kubernetes - v1.14.' - type: string - schedulerName: - description: If specified, the pod will - be dispatched by specified scheduler. - If not specified, the pod will be dispatched - by default scheduler. - type: string - securityContext: - description: 'SecurityContext holds pod-level - security attributes and common container - settings. Optional: Defaults to empty. See - type description for default values of - each field.' - type: object - properties: - fsGroup: - description: "A special supplemental - group that applies to all containers - in a pod. Some volume types allow - the Kubelet to change the ownership - of that volume to be owned by the - pod: \n 1. The owning GID will be - the FSGroup 2. The setgid bit is set - (new files created in the volume will - be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If - unset, the Kubelet will not modify - the ownership and permissions of any - volume." - type: integer - format: int64 - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines - behavior of changing ownership and - permission of the volume before being - exposed inside Pod. This field will - only apply to volume types which support - fsGroup based ownership(and permissions). - It will have no effect on ephemeral - volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults - to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set - in SecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does - not run as UID 0 (root) and fail to - start the container if it does. If - unset or false, no such validation - will be performed. May also be set - in SecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults - to user specified in image metadata - if unspecified. May also be set in - SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value - specified in SecurityContext takes - precedence for that container. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context to - be applied to all containers. If unspecified, - the container runtime will allocate - a random SELinux context for each - container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - type: object - properties: - level: - description: Level is SELinux level - label that applies to the container. - type: string - role: - description: Role is a SELinux role - label that applies to the container. - type: string - type: - description: Type is a SELinux type - label that applies to the container. - type: string - user: - description: User is a SELinux user - label that applies to the container. - type: string - supplementalGroups: - description: A list of groups applied - to the first process run in each container, - in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. - type: array - items: - type: integer - format: int64 - sysctls: - description: Sysctls hold a list of - namespaced sysctls used for the pod. - Pods with unsupported sysctls (by - the container runtime) might fail - to launch. - type: array - items: - description: Sysctl defines a kernel - parameter to be set - type: object - required: - - name - - value - properties: - name: - description: Name of a property - to set - type: string - value: - description: Value of a property - to set - type: string - windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options within a container's SecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value - specified in SecurityContext takes - precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user - specified in image metadata if - unspecified. May also be set in - PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - serviceAccount: - description: 'DeprecatedServiceAccount is - a depreciated alias for ServiceAccountName. - Deprecated: Use serviceAccountName instead.' - type: string - serviceAccountName: - description: 'ServiceAccountName is the - name of the ServiceAccount to use to run - this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - shareProcessNamespace: - description: 'Share a single process namespace - between all of the containers in a pod. - When this is set containers will be able - to view and signal processes from other - containers in the same pod, and the first - process in each container will not be - assigned PID 1. HostPID and ShareProcessNamespace - cannot both be set. Optional: Default - to false.' - type: boolean - subdomain: - description: If specified, the fully qualified - Pod hostname will be "...svc.". If not - specified, the pod will not have a domainname - at all. - type: string - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully. - May be decreased in delete request. Value - must be non-negative integer. The value - zero indicates delete immediately. If - this value is nil, the default grace period - will be used instead. The grace period - is the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. Defaults - to 30 seconds. - type: integer - format: int64 - tolerations: - description: If specified, the pod's tolerations. - type: array - items: - description: The pod this Toleration is - attached to tolerates any taint that - matches the triple - using the matching operator . - type: object - properties: - effect: - description: Effect indicates the - taint effect to match. Empty means - match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key - that the toleration applies to. - Empty means match all taint keys. - If the key is empty, operator must - be Exists; this combination means - to match all values and all keys. - type: string - operator: - description: Operator represents a - key's relationship to the value. - Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent - to wildcard for value, so that a - pod can tolerate all taints of a - particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) - tolerates the taint. By default, - it is not set, which means tolerate - the taint forever (do not evict). - Zero and negative values will be - treated as 0 (evict immediately) - by the system. - type: integer - format: int64 - value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. - type: string - topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across - topology domains. Scheduler will schedule - pods in a way which abides by the constraints. - This field is only honored by clusters - that enable the EvenPodsSpread feature. - All topologySpreadConstraints are ANDed. - type: array - items: - description: TopologySpreadConstraint - specifies how to spread matching pods - among the given topology. - type: object - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - properties: - labelSelector: - description: LabelSelector is used - to find matching pods. Pods that - match this label selector are counted - to determine the number of pods - in their corresponding topology - domain. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - type: array - items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - maxSkew: - description: 'MaxSkew describes the - degree to which pods may be unevenly - distributed. It''s the maximum permitted - difference between the number of - matching pods in any two topology - domains of a given topology type. - For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with - the same labelSelector spread as - 1/1/0: | zone1 | zone2 | zone3 | - | P | P | | - if MaxSkew - is 1, incoming pod can only be scheduled - to zone3 to become 1/1/1; scheduling - it onto zone1(zone2) would make - the ActualSkew(2-0) on zone1(zone2) - violate MaxSkew(1). - if MaxSkew - is 2, incoming pod can be scheduled - onto any zone. It''s a required - field. Default value is 1 and 0 - is not allowed.' - type: integer - format: int32 - topologyKey: - description: TopologyKey is the key - of node labels. Nodes that have - a label with this key and identical - values are considered to be in the - same topology. We consider each - as a "bucket", and - try to put balanced number of pods - into each bucket. It's a required - field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t - satisfy the spread constraint. - - DoNotSchedule (default) tells the - scheduler not to schedule it - ScheduleAnyway - tells the scheduler to still schedule - it It''s considered as "Unsatisfiable" - if and only if placing incoming - pod on any topology violates "MaxSkew". - For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with - the same labelSelector spread as - 3/1/1: | zone1 | zone2 | zone3 | - | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming - pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can - still be imbalanced, but scheduler - won''t make it *more* imbalanced. - It''s a required field.' - type: string - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - description: 'List of volumes that can be - mounted by containers belonging to the - pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named - volume in a pod that may be accessed - by any container in the pod. - type: object - required: - - name - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore - represents an AWS Disk resource - that is attached to a kubelet''s - host machine and then exposed to - the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - partition: - description: 'The partition in - the volume that you want to - mount. If omitted, the default - is to mount by volume name. - Examples: For volume /dev/sda1, - you specify the partition as - "1". Similarly, the volume partition - for /dev/sda is "0" (or you - can leave the property empty).' - type: integer - format: int32 - readOnly: - description: 'Specify "true" to - force and set the ReadOnly property - in VolumeMounts to "true". If - omitted, the default is "false". - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the - persistent disk resource in - AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - azureDisk: - description: AzureDisk represents - an Azure Data Disk mount on the - host and bind mount to the pod. - type: object - required: - - diskName - - diskURI - properties: - cachingMode: - description: 'Host Caching mode: - None, Read Only, Read Write.' - type: string - diskName: - description: The Name of the data - disk in the blob storage - type: string - diskURI: - description: The URI the data - disk in the blob storage - type: string - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - kind: - description: 'Expected values - Shared: multiple blob disks - per storage account Dedicated: - single blob disk per storage - account Managed: azure managed - data disk (only in managed availability - set). defaults to shared' - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - azureFile: - description: AzureFile represents - an Azure File Service mount on the - host and bind mount to the pod. - type: object - required: - - secretName - - shareName - properties: - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretName: - description: the name of secret - that contains Azure Storage - Account Name and Key - type: string - shareName: - description: Share Name - type: string - cephfs: - description: CephFS represents a Ceph - FS mount on the host that shares - a pod's lifetime - type: object - required: - - monitors - properties: - monitors: - description: 'Required: Monitors - is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: array - items: - type: string - path: - description: 'Optional: Used as - the mounted root, rather than - the full Ceph tree, default - is /' - type: string - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile - is the path to key ring for - User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef - is reference to the authentication - secret for User, default is - empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - user: - description: 'Optional: User is - the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - cinder: - description: 'Cinder represents a - cinder volume attached and mounted - on kubelets host machine. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type - to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred - to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. More - info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points - to a secret object containing - parameters used to connect to - OpenStack.' - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - volumeID: - description: 'volume id used to - identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - configMap: - description: ConfigMap represents - a configMap that should populate - this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a value between 0 and - 0777. Defaults to 0644. Directories - within the path are not affected - by this setting. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each - key-value pair in the Data field - of the referenced ConfigMap - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the ConfigMap, the volume - setup will error unless it is - marked optional. Paths must - be relative and may not contain - the '..' path or start with - '..'. - type: array - items: - description: Maps a string key - to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to - project. - type: string - mode: - description: 'Optional: - mode bits to use on this - file, must be a value - between 0 and 0777. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, - like fsGroup, and the - result can be other mode - bits set.' - type: integer - format: int32 - path: - description: The relative - path of the file to map - the key to. May not be - an absolute path. May - not contain the path element - '..'. May not start with - the string '..'. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - ConfigMap or its keys must be - defined - type: boolean - csi: - description: CSI (Container Storage - Interface) represents storage that - is handled by an external CSI driver - (Alpha feature). - type: object - required: - - driver - properties: - driver: - description: Driver is the name - of the CSI driver that handles - this volume. Consult with your - admin for the correct name as - registered in the cluster. - type: string - fsType: - description: Filesystem type to - mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value - is passed to the associated - CSI driver which will determine - the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef - is a reference to the secret - object containing sensitive - information to pass to the CSI - driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. - This field is optional, and may - be empty if no secret is required. - If the secret object contains - more than one secret, all secret - references are passed. - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - readOnly: - description: Specifies a read-only - configuration for the volume. - Defaults to false (read/write). - type: boolean - volumeAttributes: - description: VolumeAttributes - stores driver-specific properties - that are passed to the CSI driver. - Consult your driver's documentation - for supported values. - type: object - additionalProperties: - type: string - downwardAPI: - description: DownwardAPI represents - downward API about the pod that - should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a value between 0 and - 0777. Defaults to 0644. Directories - within the path are not affected - by this setting. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' - type: integer - format: int32 - items: - description: Items is a list of - downward API volume file - type: array - items: - description: DownwardAPIVolumeFile - represents information to - create the file containing - the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: - Selects a field of the - pod: only annotations, - labels, name and namespace - are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - mode: - description: 'Optional: - mode bits to use on this - file, must be a value - between 0 and 0777. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, - like fsGroup, and the - result can be other mode - bits set.' - type: integer - format: int32 - path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must not - be absolute or contain - the ''..'' path. Must - be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - emptyDir: - description: 'EmptyDir represents - a temporary directory that shares - a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: object - properties: - medium: - description: 'What type of storage - medium should back this directory. - The default is "" which means - to use the node''s default medium. - Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of - local storage required for this - EmptyDir volume. The size limit - is also applicable for memory - medium. The maximum usage on - memory medium EmptyDir would - be the minimum value between - the SizeLimit specified here - and the sum of memory limits - of all containers in a pod. - The default is nil which means - that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - fc: - description: FC represents a Fibre - Channel resource that is attached - to a kubelet's host machine and - then exposed to the pod. - type: object - properties: - fsType: - description: 'Filesystem type - to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. TODO: how do - we prevent errors in the filesystem - from compromising the machine' - type: string - lun: - description: 'Optional: FC target - lun number' - type: integer - format: int32 - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target - worldwide names (WWNs)' - type: array - items: - type: string - wwids: - description: 'Optional: FC volume - world wide identifiers (wwids) - Either wwids or combination - of targetWWNs and lun must be - set, but not both simultaneously.' - type: array - items: - type: string - flexVolume: - description: FlexVolume represents - a generic volume resource that is - provisioned/attached using an exec - based plugin. - type: object - required: - - driver - properties: - driver: - description: Driver is the name - of the driver to use for this - volume. - type: string - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends - on FlexVolume script. - type: string - options: - description: 'Optional: Extra - command options if any.' - type: object - additionalProperties: - type: string - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef - is reference to the secret object - containing sensitive information - to pass to the plugin scripts. - This may be empty if no secret - object is specified. If the - secret object contains more - than one secret, all secrets - are passed to the plugin scripts.' - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - flocker: - description: Flocker represents a - Flocker volume attached to a kubelet's - host machine. This depends on the - Flocker control service being running - type: object - properties: - datasetName: - description: Name of the dataset - stored as metadata -> name on - the dataset for Flocker should - be considered as deprecated - type: string - datasetUUID: - description: UUID of the dataset. - This is unique identifier of - a Flocker dataset - type: string - gcePersistentDisk: - description: 'GCEPersistentDisk represents - a GCE Disk resource that is attached - to a kubelet''s host machine and - then exposed to the pod. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: object - required: - - pdName - properties: - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - partition: - description: 'The partition in - the volume that you want to - mount. If omitted, the default - is to mount by volume name. - Examples: For volume /dev/sda1, - you specify the partition as - "1". Similarly, the volume partition - for /dev/sda is "0" (or you - can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: integer - format: int32 - pdName: - description: 'Unique name of the - PD resource in GCE. Used to - identify the disk in GCE. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - gitRepo: - description: 'GitRepo represents a - git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. - To provision a container with a - git repo, mount an EmptyDir into - an InitContainer that clones the - repo using git, then mount the EmptyDir - into the Pod''s container.' - type: object - required: - - repository - properties: - directory: - description: Target directory - name. Must not contain or start - with '..'. If '.' is supplied, - the volume directory will be - the git repository. Otherwise, - if specified, the volume will - contain the git repository in - the subdirectory with the given - name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the - specified revision. - type: string - glusterfs: - description: 'Glusterfs represents - a Glusterfs mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/glusterfs/README.md' - type: object - required: - - endpoints - - path - properties: - endpoints: - description: 'EndpointsName is - the endpoint name that details - Glusterfs topology. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will - force the Glusterfs volume to - be mounted with read-only permissions. - Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - hostPath: - description: 'HostPath represents - a pre-existing file or directory - on the host machine that is directly - exposed to the container. This is - generally used for system agents - or other privileged things that - are allowed to see the host machine. - Most containers will NOT need this. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts - and who can/can not mount host directories - as read/write.' - type: object - required: - - path - properties: - path: - description: 'Path of the directory - on the host. If the path is - a symlink, it will follow the - link to the real path. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath - Volume Defaults to "" More info: - https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - iscsi: - description: 'ISCSI represents an - ISCSI Disk resource that is attached - to a kubelet''s host machine and - then exposed to the pod. More info: - https://examples.k8s.io/volumes/iscsi/README.md' - type: object - required: - - iqn - - lun - - targetPortal - properties: - chapAuthDiscovery: - description: whether support iSCSI - Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI - Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator - Name. If initiatorName is specified - with iscsiInterface simultaneously, - new iSCSI interface : will be - created for the connection. - type: string - iqn: - description: Target iSCSI Qualified - Name. - type: string - iscsiInterface: - description: iSCSI Interface Name - that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun - number. - type: integer - format: int32 - portals: - description: iSCSI Target Portal - List. The portal is either an - IP or ip_addr:port if the port - is other than default (typically - TCP ports 860 and 3260). - type: array - items: - type: string - readOnly: - description: ReadOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI - target and initiator authentication - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - targetPortal: - description: iSCSI Target Portal. - The Portal is either an IP or - ip_addr:port if the port is - other than default (typically - TCP ports 860 and 3260). - type: string - name: - description: 'Volume''s name. Must - be a DNS_LABEL and unique within - the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS - mount on the host that shares a - pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: object - required: - - path - - server - properties: - path: - description: 'Path that is exported - by the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will - force the NFS export to be mounted - with read-only permissions. - Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname - or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: object - required: - - claimName - properties: - claimName: - description: 'ClaimName is the - name of a PersistentVolumeClaim - in the same namespace as the - pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly - setting in VolumeMounts. Default - false. - type: boolean - photonPersistentDisk: - description: PhotonPersistentDisk - represents a PhotonController persistent - disk attached and mounted on kubelets - host machine - type: object - required: - - pdID - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - pdID: - description: ID that identifies - Photon Controller persistent - disk - type: string - portworxVolume: - description: PortworxVolume represents - a portworx volume attached and mounted - on kubelets host machine - type: object - required: - - volumeID - properties: - fsType: - description: FSType represents - the filesystem type to mount - Must be a filesystem type supported - by the host operating system. - Ex. "ext4", "xfs". Implicitly - inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely - identifies a Portworx volume - type: string - projected: - description: Items for all in one - resources secrets, configmaps, and - downward API - type: object - required: - - sources - properties: - defaultMode: - description: Mode bits to use - on created files by default. - Must be a value between 0 and - 0777. Directories within the - path are not affected by this - setting. This might be in conflict - with other options that affect - the file mode, like fsGroup, - and the result can be other - mode bits set. - type: integer - format: int32 - sources: - description: list of volume projections - type: array - items: - description: Projection that - may be projected along with - other supported volume types - type: object - properties: - configMap: - description: information - about the configMap data - to project - type: object - properties: - items: - description: If unspecified, - each key-value pair - in the Data field - of the referenced - ConfigMap will be - projected into the - volume as a file whose - name is the key and - content is the value. - If specified, the - listed keys will be - projected into the - specified paths, and - unlisted keys will - not be present. If - a key is specified - which is not present - in the ConfigMap, - the volume setup will - error unless it is - marked optional. Paths - must be relative and - may not contain the - '..' path or start - with '..'. - type: array - items: - description: Maps - a string key to - a path within a - volume. - type: object - required: - - key - - path - properties: - key: - description: The - key to project. - type: string - mode: - description: 'Optional: - mode bits to - use on this - file, must be - a value between - 0 and 0777. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' - type: integer - format: int32 - path: - description: The - relative path - of the file - to map the key - to. May not - be an absolute - path. May not - contain the - path element - '..'. May not - start with the - string '..'. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its keys must be - defined - type: boolean - downwardAPI: - description: information - about the downwardAPI - data to project - type: object - properties: - items: - description: Items is - a list of DownwardAPIVolume - file - type: array - items: - description: DownwardAPIVolumeFile - represents information - to create the file - containing the pod - field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: - Selects a field - of the pod: - only annotations, - labels, name - and namespace - are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema - the FieldPath - is written - in terms - of, defaults - to "v1". - type: string - fieldPath: - description: Path - of the field - to select - in the specified - API version. - type: string - mode: - description: 'Optional: - mode bits to - use on this - file, must be - a value between - 0 and 0777. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' - type: integer - format: int32 - path: - description: 'Required: - Path is the - relative path - name of the - file to be created. - Must not be - absolute or - contain the - ''..'' path. - Must be utf-8 - encoded. The - first item of - the relative - path must not - start with ''..''' - type: string - resourceFieldRef: - description: 'Selects - a resource of - the container: - only resources - limits and requests - (limits.cpu, - limits.memory, - requests.cpu - and requests.memory) - are currently - supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required - for volumes, - optional - for env - vars' - type: string - divisor: - description: Specifies - the output - format of - the exposed - resources, - defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource - to select' - type: string - secret: - description: information - about the secret data - to project - type: object - properties: - items: - description: If unspecified, - each key-value pair - in the Data field - of the referenced - Secret will be projected - into the volume as - a file whose name - is the key and content - is the value. If specified, - the listed keys will - be projected into - the specified paths, - and unlisted keys - will not be present. - If a key is specified - which is not present - in the Secret, the - volume setup will - error unless it is - marked optional. Paths - must be relative and - may not contain the - '..' path or start - with '..'. - type: array - items: - description: Maps - a string key to - a path within a - volume. - type: object - required: - - key - - path - properties: - key: - description: The - key to project. - type: string - mode: - description: 'Optional: - mode bits to - use on this - file, must be - a value between - 0 and 0777. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' - type: integer - format: int32 - path: - description: The - relative path - of the file - to map the key - to. May not - be an absolute - path. May not - contain the - path element - '..'. May not - start with the - string '..'. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - serviceAccountToken: - description: information - about the serviceAccountToken - data to project - type: object - required: - - path - properties: - audience: - description: Audience - is the intended audience - of the token. A recipient - of a token must identify - itself with an identifier - specified in the audience - of the token, and - otherwise should reject - the token. The audience - defaults to the identifier - of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds - is the requested duration - of validity of the - service account token. - As the token approaches - expiration, the kubelet - volume plugin will - proactively rotate - the service account - token. The kubelet - will start trying - to rotate the token - if the token is older - than 80 percent of - its time to live or - if the token is older - than 24 hours.Defaults - to 1 hour and must - be at least 10 minutes. - type: integer - format: int64 - path: - description: Path is - the path relative - to the mount point - of the file to project - the token into. - type: string - quobyte: - description: Quobyte represents a - Quobyte mount on the host that shares - a pod's lifetime - type: object - required: - - registry - - volume - properties: - group: - description: Group to map volume - access to Default is no group - type: string - readOnly: - description: ReadOnly here will - force the Quobyte volume to - be mounted with read-only permissions. - Defaults to false. - type: boolean - registry: - description: Registry represents - a single or multiple Quobyte - Registry services specified - as a string as host:port pair - (multiple entries are separated - with commas) which acts as the - central registry for volumes - type: string - tenant: - description: Tenant owning the - given Quobyte volume in the - Backend Used with dynamically - provisioned Quobyte volumes, - value is set by the plugin - type: string - user: - description: User to map volume - access to Defaults to serivceaccount - user - type: string - volume: - description: Volume is a string - that references an already created - Quobyte volume by name. - type: string - rbd: - description: 'RBD represents a Rados - Block Device mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' - type: object - required: - - image - - monitors - properties: - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - image: - description: 'The rados image - name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path - to key ring for RBDUser. Default - is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of - Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: array - items: - type: string - pool: - description: 'The rados pool name. - Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name - of the authentication secret - for RBDUser. If provided overrides - keyring. Default is nil. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - user: - description: 'The rados user name. - Default is admin. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - scaleIO: - description: ScaleIO represents a - ScaleIO persistent volume attached - and mounted on Kubernetes nodes. - type: object - required: - - gateway - - secretRef - - system - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". - type: string - gateway: - description: The host address - of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO - Protection Domain for the configured - storage. - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references - to the secret for ScaleIO user - and other sensitive information. - If this is not provided, Login - operation will fail. - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - sslEnabled: - description: Flag to enable/disable - SSL communication with Gateway, - default false - type: boolean - storageMode: - description: Indicates whether - the storage for a volume should - be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage - Pool associated with the protection - domain. - type: string - system: - description: The name of the storage - system as configured in ScaleIO. - type: string - volumeName: - description: The name of a volume - already created in the ScaleIO - system that is associated with - this volume source. - type: string - secret: - description: 'Secret represents a - secret that should populate this - volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a value between 0 and - 0777. Defaults to 0644. Directories - within the path are not affected - by this setting. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each - key-value pair in the Data field - of the referenced Secret will - be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the Secret, the volume setup - will error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. - type: array - items: - description: Maps a string key - to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to - project. - type: string - mode: - description: 'Optional: - mode bits to use on this - file, must be a value - between 0 and 0777. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, - like fsGroup, and the - result can be other mode - bits set.' - type: integer - format: int32 - path: - description: The relative - path of the file to map - the key to. May not be - an absolute path. May - not contain the path element - '..'. May not start with - the string '..'. - type: string - optional: - description: Specify whether the - Secret or its keys must be defined - type: boolean - secretName: - description: 'Name of the secret - in the pod''s namespace to use. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - storageos: - description: StorageOS represents - a StorageOS volume attached and - mounted on Kubernetes nodes. - type: object - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies - the secret to use for obtaining - the StorageOS API credentials. If - not specified, default values - will be attempted. - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - volumeName: - description: VolumeName is the - human-readable name of the StorageOS - volume. Volume names are only - unique within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies - the scope of the volume within - StorageOS. If no namespace - is specified then the Pod's - namespace will be used. This - allows the Kubernetes name scoping - to be mirrored within StorageOS - for tighter integration. Set - VolumeName to any name to override - the default behaviour. Set to - "default" if you are not using - namespaces within StorageOS. - Namespaces that do not pre-exist - within StorageOS will be created. - type: string - vsphereVolume: - description: VsphereVolume represents - a vSphere volume attached and mounted - on kubelets host machine - type: object - required: - - volumePath - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based - Management (SPBM) profile ID - associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based - Management (SPBM) profile name. - type: string - volumePath: - description: Path that identifies - vSphere volume vmdk - type: string - permissions: - type: array - items: - description: StrategyDeploymentPermissions describe the - rbac rules and service account needed by the install strategy - type: object - required: - - rules - - serviceAccountName - properties: - rules: - type: array - items: - description: PolicyRule holds information that describes - a policy rule, but does not contain information - about who the rule applies to or which namespace - the rule applies to. - type: object - required: - - verbs - properties: - apiGroups: - description: APIGroups is the name of the APIGroup - that contains the resources. If multiple API - groups are specified, any action requested against - one of the enumerated resources in any API group - will be allowed. - type: array - items: - type: string - nonResourceURLs: - description: NonResourceURLs is a set of partial - urls that a user should have access to. *s - are allowed, but only as the full, final step - in the path Since non-resource URLs are not - namespaced, this field is only applicable for - ClusterRoles referenced from a ClusterRoleBinding. - Rules can either apply to API resources (such - as "pods" or "secrets") or non-resource URL - paths (such as "/api"), but not both. - type: array - items: - type: string - resourceNames: - description: ResourceNames is an optional white - list of names that the rule applies to. An - empty set means that everything is allowed. - type: array - items: - type: string - resources: - description: Resources is a list of resources - this rule applies to. ResourceAll represents - all resources. - type: array - items: - type: string - verbs: - description: Verbs is a list of Verbs that apply - to ALL the ResourceKinds and AttributeRestrictions - contained in this rule. VerbAll represents - all kinds. - type: array - items: - type: string - serviceAccountName: - type: string - strategy: - type: string - installModes: - description: InstallModes specify supported installation types - type: array - items: - description: InstallMode associates an InstallModeType with a flag - representing if the CSV supports it - type: object - required: - - supported - - type - properties: - supported: - type: boolean - type: - description: InstallModeType is a supported type of install - mode for CSV installation - type: string - keywords: - type: array - items: - type: string - labels: - description: Map of string keys and values that can be used to organize - and categorize (scope and select) objects. - type: object - additionalProperties: - type: string - links: - type: array - items: - type: object - properties: - name: - type: string - url: - type: string - maintainers: - type: array - items: - type: object - properties: - email: - type: string - name: - type: string - maturity: - type: string - minKubeVersion: - type: string - nativeAPIs: - type: array - items: - description: GroupVersionKind unambiguously identifies a kind. It - doesn't anonymously include GroupVersion to avoid automatic coersion. It - doesn't use a GroupVersion to avoid custom marshalling - type: object - required: - - group - - kind - - version - properties: - group: - type: string - kind: - type: string - version: - type: string - provider: - type: object - properties: - name: - type: string - url: - type: string - replaces: - description: The name of a CSV this one replaces. Should match the - `metadata.Name` field of the old CSV. - type: string - selector: - description: Label selector for related resources. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - version: - description: OperatorVersion is a wrapper around semver.Version which - supports correct marshaling to YAML and JSON. - type: string - webhookdefinitions: - type: array - items: - description: WebhookDescription provides details to OLM about required - webhooks - type: object - required: - - admissionReviewVersions - - generateName - - sideEffects - - type - properties: - admissionReviewVersions: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - failurePolicy: - type: string - generateName: - type: string - matchPolicy: - description: MatchPolicyType specifies the type of match policy - type: string - objectSelector: - description: A label selector is a label query over a set of - resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. A - null label selector matches no objects. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - reinvocationPolicy: - description: ReinvocationPolicyType specifies what type of policy - the admission hook uses. - type: string - rules: - type: array - items: - description: RuleWithOperations is a tuple of Operations and - Resources. It is recommended to make sure that all the tuple - expansions are valid. - type: object - properties: - apiGroups: - description: APIGroups is the API groups the resources - belong to. '*' is all groups. If '*' is present, the - length of the slice must be one. Required. - type: array - items: - type: string - apiVersions: - description: APIVersions is the API versions the resources - belong to. '*' is all versions. If '*' is present, the - length of the slice must be one. Required. - type: array - items: - type: string - operations: - description: Operations is the operations the admission - hook cares about - CREATE, UPDATE, or * for all operations. - If '*' is present, the length of the slice must be one. - Required. - type: array - items: - type: string - resources: - description: "Resources is a list of resources this rule - applies to. \n For example: 'pods' means pods. 'pods/log' - means the log subresource of pods. '*' means all resources, - but not subresources. 'pods/*' means all subresources - of pods. '*/scale' means all scale subresources. '*/*' - means all resources and their subresources. \n If wildcard - is present, the validation rule will ensure resources - do not overlap with each other. \n Depending on the - enclosing object, subresources might not be allowed. - Required." - type: array - items: - type: string - scope: - description: scope specifies the scope of this rule. Valid - values are "Cluster", "Namespaced", and "*" "Cluster" - means that only cluster-scoped resources will match - this rule. Namespace API objects are cluster-scoped. - "Namespaced" means that only namespaced resources will - match this rule. "*" means that there are no scope restrictions. - Subresources match the scope of their parent resource. - Default is "*". - type: string - sideEffects: - type: string - timeoutSeconds: - type: integer - format: int32 - type: - description: WebhookAdmissionType is the type of admission webhooks - supported by OLM - type: string - enum: - - ValidatingAdmissionWebhook - - MutatingAdmissionWebhook - webhookPath: - type: string - status: - description: ClusterServiceVersionStatus represents information about - the status of a pod. Status may trail the actual state of a system. - type: object - properties: - certsLastUpdated: - description: Last time the owned APIService certs were updated - type: string - format: date-time - certsRotateAt: - description: Time the owned APIService certs will rotate next - type: string - format: date-time - conditions: - description: List of conditions, a history of state transitions - type: array - items: - description: Conditions appear in the status as a record of state - transitions on the ClusterServiceVersion - type: object - properties: - lastTransitionTime: - description: Last time the status transitioned from one status - to another. - type: string - format: date-time - lastUpdateTime: - description: Last time we updated the status - type: string - format: date-time - message: - description: A human readable message indicating details about - why the ClusterServiceVersion is in this condition. - type: string - phase: - description: Condition of the ClusterServiceVersion - type: string - reason: - description: A brief CamelCase message indicating details about - why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' - type: string - lastTransitionTime: - description: Last time the status transitioned from one status to - another. - type: string - format: date-time - lastUpdateTime: - description: Last time we updated the status - type: string - format: date-time - message: - description: A human readable message indicating details about why - the ClusterServiceVersion is in this condition. - type: string - phase: - description: Current condition of the ClusterServiceVersion - type: string - reason: - description: A brief CamelCase message indicating details about why - the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' - type: string - requirementStatus: - description: The status of each requirement for this CSV - type: array - items: - type: object - required: - - group - - kind - - message - - name - - status - - version - properties: - dependents: - type: array - items: - description: DependentStatus is the status for a dependent - requirement (to prevent infinite nesting) - type: object - required: - - group - - kind - - status - - version - properties: - group: - type: string - kind: - type: string - message: - type: string - status: - description: StatusReason is a camelcased reason for the - status of a RequirementStatus or DependentStatus - type: string - uuid: - type: string - version: - type: string - group: - type: string - kind: - type: string - message: - type: string - name: - type: string - status: - description: StatusReason is a camelcased reason for the status - of a RequirementStatus or DependentStatus - type: string - uuid: - type: string - version: - type: string - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-installplans.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-installplans.yaml deleted file mode 100644 index f91d268bc0..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-installplans.yaml +++ /dev/null @@ -1,308 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-installplans.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: installplans.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: InstallPlan - listKind: InstallPlanList - plural: installplans - shortNames: - - ip - singular: installplan - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The first CSV in the list of clusterServiceVersionNames - jsonPath: .spec.clusterServiceVersionNames[0] - name: CSV - type: string - - description: The approval mode - jsonPath: .spec.approval - name: Approval - type: string - - jsonPath: .spec.approved - name: Approved - type: boolean - name: v1alpha1 - schema: - openAPIV3Schema: - description: InstallPlan defines the installation of a set of operators. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: InstallPlanSpec defines a set of Application resources to - be installed - type: object - required: - - approval - - approved - - clusterServiceVersionNames - properties: - approval: - description: Approval is the user approval policy for an InstallPlan. - type: string - approved: - type: boolean - clusterServiceVersionNames: - type: array - items: - type: string - generation: - type: integer - source: - type: string - sourceNamespace: - type: string - status: - description: "InstallPlanStatus represents the information about the status - of steps required to complete installation. \n Status may trail the - actual state of a system." - type: object - required: - - catalogSources - - phase - properties: - attenuatedServiceAccountRef: - description: AttenuatedServiceAccountRef references the service account - that is used to do scoped operator install. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - bundleLookups: - description: BundleLookups is the set of in-progress requests to pull - and unpackage bundle content to the cluster. - type: array - items: - description: BundleLookup is a request to pull and unpackage the - content of a bundle to the cluster. - type: object - required: - - catalogSourceRef - - identifier - - path - - replaces - properties: - catalogSourceRef: - description: CatalogSourceRef is a reference to the CatalogSource - the bundle path was resolved from. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container - within a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that - triggered the event) or if no container name is specified - "spec.containers[2]" (container with index 2 in this pod). - This syntax is chosen only to have some well-defined way - of referencing a part of an object. TODO: this design - is not final and this field is subject to change in the - future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - conditions: - description: Conditions represents the overall state of a BundleLookup. - type: array - items: - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: Last time the condition transitioned from - one status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time the condition was probed. - type: string - format: date-time - message: - description: A human readable message indicating details - about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, - Unknown. - type: string - type: - description: Type of condition. - type: string - identifier: - description: Identifier is the catalog-unique name of the operator - (the name of the CSV for bundles that contain CSVs) - type: string - path: - description: Path refers to the location of a bundle to pull. - It's typically an image reference. - type: string - replaces: - description: Replaces is the name of the bundle to replace with - the one found at Path. - type: string - catalogSources: - type: array - items: - type: string - conditions: - type: array - items: - description: InstallPlanCondition represents the overall status - of the execution of an InstallPlan. - type: object - properties: - lastTransitionTime: - type: string - format: date-time - lastUpdateTime: - type: string - format: date-time - message: - type: string - reason: - description: ConditionReason is a camelcased reason for the - state transition. - type: string - status: - type: string - type: - description: InstallPlanConditionType describes the state of - an InstallPlan at a certain point as a whole. - type: string - phase: - description: InstallPlanPhase is the current status of a InstallPlan - as a whole. - type: string - plan: - type: array - items: - description: Step represents the status of an individual step in - an InstallPlan. - type: object - required: - - resolving - - resource - - status - properties: - resolving: - type: string - resource: - description: StepResource represents the status of a resource - to be tracked by an InstallPlan. - type: object - required: - - group - - kind - - name - - sourceName - - sourceNamespace - - version - properties: - group: - type: string - kind: - type: string - manifest: - type: string - name: - type: string - sourceName: - type: string - sourceNamespace: - type: string - version: - type: string - status: - description: StepStatus is the current status of a particular - resource an in InstallPlan - type: string - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-namespace.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-namespace.yaml deleted file mode 100644 index 13917074d8..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-namespace.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: olm ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: operators diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-operatorgroups.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-operatorgroups.yaml deleted file mode 100644 index 81b2d3acba..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-operatorgroups.yaml +++ /dev/null @@ -1,313 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-operatorgroups.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: operatorgroups.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: OperatorGroup - listKind: OperatorGroupList - plural: operatorgroups - shortNames: - - og - singular: operatorgroup - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: OperatorGroup is the unit of multitenancy for OLM managed operators. - It constrains the installation of operators in its namespace to a specified - set of target namespaces. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorGroupSpec is the spec for an OperatorGroup resource. - type: object - properties: - selector: - description: Selector selects the OperatorGroup's target namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - serviceAccountName: - description: ServiceAccountName is the admin specified service account - which will be used to deploy operator(s) in this operator group. - type: string - staticProvidedAPIs: - description: Static tells OLM not to update the OperatorGroup's providedAPIs - annotation - type: boolean - targetNamespaces: - description: TargetNamespaces is an explicit set of namespaces to - target. If it is set, Selector is ignored. - type: array - items: - type: string - x-kubernetes-list-type: set - status: - description: OperatorGroupStatus is the status for an OperatorGroupResource. - type: object - required: - - lastUpdated - properties: - lastUpdated: - description: LastUpdated is a timestamp of the last time the OperatorGroup's - status was Updated. - type: string - format: date-time - namespaces: - description: Namespaces is the set of target namespaces for the OperatorGroup. - type: array - items: - type: string - x-kubernetes-list-type: set - serviceAccountRef: - description: ServiceAccountRef references the service account object - specified. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: true - subresources: - status: {} - - name: v1alpha2 - schema: - openAPIV3Schema: - description: OperatorGroup is the unit of multitenancy for OLM managed operators. - It constrains the installation of operators in its namespace to a specified - set of target namespaces. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorGroupSpec is the spec for an OperatorGroup resource. - type: object - properties: - selector: - description: Selector selects the OperatorGroup's target namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - serviceAccountName: - description: ServiceAccountName is the admin specified service account - which will be used to deploy operator(s) in this operator group. - type: string - staticProvidedAPIs: - description: Static tells OLM not to update the OperatorGroup's providedAPIs - annotation - type: boolean - targetNamespaces: - description: TargetNamespaces is an explicit set of namespaces to - target. If it is set, Selector is ignored. - type: array - items: - type: string - status: - description: OperatorGroupStatus is the status for an OperatorGroupResource. - type: object - required: - - lastUpdated - properties: - lastUpdated: - description: LastUpdated is a timestamp of the last time the OperatorGroup's - status was Updated. - type: string - format: date-time - namespaces: - description: Namespaces is the set of target namespaces for the OperatorGroup. - type: array - items: - type: string - serviceAccountRef: - description: ServiceAccountRef references the service account object - specified. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: false - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-subscriptions.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-subscriptions.yaml deleted file mode 100644 index d41bb18d41..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_00-subscriptions.yaml +++ /dev/null @@ -1,1842 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-subscriptions.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: subscriptions.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: Subscription - listKind: SubscriptionList - plural: subscriptions - shortNames: - - sub - - subs - singular: subscription - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The package subscribed to - jsonPath: .spec.name - name: Package - type: string - - description: The catalog source for the specified package - jsonPath: .spec.source - name: Source - type: string - - description: The channel of updates to subscribe to - jsonPath: .spec.channel - name: Channel - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Subscription keeps operators up to date by tracking changes to - Catalogs. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: SubscriptionSpec defines an Application that can be installed - type: object - required: - - name - - source - - sourceNamespace - properties: - channel: - type: string - config: - description: SubscriptionConfig contains configuration specified for - a subscription. - type: object - properties: - env: - description: Env is a list of environment variables to set in - the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present - in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - envFrom: - description: EnvFrom is a list of sources to populate environment - variables in the container. The keys defined within a source - must be a C_IDENTIFIER. All invalid keys will be reported as - an event when the container is starting. When a key exists in - multiple sources, the value associated with the last source - will take precedence. Values defined by an Env with a duplicate - key will take precedence. Immutable. - type: array - items: - description: EnvFromSource represents the source of a set of - ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - nodeSelector: - description: 'NodeSelector is a selector which must be true for - the pod to fit on a node. Selector which must match a node''s - labels for the pod to be scheduled on that node. More info: - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - resources: - description: 'Resources represents compute resources required - by this container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - selector: - description: Selector is the label selector for pods to be configured. - Existing ReplicaSets whose pods are selected by this will be - the ones affected by this deployment. It must match the pod - template's labels. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - tolerations: - description: Tolerations are the pod's tolerations. - type: array - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - type: object - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - volumeMounts: - description: List of VolumeMounts to set in the container. - type: array - items: - description: VolumeMount describes a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationNone is used. This - field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - volumes: - description: List of Volumes to set in the podSpec. - type: array - items: - description: Volume represents a named volume in a pod that - may be accessed by any container in the pod. - type: object - required: - - name - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk - resource that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property - empty).' - type: integer - format: int32 - readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the - default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - azureDisk: - description: AzureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. - type: object - required: - - diskName - - diskURI - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read - Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob - disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults - to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - azureFile: - description: AzureFile represents an Azure File Service - mount on the host and bind mount to the pod. - type: object - required: - - secretName - - shareName - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure - Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - cephfs: - description: CephFS represents a Ceph FS mount on the host - that shares a pod's lifetime - type: object - required: - - monitors - properties: - monitors: - description: 'Required: Monitors is a collection of - Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: array - items: - type: string - path: - description: 'Optional: Used as the mounted root, rather - than the full Ceph tree, default is /' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key - ring for User, default is /etc/ceph/user.secret More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef is reference to the - authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - user: - description: 'Optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - cinder: - description: 'Cinder represents a cinder volume attached - and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - volumeID: - description: 'volume id used to identify the volume - in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - configMap: - description: ConfigMap represents a configMap that should - populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be - projected into the volume as a file whose name is - the key and content is the value. If specified, the - listed keys will be projected into the specified paths, - and unlisted keys will not be present. If a key is - specified which is not present in the ConfigMap, the - volume setup will error unless it is marked optional. - Paths must be relative and may not contain the '..' - path or start with '..'. - type: array - items: - description: Maps a string key to a path within a - volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to - map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys - must be defined - type: boolean - csi: - description: CSI (Container Storage Interface) represents - storage that is handled by an external CSI driver (Alpha - feature). - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the CSI driver that - handles this volume. Consult with your admin for the - correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed - to the associated CSI driver which will determine - the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to - the secret object containing sensitive information - to pass to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the - secret object contains more than one secret, all secret - references are passed. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - readOnly: - description: Specifies a read-only configuration for - the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - description: VolumeAttributes stores driver-specific - properties that are passed to the CSI driver. Consult - your driver's documentation for supported values. - type: object - additionalProperties: - type: string - downwardAPI: - description: DownwardAPI represents downward API about the - pod that should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: Items is a list of downward API volume - file - type: array - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the - pod: only annotations, labels, name and namespace - are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative - path name of the file to be created. Must not - be absolute or contain the ''..'' path. Must - be utf-8 encoded. The first item of the relative - path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - emptyDir: - description: 'EmptyDir represents a temporary directory - that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: object - properties: - medium: - description: 'What type of storage medium should back - this directory. The default is "" which means to use - the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required - for this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all - containers in a pod. The default is nil which means - that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - fc: - description: FC represents a Fibre Channel resource that - is attached to a kubelet's host machine and then exposed - to the pod. - type: object - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - lun: - description: 'Optional: FC target lun number' - type: integer - format: int32 - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - type: array - items: - type: string - wwids: - description: 'Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs - and lun must be set, but not both simultaneously.' - type: array - items: - type: string - flexVolume: - description: FlexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the driver to use - for this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. - type: string - options: - description: 'Optional: Extra command options if any.' - type: object - additionalProperties: - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the - secret object containing sensitive information to - pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the - plugin scripts.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - flocker: - description: Flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - type: object - properties: - datasetName: - description: Name of the dataset stored as metadata - -> name on the dataset for Flocker should be considered - as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset - type: string - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: object - required: - - pdName - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property - empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: integer - format: int32 - pdName: - description: 'Unique name of the PD resource in GCE. - Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - gitRepo: - description: 'GitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an - InitContainer that clones the repo using git, then mount - the EmptyDir into the Pod''s container.' - type: object - required: - - repository - properties: - directory: - description: Target directory name. Must not contain - or start with '..'. If '.' is supplied, the volume - directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on - the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - type: object - required: - - endpoints - - path - properties: - endpoints: - description: 'EndpointsName is the endpoint name that - details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More - info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs - volume to be mounted with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - hostPath: - description: 'HostPath represents a pre-existing file or - directory on the host machine that is directly exposed - to the container. This is generally used for system agents - or other privileged things that are allowed to see the - host machine. Most containers will NOT need this. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host - directory mounts and who can/can not mount host directories - as read/write.' - type: object - required: - - path - properties: - path: - description: 'Path of the directory on the host. If - the path is a symlink, it will follow the link to - the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that - is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - type: object - required: - - iqn - - lun - - targetPortal - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new - iSCSI interface : will - be created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI - transport. Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - type: integer - format: int32 - portals: - description: iSCSI Target Portal List. The portal is - either an IP or ip_addr:port if the port is other - than default (typically TCP ports 860 and 3260). - type: array - items: - type: string - readOnly: - description: ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator - authentication - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - targetPortal: - description: iSCSI Target Portal. The Portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). - type: string - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that - shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: object - required: - - path - - server - properties: - path: - description: 'Path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export - to be mounted with read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of - the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: object - required: - - claimName - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine - type: object - required: - - pdID - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent - disk - type: string - portworxVolume: - description: PortworxVolume represents a portworx volume - attached and mounted on kubelets host machine - type: object - required: - - volumeID - properties: - fsType: - description: FSType represents the filesystem type to - mount Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx - volume - type: string - projected: - description: Items for all in one resources secrets, configmaps, - and downward API - type: object - required: - - sources - properties: - defaultMode: - description: Mode bits to use on created files by default. - Must be a value between 0 and 0777. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set. - type: integer - format: int32 - sources: - description: list of volume projections - type: array - items: - description: Projection that may be projected along - with other supported volume types - type: object - properties: - configMap: - description: information about the configMap data - to project - type: object - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced - ConfigMap will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the ConfigMap, the volume setup will - error unless it is marked optional. Paths - must be relative and may not contain the - '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path - within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its keys must be defined - type: boolean - downwardAPI: - description: information about the downwardAPI - data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume - file - type: array - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute or - contain the ''..'' path. Must be utf-8 - encoded. The first item of the relative - path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required - for volumes, optional for env - vars' - type: string - divisor: - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - secret: - description: information about the secret data - to project - type: object - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced - Secret will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the Secret, the volume setup will error - unless it is marked optional. Paths must - be relative and may not contain the '..' - path or start with '..'. - type: array - items: - description: Maps a string key to a path - within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - serviceAccountToken: - description: information about the serviceAccountToken - data to project - type: object - required: - - path - properties: - audience: - description: Audience is the intended audience - of the token. A recipient of a token must - identify itself with an identifier specified - in the audience of the token, and otherwise - should reject the token. The audience defaults - to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, - the kubelet volume plugin will proactively - rotate the service account token. The kubelet - will start trying to rotate the token if - the token is older than 80 percent of its - time to live or if the token is older than - 24 hours.Defaults to 1 hour and must be - at least 10 minutes. - type: integer - format: int64 - path: - description: Path is the path relative to - the mount point of the file to project the - token into. - type: string - quobyte: - description: Quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - type: object - required: - - registry - - volume - properties: - group: - description: Group to map volume access to Default is - no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults - to false. - type: boolean - registry: - description: Registry represents a single or multiple - Quobyte Registry services specified as a string as - host:port pair (multiple entries are separated with - commas) which acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume - in the Backend Used with dynamically provisioned Quobyte - volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to - serivceaccount user - type: string - volume: - description: Volume is a string that references an already - created Quobyte volume by name. - type: string - rbd: - description: 'RBD represents a Rados Block Device mount - on the host that shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' - type: object - required: - - image - - monitors - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: array - items: - type: string - pool: - description: 'The rados pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. - Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - user: - description: 'The rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - type: object - required: - - gateway - - secretRef - - system - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain - for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for - ScaleIO user and other sensitive information. If this - is not provided, Login operation will fail. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - sslEnabled: - description: Flag to enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with - the protection domain. - type: string - system: - description: The name of the storage system as configured - in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in - the ScaleIO system that is associated with this volume - source. - type: string - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and - content is the value. If specified, the listed keys - will be projected into the specified paths, and unlisted - keys will not be present. If a key is specified which - is not present in the Secret, the volume setup will - error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start - with '..'. - type: array - items: - description: Maps a string key to a path within a - volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to - map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. - type: string - optional: - description: Specify whether the Secret or its keys - must be defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - storageos: - description: StorageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - type: object - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for - obtaining the StorageOS API credentials. If not specified, - default values will be attempted. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - volumeName: - description: VolumeName is the human-readable name of - the StorageOS volume. Volume names are only unique - within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of - the volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows - the Kubernetes name scoping to be mirrored within - StorageOS for tighter integration. Set VolumeName - to any name to override the default behaviour. Set - to "default" if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist within - StorageOS will be created. - type: string - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - type: object - required: - - volumePath - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) - profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) - profile name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - installPlanApproval: - description: Approval is the user approval policy for an InstallPlan. - type: string - name: - type: string - source: - type: string - sourceNamespace: - type: string - startingCSV: - type: string - status: - type: object - required: - - lastUpdated - properties: - catalogHealth: - description: CatalogHealth contains the Subscription's view of its - relevant CatalogSources' status. It is used to determine SubscriptionStatusConditions - related to CatalogSources. - type: array - items: - description: SubscriptionCatalogHealth describes the health of a - CatalogSource the Subscription knows about. - type: object - required: - - catalogSourceRef - - healthy - - lastUpdated - properties: - catalogSourceRef: - description: CatalogSourceRef is a reference to a CatalogSource. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container - within a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that - triggered the event) or if no container name is specified - "spec.containers[2]" (container with index 2 in this pod). - This syntax is chosen only to have some well-defined way - of referencing a part of an object. TODO: this design - is not final and this field is subject to change in the - future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - healthy: - description: Healthy is true if the CatalogSource is healthy; - false otherwise. - type: boolean - lastUpdated: - description: LastUpdated represents the last time that the CatalogSourceHealth - changed - type: string - format: date-time - conditions: - description: Conditions is a list of the latest available observations - about a Subscription's current state. - type: array - items: - description: SubscriptionCondition represents the latest available - observations of a Subscription's state. - type: object - required: - - status - - type - properties: - lastHeartbeatTime: - description: LastHeartbeatTime is the last time we got an update - on a given condition - type: string - format: date-time - lastTransitionTime: - description: LastTransitionTime is the last time the condition - transit from one status to another - type: string - format: date-time - message: - description: Message is a human-readable message indicating - details about last transition. - type: string - reason: - description: Reason is a one-word CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition, one of True, - False, Unknown. - type: string - type: - description: Type is the type of Subscription condition. - type: string - currentCSV: - description: CurrentCSV is the CSV the Subscription is progressing - to. - type: string - installPlanGeneration: - description: InstallPlanGeneration is the current generation of the - installplan - type: integer - installPlanRef: - description: InstallPlanRef is a reference to the latest InstallPlan - that contains the Subscription's current CSV. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - installedCSV: - description: InstalledCSV is the CSV currently installed by the Subscription. - type: string - installplan: - description: 'Install is a reference to the latest InstallPlan generated - for the Subscription. DEPRECATED: InstallPlanRef' - type: object - required: - - apiVersion - - kind - - name - - uuid - properties: - apiVersion: - type: string - kind: - type: string - name: - type: string - uuid: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias to - string. Being a type captures intent and helps make sure that - UIDs and names do not get conflated. - type: string - lastUpdated: - description: LastUpdated represents the last time that the Subscription - status was updated. - type: string - format: date-time - reason: - description: Reason is the reason the Subscription was transitioned - to its current state. - type: string - state: - description: State represents the current state of the Subscription - type: string - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_01-olm-operator.serviceaccount.yaml deleted file mode 100644 index e21d33d03d..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: olm ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-olm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_07-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_07-olm-operator.deployment.yaml deleted file mode 100644 index cd30d4a327..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_07-olm-operator.deployment.yaml +++ /dev/null @@ -1,63 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_07-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: olm - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - args: - - --namespace - - $(OPERATOR_NAMESPACE) - - --writeStatusName - - "" - image: quay.io/operator-framework/olm@sha256:788915592f42882559a63c39e14ef211f64c93f31983ea67136533c7983f2896 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator - resources: - requests: - cpu: 10m - memory: 160Mi - - - nodeSelector: - beta.kubernetes.io/os: linux diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_08-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_08-catalog-operator.deployment.yaml deleted file mode 100644 index 9f51451002..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_08-catalog-operator.deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_08-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: olm - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - args: - - '-namespace' - - olm - - -configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest - - -util-image - - quay.io/operator-framework/olm@sha256:788915592f42882559a63c39e14ef211f64c93f31983ea67136533c7983f2896 - image: quay.io/operator-framework/olm@sha256:788915592f42882559a63c39e14ef211f64c93f31983ea67136533c7983f2896 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - resources: - requests: - cpu: 10m - memory: 80Mi - - - nodeSelector: - beta.kubernetes.io/os: linux diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_09-aggregated.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_09-aggregated.clusterrole.yaml deleted file mode 100644 index e7aa0af341..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_09-aggregated.clusterrole.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["subscriptions"] - verbs: ["create", "update", "patch", "delete"] -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] - verbs: ["delete"] ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "admin", "edit" and "view" default roles - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "operatorgroups"] - verbs: ["get", "list", "watch"] -- apiGroups: ["packages.operators.coreos.com"] - resources: ["packagemanifests", "packagemanifests/icon"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_13-operatorgroup-default.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_13-operatorgroup-default.yaml deleted file mode 100644 index 56f5bca2bd..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_13-operatorgroup-default.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: global-operators - namespace: operators ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: olm-operators - namespace: olm -spec: - targetNamespaces: - - olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml deleted file mode 100644 index 588426db43..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml +++ /dev/null @@ -1,132 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_15-packageserver.clusterserviceversion.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - name: packageserver - namespace: olm - labels: - olm.version: 0.15.0 -spec: - displayName: Package Server - description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion. - minKubeVersion: 1.11.0 - keywords: ['packagemanifests', 'olm', 'packages'] - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - provider: - name: Red Hat - links: - - name: Package Server - url: https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/package-server - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: true - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - clusterPermissions: - - serviceAccountName: olm-operator-serviceaccount - rules: - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - get - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "operators.coreos.com" - resources: - - catalogsources - verbs: - - get - - list - - watch - - apiGroups: - - "packages.operators.coreos.com" - resources: - - packagemanifests - verbs: - - get - - list - deployments: - - name: packageserver - spec: - strategy: - type: RollingUpdate - replicas: 2 - selector: - matchLabels: - app: packageserver - template: - metadata: - labels: - app: packageserver - spec: - serviceAccountName: olm-operator-serviceaccount - nodeSelector: - beta.kubernetes.io/os: linux - containers: - - name: packageserver - command: - - /bin/package-server - - -v=4 - - --secure-port - - "5443" - - --global-namespace - - olm - image: quay.io/operator-framework/olm@sha256:788915592f42882559a63c39e14ef211f64c93f31983ea67136533c7983f2896 - imagePullPolicy: Always - ports: - - containerPort: 5443 - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - terminationMessagePolicy: FallbackToLogsOnError - resources: - requests: - cpu: 10m - memory: 50Mi - securityContext: - runAsUser: 1000 - volumeMounts: - - name: tmpfs - mountPath: /tmp - volumes: - - name: tmpfs - emptyDir: {} - maturity: alpha - version: 0.15.0 - apiservicedefinitions: - owned: - - group: packages.operators.coreos.com - version: v1 - kind: PackageManifest - name: packagemanifests - displayName: PackageManifest - description: A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps - deploymentName: packageserver - containerPort: 5443 diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_17-upstream-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_17-upstream-operators.catalogsource.yaml deleted file mode 100644 index 4adb582c8b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.0/0000_50_olm_17-upstream-operators.catalogsource.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_17-upstream-operators.catalogsource.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: operatorhubio-catalog - namespace: olm -spec: - sourceType: grpc - image: quay.io/operator-framework/upstream-community-operators:latest - displayName: Community Operators - publisher: OperatorHub.io diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-catalogsources.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-catalogsources.crd.yaml deleted file mode 100644 index c724ea83d6..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-catalogsources.crd.yaml +++ /dev/null @@ -1,196 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-catalogsources.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: catalogsources.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: CatalogSource - listKind: CatalogSourceList - plural: catalogsources - shortNames: - - catsrc - singular: catalogsource - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The pretty name of the catalog - jsonPath: .spec.displayName - name: Display - type: string - - description: The type of the catalog - jsonPath: .spec.sourceType - name: Type - type: string - - description: The publisher of the catalog - jsonPath: .spec.publisher - name: Publisher - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: CatalogSource is a repository of CSVs, CRDs, and operator packages. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - required: - - sourceType - properties: - address: - description: 'Address is a host that OLM can use to connect to a pre-existing - registry. Format: : Only used when SourceType - = SourceTypeGrpc. Ignored when the Image field is set.' - type: string - configMap: - description: ConfigMap is the name of the ConfigMap to be used to - back a configmap-server registry. Only used when SourceType = SourceTypeConfigmap - or SourceTypeInternal. - type: string - description: - type: string - displayName: - description: Metadata - type: string - icon: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - mediatype: - type: string - image: - description: Image is an operator-registry container image to instantiate - a registry-server with. Only used when SourceType = SourceTypeGrpc. - If present, the address field is ignored. - type: string - publisher: - type: string - secrets: - description: Secrets represent set of secrets that can be used to - access the contents of the catalog. It is best to keep this list - small, since each will need to be tried for every catalog entry. - type: array - items: - type: string - sourceType: - description: SourceType is the type of source - type: string - updateStrategy: - description: UpdateStrategy defines how updated catalog source images - can be discovered Consists of an interval that defines polling duration - and an embedded strategy type - type: object - properties: - registryPoll: - type: object - properties: - interval: - description: Interval is used to determine the time interval - between checks of the latest catalog source version. The - catalog operator polls to see if a new version of the catalog - source is available. If available, the latest image is pulled - and gRPC traffic is directed to the latest catalog source. - type: string - status: - type: object - properties: - configMapReference: - type: object - required: - - name - - namespace - properties: - lastUpdateTime: - type: string - format: date-time - name: - type: string - namespace: - type: string - resourceVersion: - type: string - uid: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias to - string. Being a type captures intent and helps make sure that - UIDs and names do not get conflated. - type: string - connectionState: - type: object - required: - - lastObservedState - properties: - address: - type: string - lastConnect: - type: string - format: date-time - lastObservedState: - type: string - latestImageRegistryPoll: - description: The last time the CatalogSource image registry has been - polled to ensure the image is up-to-date - type: string - format: date-time - message: - description: A human readable message indicating details about why - the CatalogSource is in this condition. - type: string - reason: - description: Reason is the reason the CatalogSource was transitioned - to its current state. - type: string - registryService: - type: object - properties: - createdAt: - type: string - format: date-time - port: - type: string - protocol: - type: string - serviceName: - type: string - serviceNamespace: - type: string - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-clusterserviceversions.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-clusterserviceversions.crd.yaml deleted file mode 100644 index 3d1ff964de..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-clusterserviceversions.crd.yaml +++ /dev/null @@ -1,8957 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-clusterserviceversions.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: clusterserviceversions.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - plural: clusterserviceversions - shortNames: - - csv - - csvs - singular: clusterserviceversion - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The name of the CSV - jsonPath: .spec.displayName - name: Display - type: string - - description: The version of the CSV - jsonPath: .spec.version - name: Version - type: string - - description: The name of a CSV that this one replaces - jsonPath: .spec.replaces - name: Replaces - type: string - - jsonPath: .status.phase - name: Phase - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: ClusterServiceVersion is a Custom Resource of type `ClusterServiceVersionSpec`. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClusterServiceVersionSpec declarations tell OLM how to install - an operator that can manage apps for a given version. - type: object - required: - - displayName - - install - properties: - annotations: - description: Annotations is an unstructured key value map stored with - a resource that may be set by external tools to store and retrieve - arbitrary metadata. - type: object - additionalProperties: - type: string - apiservicedefinitions: - description: APIServiceDefinitions declares all of the extension apis - managed or required by an operator being ran by ClusterServiceVersion. - type: object - properties: - owned: - type: array - items: - description: APIServiceDescription provides details to OLM about - apis provided via aggregation - type: object - required: - - group - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - description: - type: string - displayName: - type: string - group: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - required: - type: array - items: - description: APIServiceDescription provides details to OLM about - apis provided via aggregation - type: object - required: - - group - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - description: - type: string - displayName: - type: string - group: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - customresourcedefinitions: - description: "CustomResourceDefinitions declares all of the CRDs managed - or required by an operator being ran by ClusterServiceVersion. \n - If the CRD is present in the Owned list, it is implicitly required." - type: object - properties: - owned: - type: array - items: - description: CRDDescription provides details to OLM about the - CRDs - type: object - required: - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - description: - type: string - displayName: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - required: - type: array - items: - description: CRDDescription provides details to OLM about the - CRDs - type: object - required: - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - description: - type: string - displayName: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - description: - type: string - displayName: - type: string - icon: - type: array - items: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - mediatype: - type: string - install: - description: NamedInstallStrategy represents the block of an ClusterServiceVersion - resource where the install strategy is specified. - type: object - required: - - strategy - properties: - spec: - description: StrategyDetailsDeployment represents the parsed details - of a Deployment InstallStrategy. - type: object - required: - - deployments - properties: - clusterPermissions: - type: array - items: - description: StrategyDeploymentPermissions describe the - rbac rules and service account needed by the install strategy - type: object - required: - - rules - - serviceAccountName - properties: - rules: - type: array - items: - description: PolicyRule holds information that describes - a policy rule, but does not contain information - about who the rule applies to or which namespace - the rule applies to. - type: object - required: - - verbs - properties: - apiGroups: - description: APIGroups is the name of the APIGroup - that contains the resources. If multiple API - groups are specified, any action requested against - one of the enumerated resources in any API group - will be allowed. - type: array - items: - type: string - nonResourceURLs: - description: NonResourceURLs is a set of partial - urls that a user should have access to. *s - are allowed, but only as the full, final step - in the path Since non-resource URLs are not - namespaced, this field is only applicable for - ClusterRoles referenced from a ClusterRoleBinding. - Rules can either apply to API resources (such - as "pods" or "secrets") or non-resource URL - paths (such as "/api"), but not both. - type: array - items: - type: string - resourceNames: - description: ResourceNames is an optional white - list of names that the rule applies to. An - empty set means that everything is allowed. - type: array - items: - type: string - resources: - description: Resources is a list of resources - this rule applies to. ResourceAll represents - all resources. - type: array - items: - type: string - verbs: - description: Verbs is a list of Verbs that apply - to ALL the ResourceKinds and AttributeRestrictions - contained in this rule. VerbAll represents - all kinds. - type: array - items: - type: string - serviceAccountName: - type: string - deployments: - type: array - items: - description: StrategyDeploymentSpec contains the name and - spec for the deployment ALM should create - type: object - required: - - name - - spec - properties: - name: - type: string - spec: - description: DeploymentSpec is the specification of - the desired behavior of the Deployment. - type: object - required: - - selector - - template - properties: - minReadySeconds: - description: Minimum number of seconds for which - a newly created pod should be ready without any - of its container crashing, for it to be considered - available. Defaults to 0 (pod will be considered - available as soon as it is ready) - type: integer - format: int32 - paused: - description: Indicates that the deployment is paused. - type: boolean - progressDeadlineSeconds: - description: The maximum time in seconds for a deployment - to make progress before it is considered to be - failed. The deployment controller will continue - to process failed deployments and a condition - with a ProgressDeadlineExceeded reason will be - surfaced in the deployment status. Note that progress - will not be estimated during the time a deployment - is paused. Defaults to 600s. - type: integer - format: int32 - replicas: - description: Number of desired pods. This is a pointer - to distinguish between explicit zero and not specified. - Defaults to 1. - type: integer - format: int32 - revisionHistoryLimit: - description: The number of old ReplicaSets to retain - to allow rollback. This is a pointer to distinguish - between explicit zero and not specified. Defaults - to 10. - type: integer - format: int32 - selector: - description: Label selector for pods. Existing ReplicaSets - whose pods are selected by this will be the ones - affected by this deployment. It must match the - pod template's labels. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - type: array - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - additionalProperties: - type: string - strategy: - description: The deployment strategy to use to replace - existing pods with new ones. - type: object - properties: - rollingUpdate: - description: 'Rolling update config params. - Present only if DeploymentStrategyType = RollingUpdate. - --- TODO: Update this to follow our convention - for oneOf, whatever we decide it to be.' - type: object - properties: - maxSurge: - description: 'The maximum number of pods - that can be scheduled above the desired - number of pods. Value can be an absolute - number (ex: 5) or a percentage of desired - pods (ex: 10%). This can not be 0 if MaxUnavailable - is 0. Absolute number is calculated from - percentage by rounding up. Defaults to - 25%. Example: when this is set to 30%, - the new ReplicaSet can be scaled up immediately - when the rolling update starts, such that - the total number of old and new pods do - not exceed 130% of desired pods. Once - old pods have been killed, new ReplicaSet - can be scaled up further, ensuring that - total number of pods running at any time - during the update is at most 130% of desired - pods.' - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - description: 'The maximum number of pods - that can be unavailable during the update. - Value can be an absolute number (ex: 5) - or a percentage of desired pods (ex: 10%). - Absolute number is calculated from percentage - by rounding down. This can not be 0 if - MaxSurge is 0. Defaults to 25%. Example: - when this is set to 30%, the old ReplicaSet - can be scaled down to 70% of desired pods - immediately when the rolling update starts. - Once new pods are ready, old ReplicaSet - can be scaled down further, followed by - scaling up the new ReplicaSet, ensuring - that the total number of pods available - at all times during the update is at least - 70% of desired pods.' - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: - description: Type of deployment. Can be "Recreate" - or "RollingUpdate". Default is RollingUpdate. - type: string - template: - description: Template describes the pods that will - be created. - type: object - properties: - metadata: - description: 'Standard object''s metadata. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - description: 'Specification of the desired behavior - of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - containers - properties: - activeDeadlineSeconds: - description: Optional duration in seconds - the pod may be active on the node relative - to StartTime before the system will actively - try to mark it failed and kill associated - containers. Value must be a positive integer. - type: integer - format: int64 - affinity: - description: If specified, the pod's scheduling - constraints - type: object - properties: - nodeAffinity: - description: Describes node affinity - scheduling rules for the pod. - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches - the corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. - type: array - items: - description: An empty preferred - scheduling term matches all - objects with implicit weight - 0 (i.e. it's a no-op). A null - preferred scheduling term matches - no objects (i.e. is also a no-op). - type: object - required: - - preference - - weight - properties: - preference: - description: A node selector - term, associated with the - corresponding weight. - type: object - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchFields: - description: A list of - node selector requirements - by node's fields. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the - range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to an - update), the system may or may - not try to eventually evict the - pod from its node. - type: object - required: - - nodeSelectorTerms - properties: - nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. - type: array - items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset - of the NodeSelectorTerm. - type: object - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchFields: - description: A list of - node selector requirements - by node's fields. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - podAffinity: - description: Describes pod affinity - scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as - some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. - type: array - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces - specifies which namespaces - the labelSelector applies - to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to a pod - label update), the system may - or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists - of nodes corresponding to each - podAffinityTerm are intersected, - i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the anti-affinity - expressions specified by this - field, but it may choose a node - that violates one or more of the - expressions. The node that is - most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and - adding "weight" to the sum if - the node has pods which matches - the corresponding podAffinityTerm; - the node(s) with the highest sum - are the most preferred. - type: array - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces - specifies which namespaces - the labelSelector applies - to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this - field are not met at scheduling - time, the pod will not be scheduled - onto the node. If the anti-affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to a pod label update), the - system may or may not try to eventually - evict the pod from its node. When - there are multiple elements, the - lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - automountServiceAccountToken: - description: AutomountServiceAccountToken - indicates whether a service account token - should be automatically mounted. - type: boolean - containers: - description: List of containers belonging - to the pod. Containers cannot currently - be added or removed. There must be at - least one container in a Pod. Cannot be - updated. - type: array - items: - description: A single application container - that you want to run within a pod. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used - if this is not provided. Variable - references $(VAR_NAME) are expanded - using the container''s environment. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless - of whether the variable exists or - not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not - executed within a shell. The docker - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be - expanded, regardless of whether - the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables - to set in the container. Cannot - be updated. - type: array - items: - description: EnvVar represents an - environment variable present in - a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previous defined environment - variables in the container - and any service environment - variables. If a variable cannot - be resolved, the reference - in the input string will be - unchanged. The $(VAR_NAME) - syntax can be escaped with - a double $$, ie: $$(VAR_NAME). - Escaped references will never - be expanded, regardless of - whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the - environment variable's value. - Cannot be used if value is - not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key - of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key - to select. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its key must be - defined - type: boolean - fieldRef: - description: 'Selects a - field of the pod: supports - metadata.name, metadata.namespace, - metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key - of the secret to select - from. Must be a valid - secret key. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source - must be a C_IDENTIFIER. All invalid - keys will be reported as an event - when the container is starting. - When a key exists in multiple sources, - the value associated with the last - source will take precedence. Values - defined by an Env with a duplicate - key will take precedence. Cannot - be updated. - type: array - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to - select from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be - defined - type: boolean - prefix: - description: An optional identifier - to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - image: - description: 'Docker image name. More - info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow - higher level config management to - default or override container images - in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. - Defaults to Always if :latest tag - is specified, or IfNotPresent otherwise. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management - system should take in response to - container lifecycle events. Cannot - be updated. - type: object - properties: - postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated - and restarted according to its - restart policy. Other management - of the container blocks until - the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API - request or management event - such as liveness/startup probe - failure, preemption, resource - contention, etc. The handler - is not called if the container - crashes or exits. The reason - for termination is passed to - the handler. The Pod''s termination - grace period countdown begins - before the PreStop hooked is - executed. Regardless of the - outcome of the handler, the - container will eventually terminate - within the Pod''s termination - grace period. Other management - of the container blocks until - the hook completes or until - the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container - specified as a DNS_LABEL. Each container - in a pod must have a unique name - (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose - from the container. Exposing a port - here gives the system additional - information about the network connections - a container uses, but is primarily - informational. Not specifying a - port here DOES NOT prevent that - port from being exposed. Any port - which is listening on the default - "0.0.0.0" address inside a container - will be accessible from the network. - Cannot be updated. - type: array - items: - description: ContainerPort represents - a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port - to expose on the pod's IP - address. This must be a valid - port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to - bind the external port to. - type: string - hostPort: - description: Number of port - to expose on the host. If - specified, this must be a - valid port number, 0 < x < - 65536. If HostNetwork is specified, - this must match ContainerPort. - Most containers do not need - this. - type: integer - format: int32 - name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. - Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container - service readiness. Container will - be removed from service endpoints - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'Security options the - pod should run with. More info: - https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs - flag will be set on the container - process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities - to add/drop when running containers. - Defaults to the default set - of capabilities granted by the - container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - privileged: - description: Run container in - privileged mode. Processes in - privileged containers are essentially - equivalent to root on the host. - Defaults to false. - type: boolean - procMount: - description: procMount denotes - the type of proc mount to use - for the containers. The default - is DefaultProcMount which uses - the container runtime defaults - for readonly paths and masked - paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the - entrypoint of the container - process. Uses runtime default - if unset. May also be set in - PodSecurityContext. If set - in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext - takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to - start the container if it does. - If unset or false, no such validation - will be performed. May also - be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the - entrypoint of the container - process. Defaults to user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: object - properties: - level: - description: Level is SELinux - level label that applies - to the container. - type: string - role: - description: Role is a SELinux - role label that applies - to the container. - type: string - type: - description: Type is a SELinux - type label that applies - to the container. - type: string - user: - description: User is a SELinux - user label that applies - to the container. - type: string - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options - from the PodSecurityContext - will be used. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of - the GMSA credential spec - named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName - in Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - startupProbe: - description: 'StartupProbe indicates - that the Pod has successfully initialized. - If specified, no other probes are - executed until this completes successfully. - If this probe fails, the Pod will - be restarted, just as if the livenessProbe - failed. This can be used to provide - different probe parameters at the - beginning of a Pod''s lifecycle, - when it might take a long time to - load data or warm a cache, than - during steady-state operation. This - cannot be updated. This is a beta - feature enabled by the StartupProbe - feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in - the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container - runtime should close the stdin channel - after it has been opened by a single - attach. When stdin is true the stdin - stream will remain open across multiple - attach sessions. If stdinOnce is - set to true, stdin is opened on - container start, is empty until - the first client attaches to stdin, - and then remains open and accepts - data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads - from stdin will never receive an - EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s - filesystem. Message written is intended - to be brief final status, such as - an assertion failure message. Will - be truncated by the node if greater - than 4096 bytes. The total message - length across all containers will - be limited to 12kb. Defaults to - /dev/termination-log. Cannot be - updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status - message on both success and failure. - FallbackToLogsOnError will use the - last chunk of container log output - if the termination message file - is empty and the container exited - with an error. The log output is - limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to - File. Cannot be updated. - type: string - tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the - list of block devices to be used - by the container. - type: array - items: - description: volumeDevice describes - a mapping of a raw block device - within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. - type: string - name: - description: name must match - the name of a persistentVolumeClaim - in the pod - type: string - volumeMounts: - description: Pod volumes to mount - into the container's filesystem. - Cannot be updated. - type: array - items: - description: VolumeMount describes - a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the - container at which the volume - should be mounted. Must not - contain ':'. - type: string - mountPropagation: - description: mountPropagation - determines how mounts are - propagated from the host to - container and the other way - around. When not set, MountPropagationNone - is used. This field is beta - in 1.10. - type: string - name: - description: This must match - the Name of a Volume. - type: string - readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. - type: boolean - subPath: - description: Path within the - volume from which the container's - volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the - container's volume should - be mounted. Behaves similarly - to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. - If not specified, the container - runtime's default will be used, - which might be configured in the - container image. Cannot be updated. - type: string - dnsConfig: - description: Specifies the DNS parameters - of a pod. Parameters specified here will - be merged to the generated DNS configuration - based on DNSPolicy. - type: object - properties: - nameservers: - description: A list of DNS name server - IP addresses. This will be appended - to the base nameservers generated - from DNSPolicy. Duplicated nameservers - will be removed. - type: array - items: - type: string - options: - description: A list of DNS resolver - options. This will be merged with - the base options generated from DNSPolicy. - Duplicated entries will be removed. - Resolution options given in Options - will override those that appear in - the base DNSPolicy. - type: array - items: - description: PodDNSConfigOption defines - DNS resolver options of a pod. - type: object - properties: - name: - description: Required. - type: string - value: - type: string - searches: - description: A list of DNS search domains - for host-name lookup. This will be - appended to the base search paths - generated from DNSPolicy. Duplicated - search paths will be removed. - type: array - items: - type: string - dnsPolicy: - description: Set DNS policy for the pod. - Defaults to "ClusterFirst". Valid values - are 'ClusterFirstWithHostNet', 'ClusterFirst', - 'Default' or 'None'. DNS parameters given - in DNSConfig will be merged with the policy - selected with DNSPolicy. To have DNS options - set along with hostNetwork, you have to - specify DNS policy explicitly to 'ClusterFirstWithHostNet'. - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates - whether information about services should - be injected into pod''s environment variables, - matching the syntax of Docker links. Optional: - Defaults to true.' - type: boolean - ephemeralContainers: - description: List of ephemeral containers - run in this pod. Ephemeral containers - may be run in an existing pod to perform - user-initiated actions such as debugging. - This list cannot be specified when creating - a pod, and it cannot be modified by updating - the pod spec. In order to add an ephemeral - container to an existing pod, use the - pod's ephemeralcontainers subresource. - This field is alpha-level and is only - honored by servers that enable the EphemeralContainers - feature. - type: array - items: - description: An EphemeralContainer is - a container that may be added temporarily - to an existing pod for user-initiated - activities such as debugging. Ephemeral - containers have no resource or scheduling - guarantees, and they will not be restarted - when they exit or when a pod is removed - or restarted. If an ephemeral container - causes a pod to exceed its resource - allocation, the pod may be evicted. - Ephemeral containers may not be added - by directly updating the pod spec. They - must be added via the pod's ephemeralcontainers - subresource, and they will appear in - the pod spec once added. This is an - alpha feature enabled by the EphemeralContainers - feature flag. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used - if this is not provided. Variable - references $(VAR_NAME) are expanded - using the container''s environment. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless - of whether the variable exists or - not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not - executed within a shell. The docker - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be - expanded, regardless of whether - the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables - to set in the container. Cannot - be updated. - type: array - items: - description: EnvVar represents an - environment variable present in - a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previous defined environment - variables in the container - and any service environment - variables. If a variable cannot - be resolved, the reference - in the input string will be - unchanged. The $(VAR_NAME) - syntax can be escaped with - a double $$, ie: $$(VAR_NAME). - Escaped references will never - be expanded, regardless of - whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the - environment variable's value. - Cannot be used if value is - not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key - of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key - to select. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its key must be - defined - type: boolean - fieldRef: - description: 'Selects a - field of the pod: supports - metadata.name, metadata.namespace, - metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key - of the secret to select - from. Must be a valid - secret key. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source - must be a C_IDENTIFIER. All invalid - keys will be reported as an event - when the container is starting. - When a key exists in multiple sources, - the value associated with the last - source will take precedence. Values - defined by an Env with a duplicate - key will take precedence. Cannot - be updated. - type: array - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to - select from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be - defined - type: boolean - prefix: - description: An optional identifier - to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - image: - description: 'Docker image name. More - info: https://kubernetes.io/docs/concepts/containers/images' - type: string - imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. - Defaults to Always if :latest tag - is specified, or IfNotPresent otherwise. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle is not allowed - for ephemeral containers. - type: object - properties: - postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated - and restarted according to its - restart policy. Other management - of the container blocks until - the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API - request or management event - such as liveness/startup probe - failure, preemption, resource - contention, etc. The handler - is not called if the container - crashes or exits. The reason - for termination is passed to - the handler. The Pod''s termination - grace period countdown begins - before the PreStop hooked is - executed. Regardless of the - outcome of the handler, the - container will eventually terminate - within the Pod''s termination - grace period. Other management - of the container blocks until - the hook completes or until - the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: Probes are not allowed - for ephemeral containers. - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the ephemeral - container specified as a DNS_LABEL. - This name must be unique among all - containers, init containers and - ephemeral containers. - type: string - ports: - description: Ports are not allowed - for ephemeral containers. - type: array - items: - description: ContainerPort represents - a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port - to expose on the pod's IP - address. This must be a valid - port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to - bind the external port to. - type: string - hostPort: - description: Number of port - to expose on the host. If - specified, this must be a - valid port number, 0 < x < - 65536. If HostNetwork is specified, - this must match ContainerPort. - Most containers do not need - this. - type: integer - format: int32 - name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. - Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - readinessProbe: - description: Probes are not allowed - for ephemeral containers. - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: Resources are not allowed - for ephemeral containers. Ephemeral - containers use spare resources already - allocated to the pod. - type: object - properties: - limits: - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: SecurityContext is not - allowed for ephemeral containers. - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs - flag will be set on the container - process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities - to add/drop when running containers. - Defaults to the default set - of capabilities granted by the - container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - privileged: - description: Run container in - privileged mode. Processes in - privileged containers are essentially - equivalent to root on the host. - Defaults to false. - type: boolean - procMount: - description: procMount denotes - the type of proc mount to use - for the containers. The default - is DefaultProcMount which uses - the container runtime defaults - for readonly paths and masked - paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the - entrypoint of the container - process. Uses runtime default - if unset. May also be set in - PodSecurityContext. If set - in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext - takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to - start the container if it does. - If unset or false, no such validation - will be performed. May also - be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the - entrypoint of the container - process. Defaults to user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: object - properties: - level: - description: Level is SELinux - level label that applies - to the container. - type: string - role: - description: Role is a SELinux - role label that applies - to the container. - type: string - type: - description: Type is a SELinux - type label that applies - to the container. - type: string - user: - description: User is a SELinux - user label that applies - to the container. - type: string - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options - from the PodSecurityContext - will be used. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of - the GMSA credential spec - named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName - in Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - startupProbe: - description: Probes are not allowed - for ephemeral containers. - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in - the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container - runtime should close the stdin channel - after it has been opened by a single - attach. When stdin is true the stdin - stream will remain open across multiple - attach sessions. If stdinOnce is - set to true, stdin is opened on - container start, is empty until - the first client attaches to stdin, - and then remains open and accepts - data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads - from stdin will never receive an - EOF. Default is false - type: boolean - targetContainerName: - description: If set, the name of the - container from PodSpec that this - ephemeral container targets. The - ephemeral container will be run - in the namespaces (IPC, PID, etc) - of this container. If not set then - the ephemeral container is run in - whatever namespaces are shared for - the pod. Note that the container - runtime must support this feature. - type: string - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s - filesystem. Message written is intended - to be brief final status, such as - an assertion failure message. Will - be truncated by the node if greater - than 4096 bytes. The total message - length across all containers will - be limited to 12kb. Defaults to - /dev/termination-log. Cannot be - updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status - message on both success and failure. - FallbackToLogsOnError will use the - last chunk of container log output - if the termination message file - is empty and the container exited - with an error. The log output is - limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to - File. Cannot be updated. - type: string - tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the - list of block devices to be used - by the container. - type: array - items: - description: volumeDevice describes - a mapping of a raw block device - within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. - type: string - name: - description: name must match - the name of a persistentVolumeClaim - in the pod - type: string - volumeMounts: - description: Pod volumes to mount - into the container's filesystem. - Cannot be updated. - type: array - items: - description: VolumeMount describes - a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the - container at which the volume - should be mounted. Must not - contain ':'. - type: string - mountPropagation: - description: mountPropagation - determines how mounts are - propagated from the host to - container and the other way - around. When not set, MountPropagationNone - is used. This field is beta - in 1.10. - type: string - name: - description: This must match - the Name of a Volume. - type: string - readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. - type: boolean - subPath: - description: Path within the - volume from which the container's - volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the - container's volume should - be mounted. Behaves similarly - to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. - If not specified, the container - runtime's default will be used, - which might be configured in the - container image. Cannot be updated. - type: string - hostAliases: - description: HostAliases is an optional - list of hosts and IPs that will be injected - into the pod's hosts file if specified. - This is only valid for non-hostNetwork - pods. - type: array - items: - description: HostAlias holds the mapping - between IP and hostnames that will be - injected as an entry in the pod's hosts - file. - type: object - properties: - hostnames: - description: Hostnames for the above - IP address. - type: array - items: - type: string - ip: - description: IP address of the host - file entry. - type: string - hostIPC: - description: 'Use the host''s ipc namespace. - Optional: Default to false.' - type: boolean - hostNetwork: - description: Host networking requested for - this pod. Use the host's network namespace. - If this option is set, the ports that - will be used must be specified. Default - to false. - type: boolean - hostPID: - description: 'Use the host''s pid namespace. - Optional: Default to false.' - type: boolean - hostname: - description: Specifies the hostname of the - Pod If not specified, the pod's hostname - will be set to a system-defined value. - type: string - imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the same - namespace to use for pulling any of the - images used by this PodSpec. If specified, - these secrets will be passed to individual - puller implementations for them to use. - For example, in the case of docker, only - DockerConfig type secrets are honored. - More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains - enough information to let you locate - the referenced object inside the same - namespace. - type: object - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - initContainers: - description: 'List of initialization containers - belonging to the pod. Init containers - are executed in order prior to containers - being started. If any init container fails, - the pod is considered to have failed and - is handled according to its restartPolicy. - The name for an init container or normal - container must be unique among all containers. - Init containers may not have Lifecycle - actions, Readiness probes, Liveness probes, - or Startup probes. The resourceRequirements - of an init container are taken into account - during scheduling by finding the highest - request/limit for each resource type, - and then using the max of of that value - or the sum of the normal containers. Limits - are applied to init containers in a similar - fashion. Init containers cannot currently - be added or removed. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: A single application container - that you want to run within a pod. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used - if this is not provided. Variable - references $(VAR_NAME) are expanded - using the container''s environment. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless - of whether the variable exists or - not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not - executed within a shell. The docker - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be - expanded, regardless of whether - the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables - to set in the container. Cannot - be updated. - type: array - items: - description: EnvVar represents an - environment variable present in - a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previous defined environment - variables in the container - and any service environment - variables. If a variable cannot - be resolved, the reference - in the input string will be - unchanged. The $(VAR_NAME) - syntax can be escaped with - a double $$, ie: $$(VAR_NAME). - Escaped references will never - be expanded, regardless of - whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the - environment variable's value. - Cannot be used if value is - not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key - of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key - to select. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its key must be - defined - type: boolean - fieldRef: - description: 'Selects a - field of the pod: supports - metadata.name, metadata.namespace, - metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key - of the secret to select - from. Must be a valid - secret key. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source - must be a C_IDENTIFIER. All invalid - keys will be reported as an event - when the container is starting. - When a key exists in multiple sources, - the value associated with the last - source will take precedence. Values - defined by an Env with a duplicate - key will take precedence. Cannot - be updated. - type: array - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to - select from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be - defined - type: boolean - prefix: - description: An optional identifier - to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - image: - description: 'Docker image name. More - info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow - higher level config management to - default or override container images - in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. - Defaults to Always if :latest tag - is specified, or IfNotPresent otherwise. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management - system should take in response to - container lifecycle events. Cannot - be updated. - type: object - properties: - postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated - and restarted according to its - restart policy. Other management - of the container blocks until - the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API - request or management event - such as liveness/startup probe - failure, preemption, resource - contention, etc. The handler - is not called if the container - crashes or exits. The reason - for termination is passed to - the handler. The Pod''s termination - grace period countdown begins - before the PreStop hooked is - executed. Regardless of the - outcome of the handler, the - container will eventually terminate - within the Pod''s termination - grace period. Other management - of the container blocks until - the hook completes or until - the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container - specified as a DNS_LABEL. Each container - in a pod must have a unique name - (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose - from the container. Exposing a port - here gives the system additional - information about the network connections - a container uses, but is primarily - informational. Not specifying a - port here DOES NOT prevent that - port from being exposed. Any port - which is listening on the default - "0.0.0.0" address inside a container - will be accessible from the network. - Cannot be updated. - type: array - items: - description: ContainerPort represents - a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port - to expose on the pod's IP - address. This must be a valid - port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to - bind the external port to. - type: string - hostPort: - description: Number of port - to expose on the host. If - specified, this must be a - valid port number, 0 < x < - 65536. If HostNetwork is specified, - this must match ContainerPort. - Most containers do not need - this. - type: integer - format: int32 - name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. - Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container - service readiness. Container will - be removed from service endpoints - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'Security options the - pod should run with. More info: - https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs - flag will be set on the container - process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities - to add/drop when running containers. - Defaults to the default set - of capabilities granted by the - container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - privileged: - description: Run container in - privileged mode. Processes in - privileged containers are essentially - equivalent to root on the host. - Defaults to false. - type: boolean - procMount: - description: procMount denotes - the type of proc mount to use - for the containers. The default - is DefaultProcMount which uses - the container runtime defaults - for readonly paths and masked - paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the - entrypoint of the container - process. Uses runtime default - if unset. May also be set in - PodSecurityContext. If set - in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext - takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to - start the container if it does. - If unset or false, no such validation - will be performed. May also - be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the - entrypoint of the container - process. Defaults to user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: object - properties: - level: - description: Level is SELinux - level label that applies - to the container. - type: string - role: - description: Role is a SELinux - role label that applies - to the container. - type: string - type: - description: Type is a SELinux - type label that applies - to the container. - type: string - user: - description: User is a SELinux - user label that applies - to the container. - type: string - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options - from the PodSecurityContext - will be used. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of - the GMSA credential spec - named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName - in Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - startupProbe: - description: 'StartupProbe indicates - that the Pod has successfully initialized. - If specified, no other probes are - executed until this completes successfully. - If this probe fails, the Pod will - be restarted, just as if the livenessProbe - failed. This can be used to provide - different probe parameters at the - beginning of a Pod''s lifecycle, - when it might take a long time to - load data or warm a cache, than - during steady-state operation. This - cannot be updated. This is a beta - feature enabled by the StartupProbe - feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in - the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container - runtime should close the stdin channel - after it has been opened by a single - attach. When stdin is true the stdin - stream will remain open across multiple - attach sessions. If stdinOnce is - set to true, stdin is opened on - container start, is empty until - the first client attaches to stdin, - and then remains open and accepts - data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads - from stdin will never receive an - EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s - filesystem. Message written is intended - to be brief final status, such as - an assertion failure message. Will - be truncated by the node if greater - than 4096 bytes. The total message - length across all containers will - be limited to 12kb. Defaults to - /dev/termination-log. Cannot be - updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status - message on both success and failure. - FallbackToLogsOnError will use the - last chunk of container log output - if the termination message file - is empty and the container exited - with an error. The log output is - limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to - File. Cannot be updated. - type: string - tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the - list of block devices to be used - by the container. - type: array - items: - description: volumeDevice describes - a mapping of a raw block device - within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. - type: string - name: - description: name must match - the name of a persistentVolumeClaim - in the pod - type: string - volumeMounts: - description: Pod volumes to mount - into the container's filesystem. - Cannot be updated. - type: array - items: - description: VolumeMount describes - a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the - container at which the volume - should be mounted. Must not - contain ':'. - type: string - mountPropagation: - description: mountPropagation - determines how mounts are - propagated from the host to - container and the other way - around. When not set, MountPropagationNone - is used. This field is beta - in 1.10. - type: string - name: - description: This must match - the Name of a Volume. - type: string - readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. - type: boolean - subPath: - description: Path within the - volume from which the container's - volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the - container's volume should - be mounted. Behaves similarly - to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. - If not specified, the container - runtime's default will be used, - which might be configured in the - container image. Cannot be updated. - type: string - nodeName: - description: NodeName is a request to schedule - this pod onto a specific node. If it is - non-empty, the scheduler simply schedules - this pod onto that node, assuming that - it fits resource requirements. - type: string - nodeSelector: - description: 'NodeSelector is a selector - which must be true for the pod to fit - on a node. Selector which must match a - node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - overhead: - description: 'Overhead represents the resource - overhead associated with running a pod - for a given RuntimeClass. This field will - be autopopulated at admission time by - the RuntimeClass admission controller. - If the RuntimeClass admission controller - is enabled, overhead must not be set in - Pod create requests. The RuntimeClass - admission controller will reject Pod create - requests which have the overhead already - set. If RuntimeClass is configured and - selected in the PodSpec, Overhead will - be set to the value defined in the corresponding - RuntimeClass, otherwise it will remain - unset and treated as zero. More info: - https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md - This field is alpha-level as of Kubernetes - v1.16, and is only honored by servers - that enable the PodOverhead feature.' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preemptionPolicy: - description: PreemptionPolicy is the Policy - for preempting pods with lower priority. - One of Never, PreemptLowerPriority. Defaults - to PreemptLowerPriority if unset. This - field is alpha-level and is only honored - by servers that enable the NonPreemptingPriority - feature. - type: string - priority: - description: The priority value. Various - system components use this field to find - the priority of the pod. When Priority - Admission Controller is enabled, it prevents - users from setting this field. The admission - controller populates this field from PriorityClassName. - The higher the value, the higher the priority. - type: integer - format: int32 - priorityClassName: - description: If specified, indicates the - pod's priority. "system-node-critical" - and "system-cluster-critical" are two - special keywords which indicate the highest - priorities with the former being the highest - priority. Any other name must be defined - by creating a PriorityClass object with - that name. If not specified, the pod priority - will be default or zero if there is no - default. - type: string - readinessGates: - description: 'If specified, all readiness - gates will be evaluated for pod readiness. - A pod is ready when all its containers - are ready AND all conditions specified - in the readiness gates have status equal - to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' - type: array - items: - description: PodReadinessGate contains - the reference to a pod condition - type: object - required: - - conditionType - properties: - conditionType: - description: ConditionType refers - to a condition in the pod's condition - list with matching type. - type: string - restartPolicy: - description: 'Restart policy for all containers - within the pod. One of Always, OnFailure, - Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' - type: string - runtimeClassName: - description: 'RuntimeClassName refers to - a RuntimeClass object in the node.k8s.io - group, which should be used to run this - pod. If no RuntimeClass resource matches - the named class, the pod will not be run. - If unset or empty, the "legacy" RuntimeClass - will be used, which is an implicit class - with an empty definition that uses the - default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is a beta feature as of Kubernetes - v1.14.' - type: string - schedulerName: - description: If specified, the pod will - be dispatched by specified scheduler. - If not specified, the pod will be dispatched - by default scheduler. - type: string - securityContext: - description: 'SecurityContext holds pod-level - security attributes and common container - settings. Optional: Defaults to empty. See - type description for default values of - each field.' - type: object - properties: - fsGroup: - description: "A special supplemental - group that applies to all containers - in a pod. Some volume types allow - the Kubelet to change the ownership - of that volume to be owned by the - pod: \n 1. The owning GID will be - the FSGroup 2. The setgid bit is set - (new files created in the volume will - be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If - unset, the Kubelet will not modify - the ownership and permissions of any - volume." - type: integer - format: int64 - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines - behavior of changing ownership and - permission of the volume before being - exposed inside Pod. This field will - only apply to volume types which support - fsGroup based ownership(and permissions). - It will have no effect on ephemeral - volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults - to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set - in SecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does - not run as UID 0 (root) and fail to - start the container if it does. If - unset or false, no such validation - will be performed. May also be set - in SecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults - to user specified in image metadata - if unspecified. May also be set in - SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value - specified in SecurityContext takes - precedence for that container. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context to - be applied to all containers. If unspecified, - the container runtime will allocate - a random SELinux context for each - container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - type: object - properties: - level: - description: Level is SELinux level - label that applies to the container. - type: string - role: - description: Role is a SELinux role - label that applies to the container. - type: string - type: - description: Type is a SELinux type - label that applies to the container. - type: string - user: - description: User is a SELinux user - label that applies to the container. - type: string - supplementalGroups: - description: A list of groups applied - to the first process run in each container, - in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. - type: array - items: - type: integer - format: int64 - sysctls: - description: Sysctls hold a list of - namespaced sysctls used for the pod. - Pods with unsupported sysctls (by - the container runtime) might fail - to launch. - type: array - items: - description: Sysctl defines a kernel - parameter to be set - type: object - required: - - name - - value - properties: - name: - description: Name of a property - to set - type: string - value: - description: Value of a property - to set - type: string - windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options within a container's SecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value - specified in SecurityContext takes - precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user - specified in image metadata if - unspecified. May also be set in - PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - serviceAccount: - description: 'DeprecatedServiceAccount is - a depreciated alias for ServiceAccountName. - Deprecated: Use serviceAccountName instead.' - type: string - serviceAccountName: - description: 'ServiceAccountName is the - name of the ServiceAccount to use to run - this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - shareProcessNamespace: - description: 'Share a single process namespace - between all of the containers in a pod. - When this is set containers will be able - to view and signal processes from other - containers in the same pod, and the first - process in each container will not be - assigned PID 1. HostPID and ShareProcessNamespace - cannot both be set. Optional: Default - to false.' - type: boolean - subdomain: - description: If specified, the fully qualified - Pod hostname will be "...svc.". If not - specified, the pod will not have a domainname - at all. - type: string - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully. - May be decreased in delete request. Value - must be non-negative integer. The value - zero indicates delete immediately. If - this value is nil, the default grace period - will be used instead. The grace period - is the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. Defaults - to 30 seconds. - type: integer - format: int64 - tolerations: - description: If specified, the pod's tolerations. - type: array - items: - description: The pod this Toleration is - attached to tolerates any taint that - matches the triple - using the matching operator . - type: object - properties: - effect: - description: Effect indicates the - taint effect to match. Empty means - match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key - that the toleration applies to. - Empty means match all taint keys. - If the key is empty, operator must - be Exists; this combination means - to match all values and all keys. - type: string - operator: - description: Operator represents a - key's relationship to the value. - Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent - to wildcard for value, so that a - pod can tolerate all taints of a - particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) - tolerates the taint. By default, - it is not set, which means tolerate - the taint forever (do not evict). - Zero and negative values will be - treated as 0 (evict immediately) - by the system. - type: integer - format: int64 - value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. - type: string - topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across - topology domains. Scheduler will schedule - pods in a way which abides by the constraints. - This field is only honored by clusters - that enable the EvenPodsSpread feature. - All topologySpreadConstraints are ANDed. - type: array - items: - description: TopologySpreadConstraint - specifies how to spread matching pods - among the given topology. - type: object - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - properties: - labelSelector: - description: LabelSelector is used - to find matching pods. Pods that - match this label selector are counted - to determine the number of pods - in their corresponding topology - domain. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - type: array - items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - maxSkew: - description: 'MaxSkew describes the - degree to which pods may be unevenly - distributed. It''s the maximum permitted - difference between the number of - matching pods in any two topology - domains of a given topology type. - For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with - the same labelSelector spread as - 1/1/0: | zone1 | zone2 | zone3 | - | P | P | | - if MaxSkew - is 1, incoming pod can only be scheduled - to zone3 to become 1/1/1; scheduling - it onto zone1(zone2) would make - the ActualSkew(2-0) on zone1(zone2) - violate MaxSkew(1). - if MaxSkew - is 2, incoming pod can be scheduled - onto any zone. It''s a required - field. Default value is 1 and 0 - is not allowed.' - type: integer - format: int32 - topologyKey: - description: TopologyKey is the key - of node labels. Nodes that have - a label with this key and identical - values are considered to be in the - same topology. We consider each - as a "bucket", and - try to put balanced number of pods - into each bucket. It's a required - field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t - satisfy the spread constraint. - - DoNotSchedule (default) tells the - scheduler not to schedule it - ScheduleAnyway - tells the scheduler to still schedule - it It''s considered as "Unsatisfiable" - if and only if placing incoming - pod on any topology violates "MaxSkew". - For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with - the same labelSelector spread as - 3/1/1: | zone1 | zone2 | zone3 | - | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming - pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can - still be imbalanced, but scheduler - won''t make it *more* imbalanced. - It''s a required field.' - type: string - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - description: 'List of volumes that can be - mounted by containers belonging to the - pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named - volume in a pod that may be accessed - by any container in the pod. - type: object - required: - - name - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore - represents an AWS Disk resource - that is attached to a kubelet''s - host machine and then exposed to - the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - partition: - description: 'The partition in - the volume that you want to - mount. If omitted, the default - is to mount by volume name. - Examples: For volume /dev/sda1, - you specify the partition as - "1". Similarly, the volume partition - for /dev/sda is "0" (or you - can leave the property empty).' - type: integer - format: int32 - readOnly: - description: 'Specify "true" to - force and set the ReadOnly property - in VolumeMounts to "true". If - omitted, the default is "false". - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the - persistent disk resource in - AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - azureDisk: - description: AzureDisk represents - an Azure Data Disk mount on the - host and bind mount to the pod. - type: object - required: - - diskName - - diskURI - properties: - cachingMode: - description: 'Host Caching mode: - None, Read Only, Read Write.' - type: string - diskName: - description: The Name of the data - disk in the blob storage - type: string - diskURI: - description: The URI the data - disk in the blob storage - type: string - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - kind: - description: 'Expected values - Shared: multiple blob disks - per storage account Dedicated: - single blob disk per storage - account Managed: azure managed - data disk (only in managed availability - set). defaults to shared' - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - azureFile: - description: AzureFile represents - an Azure File Service mount on the - host and bind mount to the pod. - type: object - required: - - secretName - - shareName - properties: - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretName: - description: the name of secret - that contains Azure Storage - Account Name and Key - type: string - shareName: - description: Share Name - type: string - cephfs: - description: CephFS represents a Ceph - FS mount on the host that shares - a pod's lifetime - type: object - required: - - monitors - properties: - monitors: - description: 'Required: Monitors - is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: array - items: - type: string - path: - description: 'Optional: Used as - the mounted root, rather than - the full Ceph tree, default - is /' - type: string - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile - is the path to key ring for - User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef - is reference to the authentication - secret for User, default is - empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - user: - description: 'Optional: User is - the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - cinder: - description: 'Cinder represents a - cinder volume attached and mounted - on kubelets host machine. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type - to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred - to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. More - info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points - to a secret object containing - parameters used to connect to - OpenStack.' - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - volumeID: - description: 'volume id used to - identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - configMap: - description: ConfigMap represents - a configMap that should populate - this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a value between 0 and - 0777. Defaults to 0644. Directories - within the path are not affected - by this setting. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each - key-value pair in the Data field - of the referenced ConfigMap - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the ConfigMap, the volume - setup will error unless it is - marked optional. Paths must - be relative and may not contain - the '..' path or start with - '..'. - type: array - items: - description: Maps a string key - to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to - project. - type: string - mode: - description: 'Optional: - mode bits to use on this - file, must be a value - between 0 and 0777. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, - like fsGroup, and the - result can be other mode - bits set.' - type: integer - format: int32 - path: - description: The relative - path of the file to map - the key to. May not be - an absolute path. May - not contain the path element - '..'. May not start with - the string '..'. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - ConfigMap or its keys must be - defined - type: boolean - csi: - description: CSI (Container Storage - Interface) represents storage that - is handled by an external CSI driver - (Alpha feature). - type: object - required: - - driver - properties: - driver: - description: Driver is the name - of the CSI driver that handles - this volume. Consult with your - admin for the correct name as - registered in the cluster. - type: string - fsType: - description: Filesystem type to - mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value - is passed to the associated - CSI driver which will determine - the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef - is a reference to the secret - object containing sensitive - information to pass to the CSI - driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. - This field is optional, and may - be empty if no secret is required. - If the secret object contains - more than one secret, all secret - references are passed. - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - readOnly: - description: Specifies a read-only - configuration for the volume. - Defaults to false (read/write). - type: boolean - volumeAttributes: - description: VolumeAttributes - stores driver-specific properties - that are passed to the CSI driver. - Consult your driver's documentation - for supported values. - type: object - additionalProperties: - type: string - downwardAPI: - description: DownwardAPI represents - downward API about the pod that - should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a value between 0 and - 0777. Defaults to 0644. Directories - within the path are not affected - by this setting. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' - type: integer - format: int32 - items: - description: Items is a list of - downward API volume file - type: array - items: - description: DownwardAPIVolumeFile - represents information to - create the file containing - the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: - Selects a field of the - pod: only annotations, - labels, name and namespace - are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - mode: - description: 'Optional: - mode bits to use on this - file, must be a value - between 0 and 0777. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, - like fsGroup, and the - result can be other mode - bits set.' - type: integer - format: int32 - path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must not - be absolute or contain - the ''..'' path. Must - be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - emptyDir: - description: 'EmptyDir represents - a temporary directory that shares - a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: object - properties: - medium: - description: 'What type of storage - medium should back this directory. - The default is "" which means - to use the node''s default medium. - Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of - local storage required for this - EmptyDir volume. The size limit - is also applicable for memory - medium. The maximum usage on - memory medium EmptyDir would - be the minimum value between - the SizeLimit specified here - and the sum of memory limits - of all containers in a pod. - The default is nil which means - that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - fc: - description: FC represents a Fibre - Channel resource that is attached - to a kubelet's host machine and - then exposed to the pod. - type: object - properties: - fsType: - description: 'Filesystem type - to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. TODO: how do - we prevent errors in the filesystem - from compromising the machine' - type: string - lun: - description: 'Optional: FC target - lun number' - type: integer - format: int32 - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target - worldwide names (WWNs)' - type: array - items: - type: string - wwids: - description: 'Optional: FC volume - world wide identifiers (wwids) - Either wwids or combination - of targetWWNs and lun must be - set, but not both simultaneously.' - type: array - items: - type: string - flexVolume: - description: FlexVolume represents - a generic volume resource that is - provisioned/attached using an exec - based plugin. - type: object - required: - - driver - properties: - driver: - description: Driver is the name - of the driver to use for this - volume. - type: string - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends - on FlexVolume script. - type: string - options: - description: 'Optional: Extra - command options if any.' - type: object - additionalProperties: - type: string - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef - is reference to the secret object - containing sensitive information - to pass to the plugin scripts. - This may be empty if no secret - object is specified. If the - secret object contains more - than one secret, all secrets - are passed to the plugin scripts.' - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - flocker: - description: Flocker represents a - Flocker volume attached to a kubelet's - host machine. This depends on the - Flocker control service being running - type: object - properties: - datasetName: - description: Name of the dataset - stored as metadata -> name on - the dataset for Flocker should - be considered as deprecated - type: string - datasetUUID: - description: UUID of the dataset. - This is unique identifier of - a Flocker dataset - type: string - gcePersistentDisk: - description: 'GCEPersistentDisk represents - a GCE Disk resource that is attached - to a kubelet''s host machine and - then exposed to the pod. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: object - required: - - pdName - properties: - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - partition: - description: 'The partition in - the volume that you want to - mount. If omitted, the default - is to mount by volume name. - Examples: For volume /dev/sda1, - you specify the partition as - "1". Similarly, the volume partition - for /dev/sda is "0" (or you - can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: integer - format: int32 - pdName: - description: 'Unique name of the - PD resource in GCE. Used to - identify the disk in GCE. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - gitRepo: - description: 'GitRepo represents a - git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. - To provision a container with a - git repo, mount an EmptyDir into - an InitContainer that clones the - repo using git, then mount the EmptyDir - into the Pod''s container.' - type: object - required: - - repository - properties: - directory: - description: Target directory - name. Must not contain or start - with '..'. If '.' is supplied, - the volume directory will be - the git repository. Otherwise, - if specified, the volume will - contain the git repository in - the subdirectory with the given - name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the - specified revision. - type: string - glusterfs: - description: 'Glusterfs represents - a Glusterfs mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/glusterfs/README.md' - type: object - required: - - endpoints - - path - properties: - endpoints: - description: 'EndpointsName is - the endpoint name that details - Glusterfs topology. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will - force the Glusterfs volume to - be mounted with read-only permissions. - Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - hostPath: - description: 'HostPath represents - a pre-existing file or directory - on the host machine that is directly - exposed to the container. This is - generally used for system agents - or other privileged things that - are allowed to see the host machine. - Most containers will NOT need this. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts - and who can/can not mount host directories - as read/write.' - type: object - required: - - path - properties: - path: - description: 'Path of the directory - on the host. If the path is - a symlink, it will follow the - link to the real path. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath - Volume Defaults to "" More info: - https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - iscsi: - description: 'ISCSI represents an - ISCSI Disk resource that is attached - to a kubelet''s host machine and - then exposed to the pod. More info: - https://examples.k8s.io/volumes/iscsi/README.md' - type: object - required: - - iqn - - lun - - targetPortal - properties: - chapAuthDiscovery: - description: whether support iSCSI - Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI - Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator - Name. If initiatorName is specified - with iscsiInterface simultaneously, - new iSCSI interface : will be - created for the connection. - type: string - iqn: - description: Target iSCSI Qualified - Name. - type: string - iscsiInterface: - description: iSCSI Interface Name - that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun - number. - type: integer - format: int32 - portals: - description: iSCSI Target Portal - List. The portal is either an - IP or ip_addr:port if the port - is other than default (typically - TCP ports 860 and 3260). - type: array - items: - type: string - readOnly: - description: ReadOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI - target and initiator authentication - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - targetPortal: - description: iSCSI Target Portal. - The Portal is either an IP or - ip_addr:port if the port is - other than default (typically - TCP ports 860 and 3260). - type: string - name: - description: 'Volume''s name. Must - be a DNS_LABEL and unique within - the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS - mount on the host that shares a - pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: object - required: - - path - - server - properties: - path: - description: 'Path that is exported - by the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will - force the NFS export to be mounted - with read-only permissions. - Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname - or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: object - required: - - claimName - properties: - claimName: - description: 'ClaimName is the - name of a PersistentVolumeClaim - in the same namespace as the - pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly - setting in VolumeMounts. Default - false. - type: boolean - photonPersistentDisk: - description: PhotonPersistentDisk - represents a PhotonController persistent - disk attached and mounted on kubelets - host machine - type: object - required: - - pdID - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - pdID: - description: ID that identifies - Photon Controller persistent - disk - type: string - portworxVolume: - description: PortworxVolume represents - a portworx volume attached and mounted - on kubelets host machine - type: object - required: - - volumeID - properties: - fsType: - description: FSType represents - the filesystem type to mount - Must be a filesystem type supported - by the host operating system. - Ex. "ext4", "xfs". Implicitly - inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely - identifies a Portworx volume - type: string - projected: - description: Items for all in one - resources secrets, configmaps, and - downward API - type: object - required: - - sources - properties: - defaultMode: - description: Mode bits to use - on created files by default. - Must be a value between 0 and - 0777. Directories within the - path are not affected by this - setting. This might be in conflict - with other options that affect - the file mode, like fsGroup, - and the result can be other - mode bits set. - type: integer - format: int32 - sources: - description: list of volume projections - type: array - items: - description: Projection that - may be projected along with - other supported volume types - type: object - properties: - configMap: - description: information - about the configMap data - to project - type: object - properties: - items: - description: If unspecified, - each key-value pair - in the Data field - of the referenced - ConfigMap will be - projected into the - volume as a file whose - name is the key and - content is the value. - If specified, the - listed keys will be - projected into the - specified paths, and - unlisted keys will - not be present. If - a key is specified - which is not present - in the ConfigMap, - the volume setup will - error unless it is - marked optional. Paths - must be relative and - may not contain the - '..' path or start - with '..'. - type: array - items: - description: Maps - a string key to - a path within a - volume. - type: object - required: - - key - - path - properties: - key: - description: The - key to project. - type: string - mode: - description: 'Optional: - mode bits to - use on this - file, must be - a value between - 0 and 0777. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' - type: integer - format: int32 - path: - description: The - relative path - of the file - to map the key - to. May not - be an absolute - path. May not - contain the - path element - '..'. May not - start with the - string '..'. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its keys must be - defined - type: boolean - downwardAPI: - description: information - about the downwardAPI - data to project - type: object - properties: - items: - description: Items is - a list of DownwardAPIVolume - file - type: array - items: - description: DownwardAPIVolumeFile - represents information - to create the file - containing the pod - field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: - Selects a field - of the pod: - only annotations, - labels, name - and namespace - are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema - the FieldPath - is written - in terms - of, defaults - to "v1". - type: string - fieldPath: - description: Path - of the field - to select - in the specified - API version. - type: string - mode: - description: 'Optional: - mode bits to - use on this - file, must be - a value between - 0 and 0777. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' - type: integer - format: int32 - path: - description: 'Required: - Path is the - relative path - name of the - file to be created. - Must not be - absolute or - contain the - ''..'' path. - Must be utf-8 - encoded. The - first item of - the relative - path must not - start with ''..''' - type: string - resourceFieldRef: - description: 'Selects - a resource of - the container: - only resources - limits and requests - (limits.cpu, - limits.memory, - requests.cpu - and requests.memory) - are currently - supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required - for volumes, - optional - for env - vars' - type: string - divisor: - description: Specifies - the output - format of - the exposed - resources, - defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource - to select' - type: string - secret: - description: information - about the secret data - to project - type: object - properties: - items: - description: If unspecified, - each key-value pair - in the Data field - of the referenced - Secret will be projected - into the volume as - a file whose name - is the key and content - is the value. If specified, - the listed keys will - be projected into - the specified paths, - and unlisted keys - will not be present. - If a key is specified - which is not present - in the Secret, the - volume setup will - error unless it is - marked optional. Paths - must be relative and - may not contain the - '..' path or start - with '..'. - type: array - items: - description: Maps - a string key to - a path within a - volume. - type: object - required: - - key - - path - properties: - key: - description: The - key to project. - type: string - mode: - description: 'Optional: - mode bits to - use on this - file, must be - a value between - 0 and 0777. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' - type: integer - format: int32 - path: - description: The - relative path - of the file - to map the key - to. May not - be an absolute - path. May not - contain the - path element - '..'. May not - start with the - string '..'. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - serviceAccountToken: - description: information - about the serviceAccountToken - data to project - type: object - required: - - path - properties: - audience: - description: Audience - is the intended audience - of the token. A recipient - of a token must identify - itself with an identifier - specified in the audience - of the token, and - otherwise should reject - the token. The audience - defaults to the identifier - of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds - is the requested duration - of validity of the - service account token. - As the token approaches - expiration, the kubelet - volume plugin will - proactively rotate - the service account - token. The kubelet - will start trying - to rotate the token - if the token is older - than 80 percent of - its time to live or - if the token is older - than 24 hours.Defaults - to 1 hour and must - be at least 10 minutes. - type: integer - format: int64 - path: - description: Path is - the path relative - to the mount point - of the file to project - the token into. - type: string - quobyte: - description: Quobyte represents a - Quobyte mount on the host that shares - a pod's lifetime - type: object - required: - - registry - - volume - properties: - group: - description: Group to map volume - access to Default is no group - type: string - readOnly: - description: ReadOnly here will - force the Quobyte volume to - be mounted with read-only permissions. - Defaults to false. - type: boolean - registry: - description: Registry represents - a single or multiple Quobyte - Registry services specified - as a string as host:port pair - (multiple entries are separated - with commas) which acts as the - central registry for volumes - type: string - tenant: - description: Tenant owning the - given Quobyte volume in the - Backend Used with dynamically - provisioned Quobyte volumes, - value is set by the plugin - type: string - user: - description: User to map volume - access to Defaults to serivceaccount - user - type: string - volume: - description: Volume is a string - that references an already created - Quobyte volume by name. - type: string - rbd: - description: 'RBD represents a Rados - Block Device mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' - type: object - required: - - image - - monitors - properties: - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - image: - description: 'The rados image - name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path - to key ring for RBDUser. Default - is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of - Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: array - items: - type: string - pool: - description: 'The rados pool name. - Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name - of the authentication secret - for RBDUser. If provided overrides - keyring. Default is nil. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - user: - description: 'The rados user name. - Default is admin. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - scaleIO: - description: ScaleIO represents a - ScaleIO persistent volume attached - and mounted on Kubernetes nodes. - type: object - required: - - gateway - - secretRef - - system - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". - type: string - gateway: - description: The host address - of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO - Protection Domain for the configured - storage. - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references - to the secret for ScaleIO user - and other sensitive information. - If this is not provided, Login - operation will fail. - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - sslEnabled: - description: Flag to enable/disable - SSL communication with Gateway, - default false - type: boolean - storageMode: - description: Indicates whether - the storage for a volume should - be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage - Pool associated with the protection - domain. - type: string - system: - description: The name of the storage - system as configured in ScaleIO. - type: string - volumeName: - description: The name of a volume - already created in the ScaleIO - system that is associated with - this volume source. - type: string - secret: - description: 'Secret represents a - secret that should populate this - volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a value between 0 and - 0777. Defaults to 0644. Directories - within the path are not affected - by this setting. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each - key-value pair in the Data field - of the referenced Secret will - be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the Secret, the volume setup - will error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. - type: array - items: - description: Maps a string key - to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to - project. - type: string - mode: - description: 'Optional: - mode bits to use on this - file, must be a value - between 0 and 0777. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, - like fsGroup, and the - result can be other mode - bits set.' - type: integer - format: int32 - path: - description: The relative - path of the file to map - the key to. May not be - an absolute path. May - not contain the path element - '..'. May not start with - the string '..'. - type: string - optional: - description: Specify whether the - Secret or its keys must be defined - type: boolean - secretName: - description: 'Name of the secret - in the pod''s namespace to use. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - storageos: - description: StorageOS represents - a StorageOS volume attached and - mounted on Kubernetes nodes. - type: object - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies - the secret to use for obtaining - the StorageOS API credentials. If - not specified, default values - will be attempted. - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - volumeName: - description: VolumeName is the - human-readable name of the StorageOS - volume. Volume names are only - unique within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies - the scope of the volume within - StorageOS. If no namespace - is specified then the Pod's - namespace will be used. This - allows the Kubernetes name scoping - to be mirrored within StorageOS - for tighter integration. Set - VolumeName to any name to override - the default behaviour. Set to - "default" if you are not using - namespaces within StorageOS. - Namespaces that do not pre-exist - within StorageOS will be created. - type: string - vsphereVolume: - description: VsphereVolume represents - a vSphere volume attached and mounted - on kubelets host machine - type: object - required: - - volumePath - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based - Management (SPBM) profile ID - associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based - Management (SPBM) profile name. - type: string - volumePath: - description: Path that identifies - vSphere volume vmdk - type: string - permissions: - type: array - items: - description: StrategyDeploymentPermissions describe the - rbac rules and service account needed by the install strategy - type: object - required: - - rules - - serviceAccountName - properties: - rules: - type: array - items: - description: PolicyRule holds information that describes - a policy rule, but does not contain information - about who the rule applies to or which namespace - the rule applies to. - type: object - required: - - verbs - properties: - apiGroups: - description: APIGroups is the name of the APIGroup - that contains the resources. If multiple API - groups are specified, any action requested against - one of the enumerated resources in any API group - will be allowed. - type: array - items: - type: string - nonResourceURLs: - description: NonResourceURLs is a set of partial - urls that a user should have access to. *s - are allowed, but only as the full, final step - in the path Since non-resource URLs are not - namespaced, this field is only applicable for - ClusterRoles referenced from a ClusterRoleBinding. - Rules can either apply to API resources (such - as "pods" or "secrets") or non-resource URL - paths (such as "/api"), but not both. - type: array - items: - type: string - resourceNames: - description: ResourceNames is an optional white - list of names that the rule applies to. An - empty set means that everything is allowed. - type: array - items: - type: string - resources: - description: Resources is a list of resources - this rule applies to. ResourceAll represents - all resources. - type: array - items: - type: string - verbs: - description: Verbs is a list of Verbs that apply - to ALL the ResourceKinds and AttributeRestrictions - contained in this rule. VerbAll represents - all kinds. - type: array - items: - type: string - serviceAccountName: - type: string - strategy: - type: string - installModes: - description: InstallModes specify supported installation types - type: array - items: - description: InstallMode associates an InstallModeType with a flag - representing if the CSV supports it - type: object - required: - - supported - - type - properties: - supported: - type: boolean - type: - description: InstallModeType is a supported type of install - mode for CSV installation - type: string - keywords: - type: array - items: - type: string - labels: - description: Map of string keys and values that can be used to organize - and categorize (scope and select) objects. - type: object - additionalProperties: - type: string - links: - type: array - items: - type: object - properties: - name: - type: string - url: - type: string - maintainers: - type: array - items: - type: object - properties: - email: - type: string - name: - type: string - maturity: - type: string - minKubeVersion: - type: string - nativeAPIs: - type: array - items: - description: GroupVersionKind unambiguously identifies a kind. It - doesn't anonymously include GroupVersion to avoid automatic coersion. It - doesn't use a GroupVersion to avoid custom marshalling - type: object - required: - - group - - kind - - version - properties: - group: - type: string - kind: - type: string - version: - type: string - provider: - type: object - properties: - name: - type: string - url: - type: string - replaces: - description: The name of a CSV this one replaces. Should match the - `metadata.Name` field of the old CSV. - type: string - selector: - description: Label selector for related resources. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - version: - description: OperatorVersion is a wrapper around semver.Version which - supports correct marshaling to YAML and JSON. - type: string - webhookdefinitions: - type: array - items: - description: WebhookDescription provides details to OLM about required - webhooks - type: object - required: - - admissionReviewVersions - - generateName - - sideEffects - - type - properties: - admissionReviewVersions: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - failurePolicy: - type: string - generateName: - type: string - matchPolicy: - description: MatchPolicyType specifies the type of match policy - type: string - objectSelector: - description: A label selector is a label query over a set of - resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. A - null label selector matches no objects. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - reinvocationPolicy: - description: ReinvocationPolicyType specifies what type of policy - the admission hook uses. - type: string - rules: - type: array - items: - description: RuleWithOperations is a tuple of Operations and - Resources. It is recommended to make sure that all the tuple - expansions are valid. - type: object - properties: - apiGroups: - description: APIGroups is the API groups the resources - belong to. '*' is all groups. If '*' is present, the - length of the slice must be one. Required. - type: array - items: - type: string - apiVersions: - description: APIVersions is the API versions the resources - belong to. '*' is all versions. If '*' is present, the - length of the slice must be one. Required. - type: array - items: - type: string - operations: - description: Operations is the operations the admission - hook cares about - CREATE, UPDATE, or * for all operations. - If '*' is present, the length of the slice must be one. - Required. - type: array - items: - type: string - resources: - description: "Resources is a list of resources this rule - applies to. \n For example: 'pods' means pods. 'pods/log' - means the log subresource of pods. '*' means all resources, - but not subresources. 'pods/*' means all subresources - of pods. '*/scale' means all scale subresources. '*/*' - means all resources and their subresources. \n If wildcard - is present, the validation rule will ensure resources - do not overlap with each other. \n Depending on the - enclosing object, subresources might not be allowed. - Required." - type: array - items: - type: string - scope: - description: scope specifies the scope of this rule. Valid - values are "Cluster", "Namespaced", and "*" "Cluster" - means that only cluster-scoped resources will match - this rule. Namespace API objects are cluster-scoped. - "Namespaced" means that only namespaced resources will - match this rule. "*" means that there are no scope restrictions. - Subresources match the scope of their parent resource. - Default is "*". - type: string - sideEffects: - type: string - timeoutSeconds: - type: integer - format: int32 - type: - description: WebhookAdmissionType is the type of admission webhooks - supported by OLM - type: string - enum: - - ValidatingAdmissionWebhook - - MutatingAdmissionWebhook - webhookPath: - type: string - status: - description: ClusterServiceVersionStatus represents information about - the status of a pod. Status may trail the actual state of a system. - type: object - properties: - certsLastUpdated: - description: Last time the owned APIService certs were updated - type: string - format: date-time - certsRotateAt: - description: Time the owned APIService certs will rotate next - type: string - format: date-time - conditions: - description: List of conditions, a history of state transitions - type: array - items: - description: Conditions appear in the status as a record of state - transitions on the ClusterServiceVersion - type: object - properties: - lastTransitionTime: - description: Last time the status transitioned from one status - to another. - type: string - format: date-time - lastUpdateTime: - description: Last time we updated the status - type: string - format: date-time - message: - description: A human readable message indicating details about - why the ClusterServiceVersion is in this condition. - type: string - phase: - description: Condition of the ClusterServiceVersion - type: string - reason: - description: A brief CamelCase message indicating details about - why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' - type: string - lastTransitionTime: - description: Last time the status transitioned from one status to - another. - type: string - format: date-time - lastUpdateTime: - description: Last time we updated the status - type: string - format: date-time - message: - description: A human readable message indicating details about why - the ClusterServiceVersion is in this condition. - type: string - phase: - description: Current condition of the ClusterServiceVersion - type: string - reason: - description: A brief CamelCase message indicating details about why - the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' - type: string - requirementStatus: - description: The status of each requirement for this CSV - type: array - items: - type: object - required: - - group - - kind - - message - - name - - status - - version - properties: - dependents: - type: array - items: - description: DependentStatus is the status for a dependent - requirement (to prevent infinite nesting) - type: object - required: - - group - - kind - - status - - version - properties: - group: - type: string - kind: - type: string - message: - type: string - status: - description: StatusReason is a camelcased reason for the - status of a RequirementStatus or DependentStatus - type: string - uuid: - type: string - version: - type: string - group: - type: string - kind: - type: string - message: - type: string - name: - type: string - status: - description: StatusReason is a camelcased reason for the status - of a RequirementStatus or DependentStatus - type: string - uuid: - type: string - version: - type: string - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-installplans.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-installplans.crd.yaml deleted file mode 100644 index 01df038793..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-installplans.crd.yaml +++ /dev/null @@ -1,308 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-installplans.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: installplans.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: InstallPlan - listKind: InstallPlanList - plural: installplans - shortNames: - - ip - singular: installplan - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The first CSV in the list of clusterServiceVersionNames - jsonPath: .spec.clusterServiceVersionNames[0] - name: CSV - type: string - - description: The approval mode - jsonPath: .spec.approval - name: Approval - type: string - - jsonPath: .spec.approved - name: Approved - type: boolean - name: v1alpha1 - schema: - openAPIV3Schema: - description: InstallPlan defines the installation of a set of operators. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: InstallPlanSpec defines a set of Application resources to - be installed - type: object - required: - - approval - - approved - - clusterServiceVersionNames - properties: - approval: - description: Approval is the user approval policy for an InstallPlan. - type: string - approved: - type: boolean - clusterServiceVersionNames: - type: array - items: - type: string - generation: - type: integer - source: - type: string - sourceNamespace: - type: string - status: - description: "InstallPlanStatus represents the information about the status - of steps required to complete installation. \n Status may trail the - actual state of a system." - type: object - required: - - catalogSources - - phase - properties: - attenuatedServiceAccountRef: - description: AttenuatedServiceAccountRef references the service account - that is used to do scoped operator install. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - bundleLookups: - description: BundleLookups is the set of in-progress requests to pull - and unpackage bundle content to the cluster. - type: array - items: - description: BundleLookup is a request to pull and unpackage the - content of a bundle to the cluster. - type: object - required: - - catalogSourceRef - - identifier - - path - - replaces - properties: - catalogSourceRef: - description: CatalogSourceRef is a reference to the CatalogSource - the bundle path was resolved from. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container - within a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that - triggered the event) or if no container name is specified - "spec.containers[2]" (container with index 2 in this pod). - This syntax is chosen only to have some well-defined way - of referencing a part of an object. TODO: this design - is not final and this field is subject to change in the - future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - conditions: - description: Conditions represents the overall state of a BundleLookup. - type: array - items: - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: Last time the condition transitioned from - one status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time the condition was probed. - type: string - format: date-time - message: - description: A human readable message indicating details - about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, - Unknown. - type: string - type: - description: Type of condition. - type: string - identifier: - description: Identifier is the catalog-unique name of the operator - (the name of the CSV for bundles that contain CSVs) - type: string - path: - description: Path refers to the location of a bundle to pull. - It's typically an image reference. - type: string - replaces: - description: Replaces is the name of the bundle to replace with - the one found at Path. - type: string - catalogSources: - type: array - items: - type: string - conditions: - type: array - items: - description: InstallPlanCondition represents the overall status - of the execution of an InstallPlan. - type: object - properties: - lastTransitionTime: - type: string - format: date-time - lastUpdateTime: - type: string - format: date-time - message: - type: string - reason: - description: ConditionReason is a camelcased reason for the - state transition. - type: string - status: - type: string - type: - description: InstallPlanConditionType describes the state of - an InstallPlan at a certain point as a whole. - type: string - phase: - description: InstallPlanPhase is the current status of a InstallPlan - as a whole. - type: string - plan: - type: array - items: - description: Step represents the status of an individual step in - an InstallPlan. - type: object - required: - - resolving - - resource - - status - properties: - resolving: - type: string - resource: - description: StepResource represents the status of a resource - to be tracked by an InstallPlan. - type: object - required: - - group - - kind - - name - - sourceName - - sourceNamespace - - version - properties: - group: - type: string - kind: - type: string - manifest: - type: string - name: - type: string - sourceName: - type: string - sourceNamespace: - type: string - version: - type: string - status: - description: StepStatus is the current status of a particular - resource an in InstallPlan - type: string - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-namespace.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-namespace.yaml deleted file mode 100644 index 13917074d8..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-namespace.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: olm ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: operators diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-operatorgroups.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-operatorgroups.crd.yaml deleted file mode 100644 index e1fd39a608..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-operatorgroups.crd.yaml +++ /dev/null @@ -1,313 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-operatorgroups.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: operatorgroups.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: OperatorGroup - listKind: OperatorGroupList - plural: operatorgroups - shortNames: - - og - singular: operatorgroup - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: OperatorGroup is the unit of multitenancy for OLM managed operators. - It constrains the installation of operators in its namespace to a specified - set of target namespaces. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorGroupSpec is the spec for an OperatorGroup resource. - type: object - properties: - selector: - description: Selector selects the OperatorGroup's target namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - serviceAccountName: - description: ServiceAccountName is the admin specified service account - which will be used to deploy operator(s) in this operator group. - type: string - staticProvidedAPIs: - description: Static tells OLM not to update the OperatorGroup's providedAPIs - annotation - type: boolean - targetNamespaces: - description: TargetNamespaces is an explicit set of namespaces to - target. If it is set, Selector is ignored. - type: array - items: - type: string - x-kubernetes-list-type: set - status: - description: OperatorGroupStatus is the status for an OperatorGroupResource. - type: object - required: - - lastUpdated - properties: - lastUpdated: - description: LastUpdated is a timestamp of the last time the OperatorGroup's - status was Updated. - type: string - format: date-time - namespaces: - description: Namespaces is the set of target namespaces for the OperatorGroup. - type: array - items: - type: string - x-kubernetes-list-type: set - serviceAccountRef: - description: ServiceAccountRef references the service account object - specified. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: true - subresources: - status: {} - - name: v1alpha2 - schema: - openAPIV3Schema: - description: OperatorGroup is the unit of multitenancy for OLM managed operators. - It constrains the installation of operators in its namespace to a specified - set of target namespaces. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorGroupSpec is the spec for an OperatorGroup resource. - type: object - properties: - selector: - description: Selector selects the OperatorGroup's target namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - serviceAccountName: - description: ServiceAccountName is the admin specified service account - which will be used to deploy operator(s) in this operator group. - type: string - staticProvidedAPIs: - description: Static tells OLM not to update the OperatorGroup's providedAPIs - annotation - type: boolean - targetNamespaces: - description: TargetNamespaces is an explicit set of namespaces to - target. If it is set, Selector is ignored. - type: array - items: - type: string - status: - description: OperatorGroupStatus is the status for an OperatorGroupResource. - type: object - required: - - lastUpdated - properties: - lastUpdated: - description: LastUpdated is a timestamp of the last time the OperatorGroup's - status was Updated. - type: string - format: date-time - namespaces: - description: Namespaces is the set of target namespaces for the OperatorGroup. - type: array - items: - type: string - serviceAccountRef: - description: ServiceAccountRef references the service account object - specified. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: false - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-subscriptions.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-subscriptions.crd.yaml deleted file mode 100644 index fc8542e749..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_00-subscriptions.crd.yaml +++ /dev/null @@ -1,1842 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-subscriptions.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: subscriptions.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: Subscription - listKind: SubscriptionList - plural: subscriptions - shortNames: - - sub - - subs - singular: subscription - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The package subscribed to - jsonPath: .spec.name - name: Package - type: string - - description: The catalog source for the specified package - jsonPath: .spec.source - name: Source - type: string - - description: The channel of updates to subscribe to - jsonPath: .spec.channel - name: Channel - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Subscription keeps operators up to date by tracking changes to - Catalogs. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: SubscriptionSpec defines an Application that can be installed - type: object - required: - - name - - source - - sourceNamespace - properties: - channel: - type: string - config: - description: SubscriptionConfig contains configuration specified for - a subscription. - type: object - properties: - env: - description: Env is a list of environment variables to set in - the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present - in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - envFrom: - description: EnvFrom is a list of sources to populate environment - variables in the container. The keys defined within a source - must be a C_IDENTIFIER. All invalid keys will be reported as - an event when the container is starting. When a key exists in - multiple sources, the value associated with the last source - will take precedence. Values defined by an Env with a duplicate - key will take precedence. Immutable. - type: array - items: - description: EnvFromSource represents the source of a set of - ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - nodeSelector: - description: 'NodeSelector is a selector which must be true for - the pod to fit on a node. Selector which must match a node''s - labels for the pod to be scheduled on that node. More info: - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - resources: - description: 'Resources represents compute resources required - by this container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - selector: - description: Selector is the label selector for pods to be configured. - Existing ReplicaSets whose pods are selected by this will be - the ones affected by this deployment. It must match the pod - template's labels. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - tolerations: - description: Tolerations are the pod's tolerations. - type: array - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - type: object - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - volumeMounts: - description: List of VolumeMounts to set in the container. - type: array - items: - description: VolumeMount describes a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationNone is used. This - field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - volumes: - description: List of Volumes to set in the podSpec. - type: array - items: - description: Volume represents a named volume in a pod that - may be accessed by any container in the pod. - type: object - required: - - name - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk - resource that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property - empty).' - type: integer - format: int32 - readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the - default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - azureDisk: - description: AzureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. - type: object - required: - - diskName - - diskURI - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read - Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob - disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults - to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - azureFile: - description: AzureFile represents an Azure File Service - mount on the host and bind mount to the pod. - type: object - required: - - secretName - - shareName - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure - Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - cephfs: - description: CephFS represents a Ceph FS mount on the host - that shares a pod's lifetime - type: object - required: - - monitors - properties: - monitors: - description: 'Required: Monitors is a collection of - Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: array - items: - type: string - path: - description: 'Optional: Used as the mounted root, rather - than the full Ceph tree, default is /' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key - ring for User, default is /etc/ceph/user.secret More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef is reference to the - authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - user: - description: 'Optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - cinder: - description: 'Cinder represents a cinder volume attached - and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - volumeID: - description: 'volume id used to identify the volume - in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - configMap: - description: ConfigMap represents a configMap that should - populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be - projected into the volume as a file whose name is - the key and content is the value. If specified, the - listed keys will be projected into the specified paths, - and unlisted keys will not be present. If a key is - specified which is not present in the ConfigMap, the - volume setup will error unless it is marked optional. - Paths must be relative and may not contain the '..' - path or start with '..'. - type: array - items: - description: Maps a string key to a path within a - volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to - map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys - must be defined - type: boolean - csi: - description: CSI (Container Storage Interface) represents - storage that is handled by an external CSI driver (Alpha - feature). - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the CSI driver that - handles this volume. Consult with your admin for the - correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed - to the associated CSI driver which will determine - the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to - the secret object containing sensitive information - to pass to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the - secret object contains more than one secret, all secret - references are passed. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - readOnly: - description: Specifies a read-only configuration for - the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - description: VolumeAttributes stores driver-specific - properties that are passed to the CSI driver. Consult - your driver's documentation for supported values. - type: object - additionalProperties: - type: string - downwardAPI: - description: DownwardAPI represents downward API about the - pod that should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: Items is a list of downward API volume - file - type: array - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the - pod: only annotations, labels, name and namespace - are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative - path name of the file to be created. Must not - be absolute or contain the ''..'' path. Must - be utf-8 encoded. The first item of the relative - path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - emptyDir: - description: 'EmptyDir represents a temporary directory - that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: object - properties: - medium: - description: 'What type of storage medium should back - this directory. The default is "" which means to use - the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required - for this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all - containers in a pod. The default is nil which means - that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - fc: - description: FC represents a Fibre Channel resource that - is attached to a kubelet's host machine and then exposed - to the pod. - type: object - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - lun: - description: 'Optional: FC target lun number' - type: integer - format: int32 - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - type: array - items: - type: string - wwids: - description: 'Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs - and lun must be set, but not both simultaneously.' - type: array - items: - type: string - flexVolume: - description: FlexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the driver to use - for this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. - type: string - options: - description: 'Optional: Extra command options if any.' - type: object - additionalProperties: - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the - secret object containing sensitive information to - pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the - plugin scripts.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - flocker: - description: Flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - type: object - properties: - datasetName: - description: Name of the dataset stored as metadata - -> name on the dataset for Flocker should be considered - as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset - type: string - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: object - required: - - pdName - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property - empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: integer - format: int32 - pdName: - description: 'Unique name of the PD resource in GCE. - Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - gitRepo: - description: 'GitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an - InitContainer that clones the repo using git, then mount - the EmptyDir into the Pod''s container.' - type: object - required: - - repository - properties: - directory: - description: Target directory name. Must not contain - or start with '..'. If '.' is supplied, the volume - directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on - the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - type: object - required: - - endpoints - - path - properties: - endpoints: - description: 'EndpointsName is the endpoint name that - details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More - info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs - volume to be mounted with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - hostPath: - description: 'HostPath represents a pre-existing file or - directory on the host machine that is directly exposed - to the container. This is generally used for system agents - or other privileged things that are allowed to see the - host machine. Most containers will NOT need this. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host - directory mounts and who can/can not mount host directories - as read/write.' - type: object - required: - - path - properties: - path: - description: 'Path of the directory on the host. If - the path is a symlink, it will follow the link to - the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that - is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - type: object - required: - - iqn - - lun - - targetPortal - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new - iSCSI interface : will - be created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI - transport. Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - type: integer - format: int32 - portals: - description: iSCSI Target Portal List. The portal is - either an IP or ip_addr:port if the port is other - than default (typically TCP ports 860 and 3260). - type: array - items: - type: string - readOnly: - description: ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator - authentication - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - targetPortal: - description: iSCSI Target Portal. The Portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). - type: string - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that - shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: object - required: - - path - - server - properties: - path: - description: 'Path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export - to be mounted with read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of - the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: object - required: - - claimName - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine - type: object - required: - - pdID - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent - disk - type: string - portworxVolume: - description: PortworxVolume represents a portworx volume - attached and mounted on kubelets host machine - type: object - required: - - volumeID - properties: - fsType: - description: FSType represents the filesystem type to - mount Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx - volume - type: string - projected: - description: Items for all in one resources secrets, configmaps, - and downward API - type: object - required: - - sources - properties: - defaultMode: - description: Mode bits to use on created files by default. - Must be a value between 0 and 0777. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set. - type: integer - format: int32 - sources: - description: list of volume projections - type: array - items: - description: Projection that may be projected along - with other supported volume types - type: object - properties: - configMap: - description: information about the configMap data - to project - type: object - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced - ConfigMap will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the ConfigMap, the volume setup will - error unless it is marked optional. Paths - must be relative and may not contain the - '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path - within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its keys must be defined - type: boolean - downwardAPI: - description: information about the downwardAPI - data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume - file - type: array - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute or - contain the ''..'' path. Must be utf-8 - encoded. The first item of the relative - path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required - for volumes, optional for env - vars' - type: string - divisor: - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - secret: - description: information about the secret data - to project - type: object - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced - Secret will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the Secret, the volume setup will error - unless it is marked optional. Paths must - be relative and may not contain the '..' - path or start with '..'. - type: array - items: - description: Maps a string key to a path - within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - serviceAccountToken: - description: information about the serviceAccountToken - data to project - type: object - required: - - path - properties: - audience: - description: Audience is the intended audience - of the token. A recipient of a token must - identify itself with an identifier specified - in the audience of the token, and otherwise - should reject the token. The audience defaults - to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, - the kubelet volume plugin will proactively - rotate the service account token. The kubelet - will start trying to rotate the token if - the token is older than 80 percent of its - time to live or if the token is older than - 24 hours.Defaults to 1 hour and must be - at least 10 minutes. - type: integer - format: int64 - path: - description: Path is the path relative to - the mount point of the file to project the - token into. - type: string - quobyte: - description: Quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - type: object - required: - - registry - - volume - properties: - group: - description: Group to map volume access to Default is - no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults - to false. - type: boolean - registry: - description: Registry represents a single or multiple - Quobyte Registry services specified as a string as - host:port pair (multiple entries are separated with - commas) which acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume - in the Backend Used with dynamically provisioned Quobyte - volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to - serivceaccount user - type: string - volume: - description: Volume is a string that references an already - created Quobyte volume by name. - type: string - rbd: - description: 'RBD represents a Rados Block Device mount - on the host that shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' - type: object - required: - - image - - monitors - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: array - items: - type: string - pool: - description: 'The rados pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. - Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - user: - description: 'The rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - type: object - required: - - gateway - - secretRef - - system - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain - for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for - ScaleIO user and other sensitive information. If this - is not provided, Login operation will fail. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - sslEnabled: - description: Flag to enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with - the protection domain. - type: string - system: - description: The name of the storage system as configured - in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in - the ScaleIO system that is associated with this volume - source. - type: string - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and - content is the value. If specified, the listed keys - will be projected into the specified paths, and unlisted - keys will not be present. If a key is specified which - is not present in the Secret, the volume setup will - error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start - with '..'. - type: array - items: - description: Maps a string key to a path within a - volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to - map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. - type: string - optional: - description: Specify whether the Secret or its keys - must be defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - storageos: - description: StorageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - type: object - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for - obtaining the StorageOS API credentials. If not specified, - default values will be attempted. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - volumeName: - description: VolumeName is the human-readable name of - the StorageOS volume. Volume names are only unique - within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of - the volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows - the Kubernetes name scoping to be mirrored within - StorageOS for tighter integration. Set VolumeName - to any name to override the default behaviour. Set - to "default" if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist within - StorageOS will be created. - type: string - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - type: object - required: - - volumePath - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) - profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) - profile name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - installPlanApproval: - description: Approval is the user approval policy for an InstallPlan. - type: string - name: - type: string - source: - type: string - sourceNamespace: - type: string - startingCSV: - type: string - status: - type: object - required: - - lastUpdated - properties: - catalogHealth: - description: CatalogHealth contains the Subscription's view of its - relevant CatalogSources' status. It is used to determine SubscriptionStatusConditions - related to CatalogSources. - type: array - items: - description: SubscriptionCatalogHealth describes the health of a - CatalogSource the Subscription knows about. - type: object - required: - - catalogSourceRef - - healthy - - lastUpdated - properties: - catalogSourceRef: - description: CatalogSourceRef is a reference to a CatalogSource. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container - within a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that - triggered the event) or if no container name is specified - "spec.containers[2]" (container with index 2 in this pod). - This syntax is chosen only to have some well-defined way - of referencing a part of an object. TODO: this design - is not final and this field is subject to change in the - future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - healthy: - description: Healthy is true if the CatalogSource is healthy; - false otherwise. - type: boolean - lastUpdated: - description: LastUpdated represents the last time that the CatalogSourceHealth - changed - type: string - format: date-time - conditions: - description: Conditions is a list of the latest available observations - about a Subscription's current state. - type: array - items: - description: SubscriptionCondition represents the latest available - observations of a Subscription's state. - type: object - required: - - status - - type - properties: - lastHeartbeatTime: - description: LastHeartbeatTime is the last time we got an update - on a given condition - type: string - format: date-time - lastTransitionTime: - description: LastTransitionTime is the last time the condition - transit from one status to another - type: string - format: date-time - message: - description: Message is a human-readable message indicating - details about last transition. - type: string - reason: - description: Reason is a one-word CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition, one of True, - False, Unknown. - type: string - type: - description: Type is the type of Subscription condition. - type: string - currentCSV: - description: CurrentCSV is the CSV the Subscription is progressing - to. - type: string - installPlanGeneration: - description: InstallPlanGeneration is the current generation of the - installplan - type: integer - installPlanRef: - description: InstallPlanRef is a reference to the latest InstallPlan - that contains the Subscription's current CSV. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - installedCSV: - description: InstalledCSV is the CSV currently installed by the Subscription. - type: string - installplan: - description: 'Install is a reference to the latest InstallPlan generated - for the Subscription. DEPRECATED: InstallPlanRef' - type: object - required: - - apiVersion - - kind - - name - - uuid - properties: - apiVersion: - type: string - kind: - type: string - name: - type: string - uuid: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias to - string. Being a type captures intent and helps make sure that - UIDs and names do not get conflated. - type: string - lastUpdated: - description: LastUpdated represents the last time that the Subscription - status was updated. - type: string - format: date-time - reason: - description: Reason is the reason the Subscription was transitioned - to its current state. - type: string - state: - description: State represents the current state of the Subscription - type: string - served: true - storage: true - subresources: - status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_01-olm-operator.serviceaccount.yaml deleted file mode 100644 index e21d33d03d..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: olm ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-olm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_07-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_07-olm-operator.deployment.yaml deleted file mode 100644 index 37532067c8..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_07-olm-operator.deployment.yaml +++ /dev/null @@ -1,63 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_07-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: olm - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - args: - - --namespace - - $(OPERATOR_NAMESPACE) - - --writeStatusName - - "" - image: quay.io/operator-framework/olm@sha256:2c389d2e380c842cbf542820ad4493249164302ddf0e699b0a37105d234e67ee - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator - resources: - requests: - cpu: 10m - memory: 160Mi - - - nodeSelector: - beta.kubernetes.io/os: linux diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_08-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_08-catalog-operator.deployment.yaml deleted file mode 100644 index c1641e67c2..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_08-catalog-operator.deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_08-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: olm - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - args: - - '-namespace' - - olm - - -configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest - - -util-image - - quay.io/operator-framework/olm@sha256:2c389d2e380c842cbf542820ad4493249164302ddf0e699b0a37105d234e67ee - image: quay.io/operator-framework/olm@sha256:2c389d2e380c842cbf542820ad4493249164302ddf0e699b0a37105d234e67ee - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - resources: - requests: - cpu: 10m - memory: 80Mi - - - nodeSelector: - beta.kubernetes.io/os: linux diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_09-aggregated.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_09-aggregated.clusterrole.yaml deleted file mode 100644 index e7aa0af341..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_09-aggregated.clusterrole.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["subscriptions"] - verbs: ["create", "update", "patch", "delete"] -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] - verbs: ["delete"] ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "admin", "edit" and "view" default roles - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "operatorgroups"] - verbs: ["get", "list", "watch"] -- apiGroups: ["packages.operators.coreos.com"] - resources: ["packagemanifests", "packagemanifests/icon"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_13-operatorgroup-default.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_13-operatorgroup-default.yaml deleted file mode 100644 index 56f5bca2bd..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_13-operatorgroup-default.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: global-operators - namespace: operators ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: olm-operators - namespace: olm -spec: - targetNamespaces: - - olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_15-packageserver.clusterserviceversion.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_15-packageserver.clusterserviceversion.yaml deleted file mode 100644 index 0f692804e2..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_15-packageserver.clusterserviceversion.yaml +++ /dev/null @@ -1,132 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_15-packageserver.clusterserviceversion.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - name: packageserver - namespace: olm - labels: - olm.version: 0.15.1 -spec: - displayName: Package Server - description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion. - minKubeVersion: 1.11.0 - keywords: ['packagemanifests', 'olm', 'packages'] - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - provider: - name: Red Hat - links: - - name: Package Server - url: https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/package-server - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: true - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - clusterPermissions: - - serviceAccountName: olm-operator-serviceaccount - rules: - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - get - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "operators.coreos.com" - resources: - - catalogsources - verbs: - - get - - list - - watch - - apiGroups: - - "packages.operators.coreos.com" - resources: - - packagemanifests - verbs: - - get - - list - deployments: - - name: packageserver - spec: - strategy: - type: RollingUpdate - replicas: 2 - selector: - matchLabels: - app: packageserver - template: - metadata: - labels: - app: packageserver - spec: - serviceAccountName: olm-operator-serviceaccount - nodeSelector: - beta.kubernetes.io/os: linux - containers: - - name: packageserver - command: - - /bin/package-server - - -v=4 - - --secure-port - - "5443" - - --global-namespace - - olm - image: quay.io/operator-framework/olm@sha256:2c389d2e380c842cbf542820ad4493249164302ddf0e699b0a37105d234e67ee - imagePullPolicy: Always - ports: - - containerPort: 5443 - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - terminationMessagePolicy: FallbackToLogsOnError - resources: - requests: - cpu: 10m - memory: 50Mi - securityContext: - runAsUser: 1000 - volumeMounts: - - name: tmpfs - mountPath: /tmp - volumes: - - name: tmpfs - emptyDir: {} - maturity: alpha - version: 0.15.1 - apiservicedefinitions: - owned: - - group: packages.operators.coreos.com - version: v1 - kind: PackageManifest - name: packagemanifests - displayName: PackageManifest - description: A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps - deploymentName: packageserver - containerPort: 5443 diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_17-upstream-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_17-upstream-operators.catalogsource.yaml deleted file mode 100644 index 4adb582c8b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.15.1/0000_50_olm_17-upstream-operators.catalogsource.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_17-upstream-operators.catalogsource.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: operatorhubio-catalog - namespace: olm -spec: - sourceType: grpc - image: quay.io/operator-framework/upstream-community-operators:latest - displayName: Community Operators - publisher: OperatorHub.io diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-catalogsources.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-catalogsources.crd.yaml deleted file mode 100644 index c762c4e06e..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-catalogsources.crd.yaml +++ /dev/null @@ -1,201 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-catalogsources.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: catalogsources.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: CatalogSource - listKind: CatalogSourceList - plural: catalogsources - shortNames: - - catsrc - singular: catalogsource - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The pretty name of the catalog - jsonPath: .spec.displayName - name: Display - type: string - - description: The type of the catalog - jsonPath: .spec.sourceType - name: Type - type: string - - description: The publisher of the catalog - jsonPath: .spec.publisher - name: Publisher - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: CatalogSource is a repository of CSVs, CRDs, and operator packages. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - required: - - sourceType - properties: - address: - description: 'Address is a host that OLM can use to connect to a pre-existing - registry. Format: : Only used when SourceType - = SourceTypeGrpc. Ignored when the Image field is set.' - type: string - configMap: - description: ConfigMap is the name of the ConfigMap to be used to - back a configmap-server registry. Only used when SourceType = SourceTypeConfigmap - or SourceTypeInternal. - type: string - description: - type: string - displayName: - description: Metadata - type: string - icon: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - mediatype: - type: string - image: - description: Image is an operator-registry container image to instantiate - a registry-server with. Only used when SourceType = SourceTypeGrpc. - If present, the address field is ignored. - type: string - priority: - description: 'Priority field assigns a weight to the catalog source - to prioritize them so that it can be consumed by the dependency - resolver. Usage: Higher weight indicates that this catalog source - is preferred over lower weighted catalog sources during dependency - resolution. The range of the priority value can go from positive - to negative in the range of int32. The default value to a catalog - source with unassigned priority would be 0. The catalog source with - the same priority values will be ranked lexicographically based - on its name.' - type: integer - publisher: - type: string - secrets: - description: Secrets represent set of secrets that can be used to - access the contents of the catalog. It is best to keep this list - small, since each will need to be tried for every catalog entry. - type: array - items: - type: string - sourceType: - description: SourceType is the type of source - type: string - updateStrategy: - description: UpdateStrategy defines how updated catalog source images - can be discovered Consists of an interval that defines polling duration - and an embedded strategy type - type: object - properties: - registryPoll: - type: object - properties: - interval: - description: Interval is used to determine the time interval - between checks of the latest catalog source version. The - catalog operator polls to see if a new version of the catalog - source is available. If available, the latest image is pulled - and gRPC traffic is directed to the latest catalog source. - type: string - status: - type: object - properties: - configMapReference: - type: object - required: - - name - - namespace - properties: - lastUpdateTime: - type: string - format: date-time - name: - type: string - namespace: - type: string - resourceVersion: - type: string - uid: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias to - string. Being a type captures intent and helps make sure that - UIDs and names do not get conflated. - type: string - connectionState: - type: object - required: - - lastObservedState - properties: - address: - type: string - lastConnect: - type: string - format: date-time - lastObservedState: - type: string - latestImageRegistryPoll: - description: The last time the CatalogSource image registry has been - polled to ensure the image is up-to-date - type: string - format: date-time - message: - description: A human readable message indicating details about why - the CatalogSource is in this condition. - type: string - reason: - description: Reason is the reason the CatalogSource was transitioned - to its current state. - type: string - registryService: - type: object - properties: - createdAt: - type: string - format: date-time - port: - type: string - protocol: - type: string - serviceName: - type: string - serviceNamespace: - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-clusterserviceversions.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-clusterserviceversions.crd.yaml deleted file mode 100644 index e256e1ad6e..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-clusterserviceversions.crd.yaml +++ /dev/null @@ -1,8967 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-clusterserviceversions.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: clusterserviceversions.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - plural: clusterserviceversions - shortNames: - - csv - - csvs - singular: clusterserviceversion - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The name of the CSV - jsonPath: .spec.displayName - name: Display - type: string - - description: The version of the CSV - jsonPath: .spec.version - name: Version - type: string - - description: The name of a CSV that this one replaces - jsonPath: .spec.replaces - name: Replaces - type: string - - jsonPath: .status.phase - name: Phase - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: ClusterServiceVersion is a Custom Resource of type `ClusterServiceVersionSpec`. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClusterServiceVersionSpec declarations tell OLM how to install - an operator that can manage apps for a given version. - type: object - required: - - displayName - - install - properties: - annotations: - description: Annotations is an unstructured key value map stored with - a resource that may be set by external tools to store and retrieve - arbitrary metadata. - type: object - additionalProperties: - type: string - apiservicedefinitions: - description: APIServiceDefinitions declares all of the extension apis - managed or required by an operator being ran by ClusterServiceVersion. - type: object - properties: - owned: - type: array - items: - description: APIServiceDescription provides details to OLM about - apis provided via aggregation - type: object - required: - - group - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - description: - type: string - displayName: - type: string - group: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - required: - type: array - items: - description: APIServiceDescription provides details to OLM about - apis provided via aggregation - type: object - required: - - group - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - description: - type: string - displayName: - type: string - group: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - customresourcedefinitions: - description: "CustomResourceDefinitions declares all of the CRDs managed - or required by an operator being ran by ClusterServiceVersion. \n - If the CRD is present in the Owned list, it is implicitly required." - type: object - properties: - owned: - type: array - items: - description: CRDDescription provides details to OLM about the - CRDs - type: object - required: - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - description: - type: string - displayName: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - required: - type: array - items: - description: CRDDescription provides details to OLM about the - CRDs - type: object - required: - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - description: - type: string - displayName: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - description: - type: string - displayName: - type: string - icon: - type: array - items: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - mediatype: - type: string - install: - description: NamedInstallStrategy represents the block of an ClusterServiceVersion - resource where the install strategy is specified. - type: object - required: - - strategy - properties: - spec: - description: StrategyDetailsDeployment represents the parsed details - of a Deployment InstallStrategy. - type: object - required: - - deployments - properties: - clusterPermissions: - type: array - items: - description: StrategyDeploymentPermissions describe the - rbac rules and service account needed by the install strategy - type: object - required: - - rules - - serviceAccountName - properties: - rules: - type: array - items: - description: PolicyRule holds information that describes - a policy rule, but does not contain information - about who the rule applies to or which namespace - the rule applies to. - type: object - required: - - verbs - properties: - apiGroups: - description: APIGroups is the name of the APIGroup - that contains the resources. If multiple API - groups are specified, any action requested against - one of the enumerated resources in any API group - will be allowed. - type: array - items: - type: string - nonResourceURLs: - description: NonResourceURLs is a set of partial - urls that a user should have access to. *s - are allowed, but only as the full, final step - in the path Since non-resource URLs are not - namespaced, this field is only applicable for - ClusterRoles referenced from a ClusterRoleBinding. - Rules can either apply to API resources (such - as "pods" or "secrets") or non-resource URL - paths (such as "/api"), but not both. - type: array - items: - type: string - resourceNames: - description: ResourceNames is an optional white - list of names that the rule applies to. An - empty set means that everything is allowed. - type: array - items: - type: string - resources: - description: Resources is a list of resources - this rule applies to. ResourceAll represents - all resources. - type: array - items: - type: string - verbs: - description: Verbs is a list of Verbs that apply - to ALL the ResourceKinds and AttributeRestrictions - contained in this rule. VerbAll represents - all kinds. - type: array - items: - type: string - serviceAccountName: - type: string - deployments: - type: array - items: - description: StrategyDeploymentSpec contains the name, spec - and labels for the deployment ALM should create - type: object - required: - - name - - spec - properties: - label: - description: Set is a map of label:value. It implements - Labels. - type: object - additionalProperties: - type: string - name: - type: string - spec: - description: DeploymentSpec is the specification of - the desired behavior of the Deployment. - type: object - required: - - selector - - template - properties: - minReadySeconds: - description: Minimum number of seconds for which - a newly created pod should be ready without any - of its container crashing, for it to be considered - available. Defaults to 0 (pod will be considered - available as soon as it is ready) - type: integer - format: int32 - paused: - description: Indicates that the deployment is paused. - type: boolean - progressDeadlineSeconds: - description: The maximum time in seconds for a deployment - to make progress before it is considered to be - failed. The deployment controller will continue - to process failed deployments and a condition - with a ProgressDeadlineExceeded reason will be - surfaced in the deployment status. Note that progress - will not be estimated during the time a deployment - is paused. Defaults to 600s. - type: integer - format: int32 - replicas: - description: Number of desired pods. This is a pointer - to distinguish between explicit zero and not specified. - Defaults to 1. - type: integer - format: int32 - revisionHistoryLimit: - description: The number of old ReplicaSets to retain - to allow rollback. This is a pointer to distinguish - between explicit zero and not specified. Defaults - to 10. - type: integer - format: int32 - selector: - description: Label selector for pods. Existing ReplicaSets - whose pods are selected by this will be the ones - affected by this deployment. It must match the - pod template's labels. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - type: array - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - additionalProperties: - type: string - strategy: - description: The deployment strategy to use to replace - existing pods with new ones. - type: object - properties: - rollingUpdate: - description: 'Rolling update config params. - Present only if DeploymentStrategyType = RollingUpdate. - --- TODO: Update this to follow our convention - for oneOf, whatever we decide it to be.' - type: object - properties: - maxSurge: - description: 'The maximum number of pods - that can be scheduled above the desired - number of pods. Value can be an absolute - number (ex: 5) or a percentage of desired - pods (ex: 10%). This can not be 0 if MaxUnavailable - is 0. Absolute number is calculated from - percentage by rounding up. Defaults to - 25%. Example: when this is set to 30%, - the new ReplicaSet can be scaled up immediately - when the rolling update starts, such that - the total number of old and new pods do - not exceed 130% of desired pods. Once - old pods have been killed, new ReplicaSet - can be scaled up further, ensuring that - total number of pods running at any time - during the update is at most 130% of desired - pods.' - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - description: 'The maximum number of pods - that can be unavailable during the update. - Value can be an absolute number (ex: 5) - or a percentage of desired pods (ex: 10%). - Absolute number is calculated from percentage - by rounding down. This can not be 0 if - MaxSurge is 0. Defaults to 25%. Example: - when this is set to 30%, the old ReplicaSet - can be scaled down to 70% of desired pods - immediately when the rolling update starts. - Once new pods are ready, old ReplicaSet - can be scaled down further, followed by - scaling up the new ReplicaSet, ensuring - that the total number of pods available - at all times during the update is at least - 70% of desired pods.' - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: - description: Type of deployment. Can be "Recreate" - or "RollingUpdate". Default is RollingUpdate. - type: string - template: - description: Template describes the pods that will - be created. - type: object - properties: - metadata: - description: 'Standard object''s metadata. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - description: 'Specification of the desired behavior - of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - containers - properties: - activeDeadlineSeconds: - description: Optional duration in seconds - the pod may be active on the node relative - to StartTime before the system will actively - try to mark it failed and kill associated - containers. Value must be a positive integer. - type: integer - format: int64 - affinity: - description: If specified, the pod's scheduling - constraints - type: object - properties: - nodeAffinity: - description: Describes node affinity - scheduling rules for the pod. - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches - the corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. - type: array - items: - description: An empty preferred - scheduling term matches all - objects with implicit weight - 0 (i.e. it's a no-op). A null - preferred scheduling term matches - no objects (i.e. is also a no-op). - type: object - required: - - preference - - weight - properties: - preference: - description: A node selector - term, associated with the - corresponding weight. - type: object - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchFields: - description: A list of - node selector requirements - by node's fields. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the - range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to an - update), the system may or may - not try to eventually evict the - pod from its node. - type: object - required: - - nodeSelectorTerms - properties: - nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. - type: array - items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset - of the NodeSelectorTerm. - type: object - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchFields: - description: A list of - node selector requirements - by node's fields. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - podAffinity: - description: Describes pod affinity - scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as - some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. - type: array - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces - specifies which namespaces - the labelSelector applies - to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to a pod - label update), the system may - or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists - of nodes corresponding to each - podAffinityTerm are intersected, - i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the anti-affinity - expressions specified by this - field, but it may choose a node - that violates one or more of the - expressions. The node that is - most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and - adding "weight" to the sum if - the node has pods which matches - the corresponding podAffinityTerm; - the node(s) with the highest sum - are the most preferred. - type: array - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces - specifies which namespaces - the labelSelector applies - to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this - field are not met at scheduling - time, the pod will not be scheduled - onto the node. If the anti-affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to a pod label update), the - system may or may not try to eventually - evict the pod from its node. When - there are multiple elements, the - lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - automountServiceAccountToken: - description: AutomountServiceAccountToken - indicates whether a service account token - should be automatically mounted. - type: boolean - containers: - description: List of containers belonging - to the pod. Containers cannot currently - be added or removed. There must be at - least one container in a Pod. Cannot be - updated. - type: array - items: - description: A single application container - that you want to run within a pod. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used - if this is not provided. Variable - references $(VAR_NAME) are expanded - using the container''s environment. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless - of whether the variable exists or - not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not - executed within a shell. The docker - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be - expanded, regardless of whether - the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables - to set in the container. Cannot - be updated. - type: array - items: - description: EnvVar represents an - environment variable present in - a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previous defined environment - variables in the container - and any service environment - variables. If a variable cannot - be resolved, the reference - in the input string will be - unchanged. The $(VAR_NAME) - syntax can be escaped with - a double $$, ie: $$(VAR_NAME). - Escaped references will never - be expanded, regardless of - whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the - environment variable's value. - Cannot be used if value is - not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key - of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key - to select. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its key must be - defined - type: boolean - fieldRef: - description: 'Selects a - field of the pod: supports - metadata.name, metadata.namespace, - metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key - of the secret to select - from. Must be a valid - secret key. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source - must be a C_IDENTIFIER. All invalid - keys will be reported as an event - when the container is starting. - When a key exists in multiple sources, - the value associated with the last - source will take precedence. Values - defined by an Env with a duplicate - key will take precedence. Cannot - be updated. - type: array - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to - select from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be - defined - type: boolean - prefix: - description: An optional identifier - to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - image: - description: 'Docker image name. More - info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow - higher level config management to - default or override container images - in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. - Defaults to Always if :latest tag - is specified, or IfNotPresent otherwise. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management - system should take in response to - container lifecycle events. Cannot - be updated. - type: object - properties: - postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated - and restarted according to its - restart policy. Other management - of the container blocks until - the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API - request or management event - such as liveness/startup probe - failure, preemption, resource - contention, etc. The handler - is not called if the container - crashes or exits. The reason - for termination is passed to - the handler. The Pod''s termination - grace period countdown begins - before the PreStop hooked is - executed. Regardless of the - outcome of the handler, the - container will eventually terminate - within the Pod''s termination - grace period. Other management - of the container blocks until - the hook completes or until - the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container - specified as a DNS_LABEL. Each container - in a pod must have a unique name - (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose - from the container. Exposing a port - here gives the system additional - information about the network connections - a container uses, but is primarily - informational. Not specifying a - port here DOES NOT prevent that - port from being exposed. Any port - which is listening on the default - "0.0.0.0" address inside a container - will be accessible from the network. - Cannot be updated. - type: array - items: - description: ContainerPort represents - a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port - to expose on the pod's IP - address. This must be a valid - port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to - bind the external port to. - type: string - hostPort: - description: Number of port - to expose on the host. If - specified, this must be a - valid port number, 0 < x < - 65536. If HostNetwork is specified, - this must match ContainerPort. - Most containers do not need - this. - type: integer - format: int32 - name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. - Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container - service readiness. Container will - be removed from service endpoints - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'Security options the - pod should run with. More info: - https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs - flag will be set on the container - process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities - to add/drop when running containers. - Defaults to the default set - of capabilities granted by the - container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - privileged: - description: Run container in - privileged mode. Processes in - privileged containers are essentially - equivalent to root on the host. - Defaults to false. - type: boolean - procMount: - description: procMount denotes - the type of proc mount to use - for the containers. The default - is DefaultProcMount which uses - the container runtime defaults - for readonly paths and masked - paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the - entrypoint of the container - process. Uses runtime default - if unset. May also be set in - PodSecurityContext. If set - in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext - takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to - start the container if it does. - If unset or false, no such validation - will be performed. May also - be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the - entrypoint of the container - process. Defaults to user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: object - properties: - level: - description: Level is SELinux - level label that applies - to the container. - type: string - role: - description: Role is a SELinux - role label that applies - to the container. - type: string - type: - description: Type is a SELinux - type label that applies - to the container. - type: string - user: - description: User is a SELinux - user label that applies - to the container. - type: string - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options - from the PodSecurityContext - will be used. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of - the GMSA credential spec - named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName - in Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - startupProbe: - description: 'StartupProbe indicates - that the Pod has successfully initialized. - If specified, no other probes are - executed until this completes successfully. - If this probe fails, the Pod will - be restarted, just as if the livenessProbe - failed. This can be used to provide - different probe parameters at the - beginning of a Pod''s lifecycle, - when it might take a long time to - load data or warm a cache, than - during steady-state operation. This - cannot be updated. This is a beta - feature enabled by the StartupProbe - feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in - the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container - runtime should close the stdin channel - after it has been opened by a single - attach. When stdin is true the stdin - stream will remain open across multiple - attach sessions. If stdinOnce is - set to true, stdin is opened on - container start, is empty until - the first client attaches to stdin, - and then remains open and accepts - data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads - from stdin will never receive an - EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s - filesystem. Message written is intended - to be brief final status, such as - an assertion failure message. Will - be truncated by the node if greater - than 4096 bytes. The total message - length across all containers will - be limited to 12kb. Defaults to - /dev/termination-log. Cannot be - updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status - message on both success and failure. - FallbackToLogsOnError will use the - last chunk of container log output - if the termination message file - is empty and the container exited - with an error. The log output is - limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to - File. Cannot be updated. - type: string - tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the - list of block devices to be used - by the container. - type: array - items: - description: volumeDevice describes - a mapping of a raw block device - within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. - type: string - name: - description: name must match - the name of a persistentVolumeClaim - in the pod - type: string - volumeMounts: - description: Pod volumes to mount - into the container's filesystem. - Cannot be updated. - type: array - items: - description: VolumeMount describes - a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the - container at which the volume - should be mounted. Must not - contain ':'. - type: string - mountPropagation: - description: mountPropagation - determines how mounts are - propagated from the host to - container and the other way - around. When not set, MountPropagationNone - is used. This field is beta - in 1.10. - type: string - name: - description: This must match - the Name of a Volume. - type: string - readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. - type: boolean - subPath: - description: Path within the - volume from which the container's - volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the - container's volume should - be mounted. Behaves similarly - to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. - If not specified, the container - runtime's default will be used, - which might be configured in the - container image. Cannot be updated. - type: string - dnsConfig: - description: Specifies the DNS parameters - of a pod. Parameters specified here will - be merged to the generated DNS configuration - based on DNSPolicy. - type: object - properties: - nameservers: - description: A list of DNS name server - IP addresses. This will be appended - to the base nameservers generated - from DNSPolicy. Duplicated nameservers - will be removed. - type: array - items: - type: string - options: - description: A list of DNS resolver - options. This will be merged with - the base options generated from DNSPolicy. - Duplicated entries will be removed. - Resolution options given in Options - will override those that appear in - the base DNSPolicy. - type: array - items: - description: PodDNSConfigOption defines - DNS resolver options of a pod. - type: object - properties: - name: - description: Required. - type: string - value: - type: string - searches: - description: A list of DNS search domains - for host-name lookup. This will be - appended to the base search paths - generated from DNSPolicy. Duplicated - search paths will be removed. - type: array - items: - type: string - dnsPolicy: - description: Set DNS policy for the pod. - Defaults to "ClusterFirst". Valid values - are 'ClusterFirstWithHostNet', 'ClusterFirst', - 'Default' or 'None'. DNS parameters given - in DNSConfig will be merged with the policy - selected with DNSPolicy. To have DNS options - set along with hostNetwork, you have to - specify DNS policy explicitly to 'ClusterFirstWithHostNet'. - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates - whether information about services should - be injected into pod''s environment variables, - matching the syntax of Docker links. Optional: - Defaults to true.' - type: boolean - ephemeralContainers: - description: List of ephemeral containers - run in this pod. Ephemeral containers - may be run in an existing pod to perform - user-initiated actions such as debugging. - This list cannot be specified when creating - a pod, and it cannot be modified by updating - the pod spec. In order to add an ephemeral - container to an existing pod, use the - pod's ephemeralcontainers subresource. - This field is alpha-level and is only - honored by servers that enable the EphemeralContainers - feature. - type: array - items: - description: An EphemeralContainer is - a container that may be added temporarily - to an existing pod for user-initiated - activities such as debugging. Ephemeral - containers have no resource or scheduling - guarantees, and they will not be restarted - when they exit or when a pod is removed - or restarted. If an ephemeral container - causes a pod to exceed its resource - allocation, the pod may be evicted. - Ephemeral containers may not be added - by directly updating the pod spec. They - must be added via the pod's ephemeralcontainers - subresource, and they will appear in - the pod spec once added. This is an - alpha feature enabled by the EphemeralContainers - feature flag. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used - if this is not provided. Variable - references $(VAR_NAME) are expanded - using the container''s environment. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless - of whether the variable exists or - not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not - executed within a shell. The docker - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be - expanded, regardless of whether - the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables - to set in the container. Cannot - be updated. - type: array - items: - description: EnvVar represents an - environment variable present in - a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previous defined environment - variables in the container - and any service environment - variables. If a variable cannot - be resolved, the reference - in the input string will be - unchanged. The $(VAR_NAME) - syntax can be escaped with - a double $$, ie: $$(VAR_NAME). - Escaped references will never - be expanded, regardless of - whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the - environment variable's value. - Cannot be used if value is - not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key - of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key - to select. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its key must be - defined - type: boolean - fieldRef: - description: 'Selects a - field of the pod: supports - metadata.name, metadata.namespace, - metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key - of the secret to select - from. Must be a valid - secret key. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source - must be a C_IDENTIFIER. All invalid - keys will be reported as an event - when the container is starting. - When a key exists in multiple sources, - the value associated with the last - source will take precedence. Values - defined by an Env with a duplicate - key will take precedence. Cannot - be updated. - type: array - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to - select from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be - defined - type: boolean - prefix: - description: An optional identifier - to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - image: - description: 'Docker image name. More - info: https://kubernetes.io/docs/concepts/containers/images' - type: string - imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. - Defaults to Always if :latest tag - is specified, or IfNotPresent otherwise. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle is not allowed - for ephemeral containers. - type: object - properties: - postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated - and restarted according to its - restart policy. Other management - of the container blocks until - the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API - request or management event - such as liveness/startup probe - failure, preemption, resource - contention, etc. The handler - is not called if the container - crashes or exits. The reason - for termination is passed to - the handler. The Pod''s termination - grace period countdown begins - before the PreStop hooked is - executed. Regardless of the - outcome of the handler, the - container will eventually terminate - within the Pod''s termination - grace period. Other management - of the container blocks until - the hook completes or until - the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: Probes are not allowed - for ephemeral containers. - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the ephemeral - container specified as a DNS_LABEL. - This name must be unique among all - containers, init containers and - ephemeral containers. - type: string - ports: - description: Ports are not allowed - for ephemeral containers. - type: array - items: - description: ContainerPort represents - a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port - to expose on the pod's IP - address. This must be a valid - port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to - bind the external port to. - type: string - hostPort: - description: Number of port - to expose on the host. If - specified, this must be a - valid port number, 0 < x < - 65536. If HostNetwork is specified, - this must match ContainerPort. - Most containers do not need - this. - type: integer - format: int32 - name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. - Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - readinessProbe: - description: Probes are not allowed - for ephemeral containers. - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: Resources are not allowed - for ephemeral containers. Ephemeral - containers use spare resources already - allocated to the pod. - type: object - properties: - limits: - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: SecurityContext is not - allowed for ephemeral containers. - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs - flag will be set on the container - process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities - to add/drop when running containers. - Defaults to the default set - of capabilities granted by the - container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - privileged: - description: Run container in - privileged mode. Processes in - privileged containers are essentially - equivalent to root on the host. - Defaults to false. - type: boolean - procMount: - description: procMount denotes - the type of proc mount to use - for the containers. The default - is DefaultProcMount which uses - the container runtime defaults - for readonly paths and masked - paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the - entrypoint of the container - process. Uses runtime default - if unset. May also be set in - PodSecurityContext. If set - in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext - takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to - start the container if it does. - If unset or false, no such validation - will be performed. May also - be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the - entrypoint of the container - process. Defaults to user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: object - properties: - level: - description: Level is SELinux - level label that applies - to the container. - type: string - role: - description: Role is a SELinux - role label that applies - to the container. - type: string - type: - description: Type is a SELinux - type label that applies - to the container. - type: string - user: - description: User is a SELinux - user label that applies - to the container. - type: string - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options - from the PodSecurityContext - will be used. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of - the GMSA credential spec - named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName - in Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - startupProbe: - description: Probes are not allowed - for ephemeral containers. - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in - the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container - runtime should close the stdin channel - after it has been opened by a single - attach. When stdin is true the stdin - stream will remain open across multiple - attach sessions. If stdinOnce is - set to true, stdin is opened on - container start, is empty until - the first client attaches to stdin, - and then remains open and accepts - data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads - from stdin will never receive an - EOF. Default is false - type: boolean - targetContainerName: - description: If set, the name of the - container from PodSpec that this - ephemeral container targets. The - ephemeral container will be run - in the namespaces (IPC, PID, etc) - of this container. If not set then - the ephemeral container is run in - whatever namespaces are shared for - the pod. Note that the container - runtime must support this feature. - type: string - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s - filesystem. Message written is intended - to be brief final status, such as - an assertion failure message. Will - be truncated by the node if greater - than 4096 bytes. The total message - length across all containers will - be limited to 12kb. Defaults to - /dev/termination-log. Cannot be - updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status - message on both success and failure. - FallbackToLogsOnError will use the - last chunk of container log output - if the termination message file - is empty and the container exited - with an error. The log output is - limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to - File. Cannot be updated. - type: string - tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the - list of block devices to be used - by the container. - type: array - items: - description: volumeDevice describes - a mapping of a raw block device - within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. - type: string - name: - description: name must match - the name of a persistentVolumeClaim - in the pod - type: string - volumeMounts: - description: Pod volumes to mount - into the container's filesystem. - Cannot be updated. - type: array - items: - description: VolumeMount describes - a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the - container at which the volume - should be mounted. Must not - contain ':'. - type: string - mountPropagation: - description: mountPropagation - determines how mounts are - propagated from the host to - container and the other way - around. When not set, MountPropagationNone - is used. This field is beta - in 1.10. - type: string - name: - description: This must match - the Name of a Volume. - type: string - readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. - type: boolean - subPath: - description: Path within the - volume from which the container's - volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the - container's volume should - be mounted. Behaves similarly - to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. - If not specified, the container - runtime's default will be used, - which might be configured in the - container image. Cannot be updated. - type: string - hostAliases: - description: HostAliases is an optional - list of hosts and IPs that will be injected - into the pod's hosts file if specified. - This is only valid for non-hostNetwork - pods. - type: array - items: - description: HostAlias holds the mapping - between IP and hostnames that will be - injected as an entry in the pod's hosts - file. - type: object - properties: - hostnames: - description: Hostnames for the above - IP address. - type: array - items: - type: string - ip: - description: IP address of the host - file entry. - type: string - hostIPC: - description: 'Use the host''s ipc namespace. - Optional: Default to false.' - type: boolean - hostNetwork: - description: Host networking requested for - this pod. Use the host's network namespace. - If this option is set, the ports that - will be used must be specified. Default - to false. - type: boolean - hostPID: - description: 'Use the host''s pid namespace. - Optional: Default to false.' - type: boolean - hostname: - description: Specifies the hostname of the - Pod If not specified, the pod's hostname - will be set to a system-defined value. - type: string - imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the same - namespace to use for pulling any of the - images used by this PodSpec. If specified, - these secrets will be passed to individual - puller implementations for them to use. - For example, in the case of docker, only - DockerConfig type secrets are honored. - More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains - enough information to let you locate - the referenced object inside the same - namespace. - type: object - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - initContainers: - description: 'List of initialization containers - belonging to the pod. Init containers - are executed in order prior to containers - being started. If any init container fails, - the pod is considered to have failed and - is handled according to its restartPolicy. - The name for an init container or normal - container must be unique among all containers. - Init containers may not have Lifecycle - actions, Readiness probes, Liveness probes, - or Startup probes. The resourceRequirements - of an init container are taken into account - during scheduling by finding the highest - request/limit for each resource type, - and then using the max of of that value - or the sum of the normal containers. Limits - are applied to init containers in a similar - fashion. Init containers cannot currently - be added or removed. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: A single application container - that you want to run within a pod. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used - if this is not provided. Variable - references $(VAR_NAME) are expanded - using the container''s environment. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless - of whether the variable exists or - not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not - executed within a shell. The docker - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be - expanded, regardless of whether - the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables - to set in the container. Cannot - be updated. - type: array - items: - description: EnvVar represents an - environment variable present in - a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previous defined environment - variables in the container - and any service environment - variables. If a variable cannot - be resolved, the reference - in the input string will be - unchanged. The $(VAR_NAME) - syntax can be escaped with - a double $$, ie: $$(VAR_NAME). - Escaped references will never - be expanded, regardless of - whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the - environment variable's value. - Cannot be used if value is - not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key - of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key - to select. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its key must be - defined - type: boolean - fieldRef: - description: 'Selects a - field of the pod: supports - metadata.name, metadata.namespace, - metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key - of the secret to select - from. Must be a valid - secret key. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source - must be a C_IDENTIFIER. All invalid - keys will be reported as an event - when the container is starting. - When a key exists in multiple sources, - the value associated with the last - source will take precedence. Values - defined by an Env with a duplicate - key will take precedence. Cannot - be updated. - type: array - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to - select from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be - defined - type: boolean - prefix: - description: An optional identifier - to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - image: - description: 'Docker image name. More - info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow - higher level config management to - default or override container images - in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. - Defaults to Always if :latest tag - is specified, or IfNotPresent otherwise. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management - system should take in response to - container lifecycle events. Cannot - be updated. - type: object - properties: - postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated - and restarted according to its - restart policy. Other management - of the container blocks until - the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API - request or management event - such as liveness/startup probe - failure, preemption, resource - contention, etc. The handler - is not called if the container - crashes or exits. The reason - for termination is passed to - the handler. The Pod''s termination - grace period countdown begins - before the PreStop hooked is - executed. Regardless of the - outcome of the handler, the - container will eventually terminate - within the Pod''s termination - grace period. Other management - of the container blocks until - the hook completes or until - the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container - specified as a DNS_LABEL. Each container - in a pod must have a unique name - (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose - from the container. Exposing a port - here gives the system additional - information about the network connections - a container uses, but is primarily - informational. Not specifying a - port here DOES NOT prevent that - port from being exposed. Any port - which is listening on the default - "0.0.0.0" address inside a container - will be accessible from the network. - Cannot be updated. - type: array - items: - description: ContainerPort represents - a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port - to expose on the pod's IP - address. This must be a valid - port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to - bind the external port to. - type: string - hostPort: - description: Number of port - to expose on the host. If - specified, this must be a - valid port number, 0 < x < - 65536. If HostNetwork is specified, - this must match ContainerPort. - Most containers do not need - this. - type: integer - format: int32 - name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. - Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container - service readiness. Container will - be removed from service endpoints - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'Security options the - pod should run with. More info: - https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs - flag will be set on the container - process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities - to add/drop when running containers. - Defaults to the default set - of capabilities granted by the - container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - privileged: - description: Run container in - privileged mode. Processes in - privileged containers are essentially - equivalent to root on the host. - Defaults to false. - type: boolean - procMount: - description: procMount denotes - the type of proc mount to use - for the containers. The default - is DefaultProcMount which uses - the container runtime defaults - for readonly paths and masked - paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the - entrypoint of the container - process. Uses runtime default - if unset. May also be set in - PodSecurityContext. If set - in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext - takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to - start the container if it does. - If unset or false, no such validation - will be performed. May also - be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the - entrypoint of the container - process. Defaults to user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: object - properties: - level: - description: Level is SELinux - level label that applies - to the container. - type: string - role: - description: Role is a SELinux - role label that applies - to the container. - type: string - type: - description: Type is a SELinux - type label that applies - to the container. - type: string - user: - description: User is a SELinux - user label that applies - to the container. - type: string - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options - from the PodSecurityContext - will be used. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of - the GMSA credential spec - named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName - in Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - startupProbe: - description: 'StartupProbe indicates - that the Pod has successfully initialized. - If specified, no other probes are - executed until this completes successfully. - If this probe fails, the Pod will - be restarted, just as if the livenessProbe - failed. This can be used to provide - different probe parameters at the - beginning of a Pod''s lifecycle, - when it might take a long time to - load data or warm a cache, than - during steady-state operation. This - cannot be updated. This is a beta - feature enabled by the StartupProbe - feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in - the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container - runtime should close the stdin channel - after it has been opened by a single - attach. When stdin is true the stdin - stream will remain open across multiple - attach sessions. If stdinOnce is - set to true, stdin is opened on - container start, is empty until - the first client attaches to stdin, - and then remains open and accepts - data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads - from stdin will never receive an - EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s - filesystem. Message written is intended - to be brief final status, such as - an assertion failure message. Will - be truncated by the node if greater - than 4096 bytes. The total message - length across all containers will - be limited to 12kb. Defaults to - /dev/termination-log. Cannot be - updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status - message on both success and failure. - FallbackToLogsOnError will use the - last chunk of container log output - if the termination message file - is empty and the container exited - with an error. The log output is - limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to - File. Cannot be updated. - type: string - tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the - list of block devices to be used - by the container. - type: array - items: - description: volumeDevice describes - a mapping of a raw block device - within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. - type: string - name: - description: name must match - the name of a persistentVolumeClaim - in the pod - type: string - volumeMounts: - description: Pod volumes to mount - into the container's filesystem. - Cannot be updated. - type: array - items: - description: VolumeMount describes - a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the - container at which the volume - should be mounted. Must not - contain ':'. - type: string - mountPropagation: - description: mountPropagation - determines how mounts are - propagated from the host to - container and the other way - around. When not set, MountPropagationNone - is used. This field is beta - in 1.10. - type: string - name: - description: This must match - the Name of a Volume. - type: string - readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. - type: boolean - subPath: - description: Path within the - volume from which the container's - volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the - container's volume should - be mounted. Behaves similarly - to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. - If not specified, the container - runtime's default will be used, - which might be configured in the - container image. Cannot be updated. - type: string - nodeName: - description: NodeName is a request to schedule - this pod onto a specific node. If it is - non-empty, the scheduler simply schedules - this pod onto that node, assuming that - it fits resource requirements. - type: string - nodeSelector: - description: 'NodeSelector is a selector - which must be true for the pod to fit - on a node. Selector which must match a - node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - overhead: - description: 'Overhead represents the resource - overhead associated with running a pod - for a given RuntimeClass. This field will - be autopopulated at admission time by - the RuntimeClass admission controller. - If the RuntimeClass admission controller - is enabled, overhead must not be set in - Pod create requests. The RuntimeClass - admission controller will reject Pod create - requests which have the overhead already - set. If RuntimeClass is configured and - selected in the PodSpec, Overhead will - be set to the value defined in the corresponding - RuntimeClass, otherwise it will remain - unset and treated as zero. More info: - https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md - This field is alpha-level as of Kubernetes - v1.16, and is only honored by servers - that enable the PodOverhead feature.' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preemptionPolicy: - description: PreemptionPolicy is the Policy - for preempting pods with lower priority. - One of Never, PreemptLowerPriority. Defaults - to PreemptLowerPriority if unset. This - field is alpha-level and is only honored - by servers that enable the NonPreemptingPriority - feature. - type: string - priority: - description: The priority value. Various - system components use this field to find - the priority of the pod. When Priority - Admission Controller is enabled, it prevents - users from setting this field. The admission - controller populates this field from PriorityClassName. - The higher the value, the higher the priority. - type: integer - format: int32 - priorityClassName: - description: If specified, indicates the - pod's priority. "system-node-critical" - and "system-cluster-critical" are two - special keywords which indicate the highest - priorities with the former being the highest - priority. Any other name must be defined - by creating a PriorityClass object with - that name. If not specified, the pod priority - will be default or zero if there is no - default. - type: string - readinessGates: - description: 'If specified, all readiness - gates will be evaluated for pod readiness. - A pod is ready when all its containers - are ready AND all conditions specified - in the readiness gates have status equal - to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' - type: array - items: - description: PodReadinessGate contains - the reference to a pod condition - type: object - required: - - conditionType - properties: - conditionType: - description: ConditionType refers - to a condition in the pod's condition - list with matching type. - type: string - restartPolicy: - description: 'Restart policy for all containers - within the pod. One of Always, OnFailure, - Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' - type: string - runtimeClassName: - description: 'RuntimeClassName refers to - a RuntimeClass object in the node.k8s.io - group, which should be used to run this - pod. If no RuntimeClass resource matches - the named class, the pod will not be run. - If unset or empty, the "legacy" RuntimeClass - will be used, which is an implicit class - with an empty definition that uses the - default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is a beta feature as of Kubernetes - v1.14.' - type: string - schedulerName: - description: If specified, the pod will - be dispatched by specified scheduler. - If not specified, the pod will be dispatched - by default scheduler. - type: string - securityContext: - description: 'SecurityContext holds pod-level - security attributes and common container - settings. Optional: Defaults to empty. See - type description for default values of - each field.' - type: object - properties: - fsGroup: - description: "A special supplemental - group that applies to all containers - in a pod. Some volume types allow - the Kubelet to change the ownership - of that volume to be owned by the - pod: \n 1. The owning GID will be - the FSGroup 2. The setgid bit is set - (new files created in the volume will - be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If - unset, the Kubelet will not modify - the ownership and permissions of any - volume." - type: integer - format: int64 - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines - behavior of changing ownership and - permission of the volume before being - exposed inside Pod. This field will - only apply to volume types which support - fsGroup based ownership(and permissions). - It will have no effect on ephemeral - volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults - to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set - in SecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does - not run as UID 0 (root) and fail to - start the container if it does. If - unset or false, no such validation - will be performed. May also be set - in SecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults - to user specified in image metadata - if unspecified. May also be set in - SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value - specified in SecurityContext takes - precedence for that container. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context to - be applied to all containers. If unspecified, - the container runtime will allocate - a random SELinux context for each - container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - type: object - properties: - level: - description: Level is SELinux level - label that applies to the container. - type: string - role: - description: Role is a SELinux role - label that applies to the container. - type: string - type: - description: Type is a SELinux type - label that applies to the container. - type: string - user: - description: User is a SELinux user - label that applies to the container. - type: string - supplementalGroups: - description: A list of groups applied - to the first process run in each container, - in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. - type: array - items: - type: integer - format: int64 - sysctls: - description: Sysctls hold a list of - namespaced sysctls used for the pod. - Pods with unsupported sysctls (by - the container runtime) might fail - to launch. - type: array - items: - description: Sysctl defines a kernel - parameter to be set - type: object - required: - - name - - value - properties: - name: - description: Name of a property - to set - type: string - value: - description: Value of a property - to set - type: string - windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options within a container's SecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value - specified in SecurityContext takes - precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user - specified in image metadata if - unspecified. May also be set in - PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - serviceAccount: - description: 'DeprecatedServiceAccount is - a depreciated alias for ServiceAccountName. - Deprecated: Use serviceAccountName instead.' - type: string - serviceAccountName: - description: 'ServiceAccountName is the - name of the ServiceAccount to use to run - this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - shareProcessNamespace: - description: 'Share a single process namespace - between all of the containers in a pod. - When this is set containers will be able - to view and signal processes from other - containers in the same pod, and the first - process in each container will not be - assigned PID 1. HostPID and ShareProcessNamespace - cannot both be set. Optional: Default - to false.' - type: boolean - subdomain: - description: If specified, the fully qualified - Pod hostname will be "...svc.". If not - specified, the pod will not have a domainname - at all. - type: string - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully. - May be decreased in delete request. Value - must be non-negative integer. The value - zero indicates delete immediately. If - this value is nil, the default grace period - will be used instead. The grace period - is the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. Defaults - to 30 seconds. - type: integer - format: int64 - tolerations: - description: If specified, the pod's tolerations. - type: array - items: - description: The pod this Toleration is - attached to tolerates any taint that - matches the triple - using the matching operator . - type: object - properties: - effect: - description: Effect indicates the - taint effect to match. Empty means - match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key - that the toleration applies to. - Empty means match all taint keys. - If the key is empty, operator must - be Exists; this combination means - to match all values and all keys. - type: string - operator: - description: Operator represents a - key's relationship to the value. - Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent - to wildcard for value, so that a - pod can tolerate all taints of a - particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) - tolerates the taint. By default, - it is not set, which means tolerate - the taint forever (do not evict). - Zero and negative values will be - treated as 0 (evict immediately) - by the system. - type: integer - format: int64 - value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. - type: string - topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across - topology domains. Scheduler will schedule - pods in a way which abides by the constraints. - This field is only honored by clusters - that enable the EvenPodsSpread feature. - All topologySpreadConstraints are ANDed. - type: array - items: - description: TopologySpreadConstraint - specifies how to spread matching pods - among the given topology. - type: object - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - properties: - labelSelector: - description: LabelSelector is used - to find matching pods. Pods that - match this label selector are counted - to determine the number of pods - in their corresponding topology - domain. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - type: array - items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - maxSkew: - description: 'MaxSkew describes the - degree to which pods may be unevenly - distributed. It''s the maximum permitted - difference between the number of - matching pods in any two topology - domains of a given topology type. - For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with - the same labelSelector spread as - 1/1/0: | zone1 | zone2 | zone3 | - | P | P | | - if MaxSkew - is 1, incoming pod can only be scheduled - to zone3 to become 1/1/1; scheduling - it onto zone1(zone2) would make - the ActualSkew(2-0) on zone1(zone2) - violate MaxSkew(1). - if MaxSkew - is 2, incoming pod can be scheduled - onto any zone. It''s a required - field. Default value is 1 and 0 - is not allowed.' - type: integer - format: int32 - topologyKey: - description: TopologyKey is the key - of node labels. Nodes that have - a label with this key and identical - values are considered to be in the - same topology. We consider each - as a "bucket", and - try to put balanced number of pods - into each bucket. It's a required - field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t - satisfy the spread constraint. - - DoNotSchedule (default) tells the - scheduler not to schedule it - ScheduleAnyway - tells the scheduler to still schedule - it It''s considered as "Unsatisfiable" - if and only if placing incoming - pod on any topology violates "MaxSkew". - For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with - the same labelSelector spread as - 3/1/1: | zone1 | zone2 | zone3 | - | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming - pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can - still be imbalanced, but scheduler - won''t make it *more* imbalanced. - It''s a required field.' - type: string - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - description: 'List of volumes that can be - mounted by containers belonging to the - pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named - volume in a pod that may be accessed - by any container in the pod. - type: object - required: - - name - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore - represents an AWS Disk resource - that is attached to a kubelet''s - host machine and then exposed to - the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - partition: - description: 'The partition in - the volume that you want to - mount. If omitted, the default - is to mount by volume name. - Examples: For volume /dev/sda1, - you specify the partition as - "1". Similarly, the volume partition - for /dev/sda is "0" (or you - can leave the property empty).' - type: integer - format: int32 - readOnly: - description: 'Specify "true" to - force and set the ReadOnly property - in VolumeMounts to "true". If - omitted, the default is "false". - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the - persistent disk resource in - AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - azureDisk: - description: AzureDisk represents - an Azure Data Disk mount on the - host and bind mount to the pod. - type: object - required: - - diskName - - diskURI - properties: - cachingMode: - description: 'Host Caching mode: - None, Read Only, Read Write.' - type: string - diskName: - description: The Name of the data - disk in the blob storage - type: string - diskURI: - description: The URI the data - disk in the blob storage - type: string - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - kind: - description: 'Expected values - Shared: multiple blob disks - per storage account Dedicated: - single blob disk per storage - account Managed: azure managed - data disk (only in managed availability - set). defaults to shared' - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - azureFile: - description: AzureFile represents - an Azure File Service mount on the - host and bind mount to the pod. - type: object - required: - - secretName - - shareName - properties: - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretName: - description: the name of secret - that contains Azure Storage - Account Name and Key - type: string - shareName: - description: Share Name - type: string - cephfs: - description: CephFS represents a Ceph - FS mount on the host that shares - a pod's lifetime - type: object - required: - - monitors - properties: - monitors: - description: 'Required: Monitors - is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: array - items: - type: string - path: - description: 'Optional: Used as - the mounted root, rather than - the full Ceph tree, default - is /' - type: string - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile - is the path to key ring for - User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef - is reference to the authentication - secret for User, default is - empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - user: - description: 'Optional: User is - the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - cinder: - description: 'Cinder represents a - cinder volume attached and mounted - on kubelets host machine. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type - to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred - to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. More - info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points - to a secret object containing - parameters used to connect to - OpenStack.' - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - volumeID: - description: 'volume id used to - identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - configMap: - description: ConfigMap represents - a configMap that should populate - this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a value between 0 and - 0777. Defaults to 0644. Directories - within the path are not affected - by this setting. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each - key-value pair in the Data field - of the referenced ConfigMap - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the ConfigMap, the volume - setup will error unless it is - marked optional. Paths must - be relative and may not contain - the '..' path or start with - '..'. - type: array - items: - description: Maps a string key - to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to - project. - type: string - mode: - description: 'Optional: - mode bits to use on this - file, must be a value - between 0 and 0777. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, - like fsGroup, and the - result can be other mode - bits set.' - type: integer - format: int32 - path: - description: The relative - path of the file to map - the key to. May not be - an absolute path. May - not contain the path element - '..'. May not start with - the string '..'. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - ConfigMap or its keys must be - defined - type: boolean - csi: - description: CSI (Container Storage - Interface) represents storage that - is handled by an external CSI driver - (Alpha feature). - type: object - required: - - driver - properties: - driver: - description: Driver is the name - of the CSI driver that handles - this volume. Consult with your - admin for the correct name as - registered in the cluster. - type: string - fsType: - description: Filesystem type to - mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value - is passed to the associated - CSI driver which will determine - the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef - is a reference to the secret - object containing sensitive - information to pass to the CSI - driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. - This field is optional, and may - be empty if no secret is required. - If the secret object contains - more than one secret, all secret - references are passed. - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - readOnly: - description: Specifies a read-only - configuration for the volume. - Defaults to false (read/write). - type: boolean - volumeAttributes: - description: VolumeAttributes - stores driver-specific properties - that are passed to the CSI driver. - Consult your driver's documentation - for supported values. - type: object - additionalProperties: - type: string - downwardAPI: - description: DownwardAPI represents - downward API about the pod that - should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a value between 0 and - 0777. Defaults to 0644. Directories - within the path are not affected - by this setting. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' - type: integer - format: int32 - items: - description: Items is a list of - downward API volume file - type: array - items: - description: DownwardAPIVolumeFile - represents information to - create the file containing - the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: - Selects a field of the - pod: only annotations, - labels, name and namespace - are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - mode: - description: 'Optional: - mode bits to use on this - file, must be a value - between 0 and 0777. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, - like fsGroup, and the - result can be other mode - bits set.' - type: integer - format: int32 - path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must not - be absolute or contain - the ''..'' path. Must - be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - emptyDir: - description: 'EmptyDir represents - a temporary directory that shares - a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: object - properties: - medium: - description: 'What type of storage - medium should back this directory. - The default is "" which means - to use the node''s default medium. - Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of - local storage required for this - EmptyDir volume. The size limit - is also applicable for memory - medium. The maximum usage on - memory medium EmptyDir would - be the minimum value between - the SizeLimit specified here - and the sum of memory limits - of all containers in a pod. - The default is nil which means - that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - fc: - description: FC represents a Fibre - Channel resource that is attached - to a kubelet's host machine and - then exposed to the pod. - type: object - properties: - fsType: - description: 'Filesystem type - to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. TODO: how do - we prevent errors in the filesystem - from compromising the machine' - type: string - lun: - description: 'Optional: FC target - lun number' - type: integer - format: int32 - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target - worldwide names (WWNs)' - type: array - items: - type: string - wwids: - description: 'Optional: FC volume - world wide identifiers (wwids) - Either wwids or combination - of targetWWNs and lun must be - set, but not both simultaneously.' - type: array - items: - type: string - flexVolume: - description: FlexVolume represents - a generic volume resource that is - provisioned/attached using an exec - based plugin. - type: object - required: - - driver - properties: - driver: - description: Driver is the name - of the driver to use for this - volume. - type: string - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends - on FlexVolume script. - type: string - options: - description: 'Optional: Extra - command options if any.' - type: object - additionalProperties: - type: string - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef - is reference to the secret object - containing sensitive information - to pass to the plugin scripts. - This may be empty if no secret - object is specified. If the - secret object contains more - than one secret, all secrets - are passed to the plugin scripts.' - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - flocker: - description: Flocker represents a - Flocker volume attached to a kubelet's - host machine. This depends on the - Flocker control service being running - type: object - properties: - datasetName: - description: Name of the dataset - stored as metadata -> name on - the dataset for Flocker should - be considered as deprecated - type: string - datasetUUID: - description: UUID of the dataset. - This is unique identifier of - a Flocker dataset - type: string - gcePersistentDisk: - description: 'GCEPersistentDisk represents - a GCE Disk resource that is attached - to a kubelet''s host machine and - then exposed to the pod. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: object - required: - - pdName - properties: - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - partition: - description: 'The partition in - the volume that you want to - mount. If omitted, the default - is to mount by volume name. - Examples: For volume /dev/sda1, - you specify the partition as - "1". Similarly, the volume partition - for /dev/sda is "0" (or you - can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: integer - format: int32 - pdName: - description: 'Unique name of the - PD resource in GCE. Used to - identify the disk in GCE. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - gitRepo: - description: 'GitRepo represents a - git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. - To provision a container with a - git repo, mount an EmptyDir into - an InitContainer that clones the - repo using git, then mount the EmptyDir - into the Pod''s container.' - type: object - required: - - repository - properties: - directory: - description: Target directory - name. Must not contain or start - with '..'. If '.' is supplied, - the volume directory will be - the git repository. Otherwise, - if specified, the volume will - contain the git repository in - the subdirectory with the given - name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the - specified revision. - type: string - glusterfs: - description: 'Glusterfs represents - a Glusterfs mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/glusterfs/README.md' - type: object - required: - - endpoints - - path - properties: - endpoints: - description: 'EndpointsName is - the endpoint name that details - Glusterfs topology. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will - force the Glusterfs volume to - be mounted with read-only permissions. - Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - hostPath: - description: 'HostPath represents - a pre-existing file or directory - on the host machine that is directly - exposed to the container. This is - generally used for system agents - or other privileged things that - are allowed to see the host machine. - Most containers will NOT need this. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts - and who can/can not mount host directories - as read/write.' - type: object - required: - - path - properties: - path: - description: 'Path of the directory - on the host. If the path is - a symlink, it will follow the - link to the real path. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath - Volume Defaults to "" More info: - https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - iscsi: - description: 'ISCSI represents an - ISCSI Disk resource that is attached - to a kubelet''s host machine and - then exposed to the pod. More info: - https://examples.k8s.io/volumes/iscsi/README.md' - type: object - required: - - iqn - - lun - - targetPortal - properties: - chapAuthDiscovery: - description: whether support iSCSI - Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI - Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator - Name. If initiatorName is specified - with iscsiInterface simultaneously, - new iSCSI interface : will be - created for the connection. - type: string - iqn: - description: Target iSCSI Qualified - Name. - type: string - iscsiInterface: - description: iSCSI Interface Name - that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun - number. - type: integer - format: int32 - portals: - description: iSCSI Target Portal - List. The portal is either an - IP or ip_addr:port if the port - is other than default (typically - TCP ports 860 and 3260). - type: array - items: - type: string - readOnly: - description: ReadOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI - target and initiator authentication - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - targetPortal: - description: iSCSI Target Portal. - The Portal is either an IP or - ip_addr:port if the port is - other than default (typically - TCP ports 860 and 3260). - type: string - name: - description: 'Volume''s name. Must - be a DNS_LABEL and unique within - the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS - mount on the host that shares a - pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: object - required: - - path - - server - properties: - path: - description: 'Path that is exported - by the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will - force the NFS export to be mounted - with read-only permissions. - Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname - or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: object - required: - - claimName - properties: - claimName: - description: 'ClaimName is the - name of a PersistentVolumeClaim - in the same namespace as the - pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly - setting in VolumeMounts. Default - false. - type: boolean - photonPersistentDisk: - description: PhotonPersistentDisk - represents a PhotonController persistent - disk attached and mounted on kubelets - host machine - type: object - required: - - pdID - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - pdID: - description: ID that identifies - Photon Controller persistent - disk - type: string - portworxVolume: - description: PortworxVolume represents - a portworx volume attached and mounted - on kubelets host machine - type: object - required: - - volumeID - properties: - fsType: - description: FSType represents - the filesystem type to mount - Must be a filesystem type supported - by the host operating system. - Ex. "ext4", "xfs". Implicitly - inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely - identifies a Portworx volume - type: string - projected: - description: Items for all in one - resources secrets, configmaps, and - downward API - type: object - required: - - sources - properties: - defaultMode: - description: Mode bits to use - on created files by default. - Must be a value between 0 and - 0777. Directories within the - path are not affected by this - setting. This might be in conflict - with other options that affect - the file mode, like fsGroup, - and the result can be other - mode bits set. - type: integer - format: int32 - sources: - description: list of volume projections - type: array - items: - description: Projection that - may be projected along with - other supported volume types - type: object - properties: - configMap: - description: information - about the configMap data - to project - type: object - properties: - items: - description: If unspecified, - each key-value pair - in the Data field - of the referenced - ConfigMap will be - projected into the - volume as a file whose - name is the key and - content is the value. - If specified, the - listed keys will be - projected into the - specified paths, and - unlisted keys will - not be present. If - a key is specified - which is not present - in the ConfigMap, - the volume setup will - error unless it is - marked optional. Paths - must be relative and - may not contain the - '..' path or start - with '..'. - type: array - items: - description: Maps - a string key to - a path within a - volume. - type: object - required: - - key - - path - properties: - key: - description: The - key to project. - type: string - mode: - description: 'Optional: - mode bits to - use on this - file, must be - a value between - 0 and 0777. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' - type: integer - format: int32 - path: - description: The - relative path - of the file - to map the key - to. May not - be an absolute - path. May not - contain the - path element - '..'. May not - start with the - string '..'. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its keys must be - defined - type: boolean - downwardAPI: - description: information - about the downwardAPI - data to project - type: object - properties: - items: - description: Items is - a list of DownwardAPIVolume - file - type: array - items: - description: DownwardAPIVolumeFile - represents information - to create the file - containing the pod - field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: - Selects a field - of the pod: - only annotations, - labels, name - and namespace - are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema - the FieldPath - is written - in terms - of, defaults - to "v1". - type: string - fieldPath: - description: Path - of the field - to select - in the specified - API version. - type: string - mode: - description: 'Optional: - mode bits to - use on this - file, must be - a value between - 0 and 0777. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' - type: integer - format: int32 - path: - description: 'Required: - Path is the - relative path - name of the - file to be created. - Must not be - absolute or - contain the - ''..'' path. - Must be utf-8 - encoded. The - first item of - the relative - path must not - start with ''..''' - type: string - resourceFieldRef: - description: 'Selects - a resource of - the container: - only resources - limits and requests - (limits.cpu, - limits.memory, - requests.cpu - and requests.memory) - are currently - supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required - for volumes, - optional - for env - vars' - type: string - divisor: - description: Specifies - the output - format of - the exposed - resources, - defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource - to select' - type: string - secret: - description: information - about the secret data - to project - type: object - properties: - items: - description: If unspecified, - each key-value pair - in the Data field - of the referenced - Secret will be projected - into the volume as - a file whose name - is the key and content - is the value. If specified, - the listed keys will - be projected into - the specified paths, - and unlisted keys - will not be present. - If a key is specified - which is not present - in the Secret, the - volume setup will - error unless it is - marked optional. Paths - must be relative and - may not contain the - '..' path or start - with '..'. - type: array - items: - description: Maps - a string key to - a path within a - volume. - type: object - required: - - key - - path - properties: - key: - description: The - key to project. - type: string - mode: - description: 'Optional: - mode bits to - use on this - file, must be - a value between - 0 and 0777. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' - type: integer - format: int32 - path: - description: The - relative path - of the file - to map the key - to. May not - be an absolute - path. May not - contain the - path element - '..'. May not - start with the - string '..'. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - serviceAccountToken: - description: information - about the serviceAccountToken - data to project - type: object - required: - - path - properties: - audience: - description: Audience - is the intended audience - of the token. A recipient - of a token must identify - itself with an identifier - specified in the audience - of the token, and - otherwise should reject - the token. The audience - defaults to the identifier - of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds - is the requested duration - of validity of the - service account token. - As the token approaches - expiration, the kubelet - volume plugin will - proactively rotate - the service account - token. The kubelet - will start trying - to rotate the token - if the token is older - than 80 percent of - its time to live or - if the token is older - than 24 hours.Defaults - to 1 hour and must - be at least 10 minutes. - type: integer - format: int64 - path: - description: Path is - the path relative - to the mount point - of the file to project - the token into. - type: string - quobyte: - description: Quobyte represents a - Quobyte mount on the host that shares - a pod's lifetime - type: object - required: - - registry - - volume - properties: - group: - description: Group to map volume - access to Default is no group - type: string - readOnly: - description: ReadOnly here will - force the Quobyte volume to - be mounted with read-only permissions. - Defaults to false. - type: boolean - registry: - description: Registry represents - a single or multiple Quobyte - Registry services specified - as a string as host:port pair - (multiple entries are separated - with commas) which acts as the - central registry for volumes - type: string - tenant: - description: Tenant owning the - given Quobyte volume in the - Backend Used with dynamically - provisioned Quobyte volumes, - value is set by the plugin - type: string - user: - description: User to map volume - access to Defaults to serivceaccount - user - type: string - volume: - description: Volume is a string - that references an already created - Quobyte volume by name. - type: string - rbd: - description: 'RBD represents a Rados - Block Device mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' - type: object - required: - - image - - monitors - properties: - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - image: - description: 'The rados image - name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path - to key ring for RBDUser. Default - is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of - Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: array - items: - type: string - pool: - description: 'The rados pool name. - Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name - of the authentication secret - for RBDUser. If provided overrides - keyring. Default is nil. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - user: - description: 'The rados user name. - Default is admin. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - scaleIO: - description: ScaleIO represents a - ScaleIO persistent volume attached - and mounted on Kubernetes nodes. - type: object - required: - - gateway - - secretRef - - system - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". - type: string - gateway: - description: The host address - of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO - Protection Domain for the configured - storage. - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references - to the secret for ScaleIO user - and other sensitive information. - If this is not provided, Login - operation will fail. - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - sslEnabled: - description: Flag to enable/disable - SSL communication with Gateway, - default false - type: boolean - storageMode: - description: Indicates whether - the storage for a volume should - be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage - Pool associated with the protection - domain. - type: string - system: - description: The name of the storage - system as configured in ScaleIO. - type: string - volumeName: - description: The name of a volume - already created in the ScaleIO - system that is associated with - this volume source. - type: string - secret: - description: 'Secret represents a - secret that should populate this - volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a value between 0 and - 0777. Defaults to 0644. Directories - within the path are not affected - by this setting. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each - key-value pair in the Data field - of the referenced Secret will - be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the Secret, the volume setup - will error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. - type: array - items: - description: Maps a string key - to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to - project. - type: string - mode: - description: 'Optional: - mode bits to use on this - file, must be a value - between 0 and 0777. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, - like fsGroup, and the - result can be other mode - bits set.' - type: integer - format: int32 - path: - description: The relative - path of the file to map - the key to. May not be - an absolute path. May - not contain the path element - '..'. May not start with - the string '..'. - type: string - optional: - description: Specify whether the - Secret or its keys must be defined - type: boolean - secretName: - description: 'Name of the secret - in the pod''s namespace to use. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - storageos: - description: StorageOS represents - a StorageOS volume attached and - mounted on Kubernetes nodes. - type: object - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies - the secret to use for obtaining - the StorageOS API credentials. If - not specified, default values - will be attempted. - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - volumeName: - description: VolumeName is the - human-readable name of the StorageOS - volume. Volume names are only - unique within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies - the scope of the volume within - StorageOS. If no namespace - is specified then the Pod's - namespace will be used. This - allows the Kubernetes name scoping - to be mirrored within StorageOS - for tighter integration. Set - VolumeName to any name to override - the default behaviour. Set to - "default" if you are not using - namespaces within StorageOS. - Namespaces that do not pre-exist - within StorageOS will be created. - type: string - vsphereVolume: - description: VsphereVolume represents - a vSphere volume attached and mounted - on kubelets host machine - type: object - required: - - volumePath - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based - Management (SPBM) profile ID - associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based - Management (SPBM) profile name. - type: string - volumePath: - description: Path that identifies - vSphere volume vmdk - type: string - permissions: - type: array - items: - description: StrategyDeploymentPermissions describe the - rbac rules and service account needed by the install strategy - type: object - required: - - rules - - serviceAccountName - properties: - rules: - type: array - items: - description: PolicyRule holds information that describes - a policy rule, but does not contain information - about who the rule applies to or which namespace - the rule applies to. - type: object - required: - - verbs - properties: - apiGroups: - description: APIGroups is the name of the APIGroup - that contains the resources. If multiple API - groups are specified, any action requested against - one of the enumerated resources in any API group - will be allowed. - type: array - items: - type: string - nonResourceURLs: - description: NonResourceURLs is a set of partial - urls that a user should have access to. *s - are allowed, but only as the full, final step - in the path Since non-resource URLs are not - namespaced, this field is only applicable for - ClusterRoles referenced from a ClusterRoleBinding. - Rules can either apply to API resources (such - as "pods" or "secrets") or non-resource URL - paths (such as "/api"), but not both. - type: array - items: - type: string - resourceNames: - description: ResourceNames is an optional white - list of names that the rule applies to. An - empty set means that everything is allowed. - type: array - items: - type: string - resources: - description: Resources is a list of resources - this rule applies to. ResourceAll represents - all resources. - type: array - items: - type: string - verbs: - description: Verbs is a list of Verbs that apply - to ALL the ResourceKinds and AttributeRestrictions - contained in this rule. VerbAll represents - all kinds. - type: array - items: - type: string - serviceAccountName: - type: string - strategy: - type: string - installModes: - description: InstallModes specify supported installation types - type: array - items: - description: InstallMode associates an InstallModeType with a flag - representing if the CSV supports it - type: object - required: - - supported - - type - properties: - supported: - type: boolean - type: - description: InstallModeType is a supported type of install - mode for CSV installation - type: string - keywords: - type: array - items: - type: string - labels: - description: Map of string keys and values that can be used to organize - and categorize (scope and select) objects. - type: object - additionalProperties: - type: string - links: - type: array - items: - type: object - properties: - name: - type: string - url: - type: string - maintainers: - type: array - items: - type: object - properties: - email: - type: string - name: - type: string - maturity: - type: string - minKubeVersion: - type: string - nativeAPIs: - type: array - items: - description: GroupVersionKind unambiguously identifies a kind. It - doesn't anonymously include GroupVersion to avoid automatic coersion. It - doesn't use a GroupVersion to avoid custom marshalling - type: object - required: - - group - - kind - - version - properties: - group: - type: string - kind: - type: string - version: - type: string - provider: - type: object - properties: - name: - type: string - url: - type: string - replaces: - description: The name of a CSV this one replaces. Should match the - `metadata.Name` field of the old CSV. - type: string - selector: - description: Label selector for related resources. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - version: - description: OperatorVersion is a wrapper around semver.Version which - supports correct marshaling to YAML and JSON. - type: string - webhookdefinitions: - type: array - items: - description: WebhookDescription provides details to OLM about required - webhooks - type: object - required: - - admissionReviewVersions - - generateName - - sideEffects - - type - properties: - admissionReviewVersions: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - conversionCRDs: - type: array - items: - type: string - deploymentName: - type: string - failurePolicy: - type: string - generateName: - type: string - matchPolicy: - description: MatchPolicyType specifies the type of match policy - type: string - objectSelector: - description: A label selector is a label query over a set of - resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. A - null label selector matches no objects. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - reinvocationPolicy: - description: ReinvocationPolicyType specifies what type of policy - the admission hook uses. - type: string - rules: - type: array - items: - description: RuleWithOperations is a tuple of Operations and - Resources. It is recommended to make sure that all the tuple - expansions are valid. - type: object - properties: - apiGroups: - description: APIGroups is the API groups the resources - belong to. '*' is all groups. If '*' is present, the - length of the slice must be one. Required. - type: array - items: - type: string - apiVersions: - description: APIVersions is the API versions the resources - belong to. '*' is all versions. If '*' is present, the - length of the slice must be one. Required. - type: array - items: - type: string - operations: - description: Operations is the operations the admission - hook cares about - CREATE, UPDATE, or * for all operations. - If '*' is present, the length of the slice must be one. - Required. - type: array - items: - type: string - resources: - description: "Resources is a list of resources this rule - applies to. \n For example: 'pods' means pods. 'pods/log' - means the log subresource of pods. '*' means all resources, - but not subresources. 'pods/*' means all subresources - of pods. '*/scale' means all scale subresources. '*/*' - means all resources and their subresources. \n If wildcard - is present, the validation rule will ensure resources - do not overlap with each other. \n Depending on the - enclosing object, subresources might not be allowed. - Required." - type: array - items: - type: string - scope: - description: scope specifies the scope of this rule. Valid - values are "Cluster", "Namespaced", and "*" "Cluster" - means that only cluster-scoped resources will match - this rule. Namespace API objects are cluster-scoped. - "Namespaced" means that only namespaced resources will - match this rule. "*" means that there are no scope restrictions. - Subresources match the scope of their parent resource. - Default is "*". - type: string - sideEffects: - type: string - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - type: integer - format: int32 - type: - description: WebhookAdmissionType is the type of admission webhooks - supported by OLM - type: string - enum: - - ValidatingAdmissionWebhook - - MutatingAdmissionWebhook - - ConversionWebhook - webhookPath: - type: string - status: - description: ClusterServiceVersionStatus represents information about - the status of a pod. Status may trail the actual state of a system. - type: object - properties: - certsLastUpdated: - description: Last time the owned APIService certs were updated - type: string - format: date-time - certsRotateAt: - description: Time the owned APIService certs will rotate next - type: string - format: date-time - conditions: - description: List of conditions, a history of state transitions - type: array - items: - description: Conditions appear in the status as a record of state - transitions on the ClusterServiceVersion - type: object - properties: - lastTransitionTime: - description: Last time the status transitioned from one status - to another. - type: string - format: date-time - lastUpdateTime: - description: Last time we updated the status - type: string - format: date-time - message: - description: A human readable message indicating details about - why the ClusterServiceVersion is in this condition. - type: string - phase: - description: Condition of the ClusterServiceVersion - type: string - reason: - description: A brief CamelCase message indicating details about - why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' - type: string - lastTransitionTime: - description: Last time the status transitioned from one status to - another. - type: string - format: date-time - lastUpdateTime: - description: Last time we updated the status - type: string - format: date-time - message: - description: A human readable message indicating details about why - the ClusterServiceVersion is in this condition. - type: string - phase: - description: Current condition of the ClusterServiceVersion - type: string - reason: - description: A brief CamelCase message indicating details about why - the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' - type: string - requirementStatus: - description: The status of each requirement for this CSV - type: array - items: - type: object - required: - - group - - kind - - message - - name - - status - - version - properties: - dependents: - type: array - items: - description: DependentStatus is the status for a dependent - requirement (to prevent infinite nesting) - type: object - required: - - group - - kind - - status - - version - properties: - group: - type: string - kind: - type: string - message: - type: string - status: - description: StatusReason is a camelcased reason for the - status of a RequirementStatus or DependentStatus - type: string - uuid: - type: string - version: - type: string - group: - type: string - kind: - type: string - message: - type: string - name: - type: string - status: - description: StatusReason is a camelcased reason for the status - of a RequirementStatus or DependentStatus - type: string - uuid: - type: string - version: - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-installplans.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-installplans.crd.yaml deleted file mode 100644 index 3400241b65..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-installplans.crd.yaml +++ /dev/null @@ -1,303 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-installplans.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: installplans.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: InstallPlan - listKind: InstallPlanList - plural: installplans - shortNames: - - ip - singular: installplan - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The first CSV in the list of clusterServiceVersionNames - jsonPath: .spec.clusterServiceVersionNames[0] - name: CSV - type: string - - description: The approval mode - jsonPath: .spec.approval - name: Approval - type: string - - jsonPath: .spec.approved - name: Approved - type: boolean - name: v1alpha1 - schema: - openAPIV3Schema: - description: InstallPlan defines the installation of a set of operators. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: InstallPlanSpec defines a set of Application resources to - be installed - type: object - required: - - approval - - approved - - clusterServiceVersionNames - properties: - approval: - description: Approval is the user approval policy for an InstallPlan. - It must be one of "Automatic" or "Manual". - type: string - approved: - type: boolean - clusterServiceVersionNames: - type: array - items: - type: string - generation: - type: integer - source: - type: string - sourceNamespace: - type: string - status: - description: "InstallPlanStatus represents the information about the status - of steps required to complete installation. \n Status may trail the - actual state of a system." - type: object - required: - - catalogSources - - phase - properties: - attenuatedServiceAccountRef: - description: AttenuatedServiceAccountRef references the service account - that is used to do scoped operator install. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - bundleLookups: - description: BundleLookups is the set of in-progress requests to pull - and unpackage bundle content to the cluster. - type: array - items: - description: BundleLookup is a request to pull and unpackage the - content of a bundle to the cluster. - type: object - required: - - catalogSourceRef - - identifier - - path - - replaces - properties: - catalogSourceRef: - description: CatalogSourceRef is a reference to the CatalogSource - the bundle path was resolved from. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container - within a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that - triggered the event) or if no container name is specified - "spec.containers[2]" (container with index 2 in this pod). - This syntax is chosen only to have some well-defined way - of referencing a part of an object. TODO: this design - is not final and this field is subject to change in the - future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - conditions: - description: Conditions represents the overall state of a BundleLookup. - type: array - items: - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: Last time the condition transitioned from - one status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time the condition was probed. - type: string - format: date-time - message: - description: A human readable message indicating details - about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, - Unknown. - type: string - type: - description: Type of condition. - type: string - identifier: - description: Identifier is the catalog-unique name of the operator - (the name of the CSV for bundles that contain CSVs) - type: string - path: - description: Path refers to the location of a bundle to pull. - It's typically an image reference. - type: string - replaces: - description: Replaces is the name of the bundle to replace with - the one found at Path. - type: string - catalogSources: - type: array - items: - type: string - conditions: - type: array - items: - description: InstallPlanCondition represents the overall status - of the execution of an InstallPlan. - type: object - properties: - lastTransitionTime: - type: string - format: date-time - lastUpdateTime: - type: string - format: date-time - message: - type: string - reason: - description: ConditionReason is a camelcased reason for the - state transition. - type: string - status: - type: string - type: - description: InstallPlanConditionType describes the state of - an InstallPlan at a certain point as a whole. - type: string - phase: - description: InstallPlanPhase is the current status of a InstallPlan - as a whole. - type: string - plan: - type: array - items: - description: Step represents the status of an individual step in - an InstallPlan. - type: object - required: - - resolving - - resource - - status - properties: - resolving: - type: string - resource: - description: StepResource represents the status of a resource - to be tracked by an InstallPlan. - type: object - required: - - group - - kind - - name - - sourceName - - sourceNamespace - - version - properties: - group: - type: string - kind: - type: string - manifest: - type: string - name: - type: string - sourceName: - type: string - sourceNamespace: - type: string - version: - type: string - status: - description: StepStatus is the current status of a particular - resource an in InstallPlan - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-namespace.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-namespace.yaml deleted file mode 100644 index 13917074d8..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-namespace.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: olm ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: operators diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-operatorgroups.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-operatorgroups.crd.yaml deleted file mode 100644 index f3116f6b54..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-operatorgroups.crd.yaml +++ /dev/null @@ -1,307 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-operatorgroups.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: operatorgroups.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: OperatorGroup - listKind: OperatorGroupList - plural: operatorgroups - shortNames: - - og - singular: operatorgroup - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: OperatorGroup is the unit of multitenancy for OLM managed operators. - It constrains the installation of operators in its namespace to a specified - set of target namespaces. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorGroupSpec is the spec for an OperatorGroup resource. - type: object - properties: - selector: - description: Selector selects the OperatorGroup's target namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - serviceAccountName: - description: ServiceAccountName is the admin specified service account - which will be used to deploy operator(s) in this operator group. - type: string - staticProvidedAPIs: - description: Static tells OLM not to update the OperatorGroup's providedAPIs - annotation - type: boolean - targetNamespaces: - description: TargetNamespaces is an explicit set of namespaces to - target. If it is set, Selector is ignored. - type: array - items: - type: string - x-kubernetes-list-type: set - status: - description: OperatorGroupStatus is the status for an OperatorGroupResource. - type: object - required: - - lastUpdated - properties: - lastUpdated: - description: LastUpdated is a timestamp of the last time the OperatorGroup's - status was Updated. - type: string - format: date-time - namespaces: - description: Namespaces is the set of target namespaces for the OperatorGroup. - type: array - items: - type: string - x-kubernetes-list-type: set - serviceAccountRef: - description: ServiceAccountRef references the service account object - specified. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: true - subresources: - status: {} - - name: v1alpha2 - schema: - openAPIV3Schema: - description: OperatorGroup is the unit of multitenancy for OLM managed operators. - It constrains the installation of operators in its namespace to a specified - set of target namespaces. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorGroupSpec is the spec for an OperatorGroup resource. - type: object - properties: - selector: - description: Selector selects the OperatorGroup's target namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - serviceAccountName: - description: ServiceAccountName is the admin specified service account - which will be used to deploy operator(s) in this operator group. - type: string - staticProvidedAPIs: - description: Static tells OLM not to update the OperatorGroup's providedAPIs - annotation - type: boolean - targetNamespaces: - description: TargetNamespaces is an explicit set of namespaces to - target. If it is set, Selector is ignored. - type: array - items: - type: string - status: - description: OperatorGroupStatus is the status for an OperatorGroupResource. - type: object - required: - - lastUpdated - properties: - lastUpdated: - description: LastUpdated is a timestamp of the last time the OperatorGroup's - status was Updated. - type: string - format: date-time - namespaces: - description: Namespaces is the set of target namespaces for the OperatorGroup. - type: array - items: - type: string - serviceAccountRef: - description: ServiceAccountRef references the service account object - specified. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: false - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-operators.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-operators.crd.yaml deleted file mode 100644 index fe38703d5c..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-operators.crd.yaml +++ /dev/null @@ -1,179 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-operators.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: operators.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: Operator - listKind: OperatorList - plural: operators - singular: operator - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Operator represents a cluster operator. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorSpec defines the desired state of Operator - type: object - status: - description: OperatorStatus defines the observed state of an Operator - and its components - type: object - properties: - components: - description: Components describes resources that compose the operator. - type: object - required: - - labelSelector - properties: - labelSelector: - description: LabelSelector is a label query over a set of resources - used to select the operator's components - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - refs: - description: Refs are a set of references to the operator's component - resources, selected with LabelSelector. - type: array - items: - description: RichReference is a reference to a resource, enriched - with its status conditions. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - conditions: - description: Conditions represents the latest state of the - component. - type: array - items: - description: Condition represent the latest available - observations of an component's state. - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: Last time the condition transitioned - from one status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time the condition was probed - type: string - format: date-time - message: - description: A human readable message indicating details - about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, - False, Unknown. - type: string - type: - description: Type of condition. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container - within a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that - triggered the event) or if no container name is specified - "spec.containers[2]" (container with index 2 in this pod). - This syntax is chosen only to have some well-defined way - of referencing a part of an object. TODO: this design - is not final and this field is subject to change in the - future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-subscriptions.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-subscriptions.crd.yaml deleted file mode 100644 index 67a4a546fb..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_00-subscriptions.crd.yaml +++ /dev/null @@ -1,1837 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-subscriptions.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: subscriptions.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: Subscription - listKind: SubscriptionList - plural: subscriptions - shortNames: - - sub - - subs - singular: subscription - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The package subscribed to - jsonPath: .spec.name - name: Package - type: string - - description: The catalog source for the specified package - jsonPath: .spec.source - name: Source - type: string - - description: The channel of updates to subscribe to - jsonPath: .spec.channel - name: Channel - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Subscription keeps operators up to date by tracking changes to - Catalogs. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: SubscriptionSpec defines an Application that can be installed - type: object - required: - - name - - source - - sourceNamespace - properties: - channel: - type: string - config: - description: SubscriptionConfig contains configuration specified for - a subscription. - type: object - properties: - env: - description: Env is a list of environment variables to set in - the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present - in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - envFrom: - description: EnvFrom is a list of sources to populate environment - variables in the container. The keys defined within a source - must be a C_IDENTIFIER. All invalid keys will be reported as - an event when the container is starting. When a key exists in - multiple sources, the value associated with the last source - will take precedence. Values defined by an Env with a duplicate - key will take precedence. Immutable. - type: array - items: - description: EnvFromSource represents the source of a set of - ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - nodeSelector: - description: 'NodeSelector is a selector which must be true for - the pod to fit on a node. Selector which must match a node''s - labels for the pod to be scheduled on that node. More info: - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - resources: - description: 'Resources represents compute resources required - by this container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - selector: - description: Selector is the label selector for pods to be configured. - Existing ReplicaSets whose pods are selected by this will be - the ones affected by this deployment. It must match the pod - template's labels. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - tolerations: - description: Tolerations are the pod's tolerations. - type: array - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - type: object - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - volumeMounts: - description: List of VolumeMounts to set in the container. - type: array - items: - description: VolumeMount describes a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationNone is used. This - field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - volumes: - description: List of Volumes to set in the podSpec. - type: array - items: - description: Volume represents a named volume in a pod that - may be accessed by any container in the pod. - type: object - required: - - name - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk - resource that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property - empty).' - type: integer - format: int32 - readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the - default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - azureDisk: - description: AzureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. - type: object - required: - - diskName - - diskURI - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read - Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob - disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults - to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - azureFile: - description: AzureFile represents an Azure File Service - mount on the host and bind mount to the pod. - type: object - required: - - secretName - - shareName - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure - Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - cephfs: - description: CephFS represents a Ceph FS mount on the host - that shares a pod's lifetime - type: object - required: - - monitors - properties: - monitors: - description: 'Required: Monitors is a collection of - Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: array - items: - type: string - path: - description: 'Optional: Used as the mounted root, rather - than the full Ceph tree, default is /' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key - ring for User, default is /etc/ceph/user.secret More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef is reference to the - authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - user: - description: 'Optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - cinder: - description: 'Cinder represents a cinder volume attached - and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - volumeID: - description: 'volume id used to identify the volume - in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - configMap: - description: ConfigMap represents a configMap that should - populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be - projected into the volume as a file whose name is - the key and content is the value. If specified, the - listed keys will be projected into the specified paths, - and unlisted keys will not be present. If a key is - specified which is not present in the ConfigMap, the - volume setup will error unless it is marked optional. - Paths must be relative and may not contain the '..' - path or start with '..'. - type: array - items: - description: Maps a string key to a path within a - volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to - map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys - must be defined - type: boolean - csi: - description: CSI (Container Storage Interface) represents - storage that is handled by an external CSI driver (Alpha - feature). - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the CSI driver that - handles this volume. Consult with your admin for the - correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed - to the associated CSI driver which will determine - the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to - the secret object containing sensitive information - to pass to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the - secret object contains more than one secret, all secret - references are passed. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - readOnly: - description: Specifies a read-only configuration for - the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - description: VolumeAttributes stores driver-specific - properties that are passed to the CSI driver. Consult - your driver's documentation for supported values. - type: object - additionalProperties: - type: string - downwardAPI: - description: DownwardAPI represents downward API about the - pod that should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: Items is a list of downward API volume - file - type: array - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the - pod: only annotations, labels, name and namespace - are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative - path name of the file to be created. Must not - be absolute or contain the ''..'' path. Must - be utf-8 encoded. The first item of the relative - path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - emptyDir: - description: 'EmptyDir represents a temporary directory - that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: object - properties: - medium: - description: 'What type of storage medium should back - this directory. The default is "" which means to use - the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required - for this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all - containers in a pod. The default is nil which means - that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - fc: - description: FC represents a Fibre Channel resource that - is attached to a kubelet's host machine and then exposed - to the pod. - type: object - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - lun: - description: 'Optional: FC target lun number' - type: integer - format: int32 - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - type: array - items: - type: string - wwids: - description: 'Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs - and lun must be set, but not both simultaneously.' - type: array - items: - type: string - flexVolume: - description: FlexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the driver to use - for this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. - type: string - options: - description: 'Optional: Extra command options if any.' - type: object - additionalProperties: - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the - secret object containing sensitive information to - pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the - plugin scripts.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - flocker: - description: Flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - type: object - properties: - datasetName: - description: Name of the dataset stored as metadata - -> name on the dataset for Flocker should be considered - as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset - type: string - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: object - required: - - pdName - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property - empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: integer - format: int32 - pdName: - description: 'Unique name of the PD resource in GCE. - Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - gitRepo: - description: 'GitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an - InitContainer that clones the repo using git, then mount - the EmptyDir into the Pod''s container.' - type: object - required: - - repository - properties: - directory: - description: Target directory name. Must not contain - or start with '..'. If '.' is supplied, the volume - directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on - the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - type: object - required: - - endpoints - - path - properties: - endpoints: - description: 'EndpointsName is the endpoint name that - details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More - info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs - volume to be mounted with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - hostPath: - description: 'HostPath represents a pre-existing file or - directory on the host machine that is directly exposed - to the container. This is generally used for system agents - or other privileged things that are allowed to see the - host machine. Most containers will NOT need this. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host - directory mounts and who can/can not mount host directories - as read/write.' - type: object - required: - - path - properties: - path: - description: 'Path of the directory on the host. If - the path is a symlink, it will follow the link to - the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that - is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - type: object - required: - - iqn - - lun - - targetPortal - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new - iSCSI interface : will - be created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI - transport. Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - type: integer - format: int32 - portals: - description: iSCSI Target Portal List. The portal is - either an IP or ip_addr:port if the port is other - than default (typically TCP ports 860 and 3260). - type: array - items: - type: string - readOnly: - description: ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator - authentication - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - targetPortal: - description: iSCSI Target Portal. The Portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). - type: string - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that - shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: object - required: - - path - - server - properties: - path: - description: 'Path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export - to be mounted with read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of - the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: object - required: - - claimName - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine - type: object - required: - - pdID - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent - disk - type: string - portworxVolume: - description: PortworxVolume represents a portworx volume - attached and mounted on kubelets host machine - type: object - required: - - volumeID - properties: - fsType: - description: FSType represents the filesystem type to - mount Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx - volume - type: string - projected: - description: Items for all in one resources secrets, configmaps, - and downward API - type: object - required: - - sources - properties: - defaultMode: - description: Mode bits to use on created files by default. - Must be a value between 0 and 0777. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set. - type: integer - format: int32 - sources: - description: list of volume projections - type: array - items: - description: Projection that may be projected along - with other supported volume types - type: object - properties: - configMap: - description: information about the configMap data - to project - type: object - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced - ConfigMap will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the ConfigMap, the volume setup will - error unless it is marked optional. Paths - must be relative and may not contain the - '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path - within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its keys must be defined - type: boolean - downwardAPI: - description: information about the downwardAPI - data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume - file - type: array - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute or - contain the ''..'' path. Must be utf-8 - encoded. The first item of the relative - path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required - for volumes, optional for env - vars' - type: string - divisor: - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - secret: - description: information about the secret data - to project - type: object - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced - Secret will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the Secret, the volume setup will error - unless it is marked optional. Paths must - be relative and may not contain the '..' - path or start with '..'. - type: array - items: - description: Maps a string key to a path - within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - serviceAccountToken: - description: information about the serviceAccountToken - data to project - type: object - required: - - path - properties: - audience: - description: Audience is the intended audience - of the token. A recipient of a token must - identify itself with an identifier specified - in the audience of the token, and otherwise - should reject the token. The audience defaults - to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, - the kubelet volume plugin will proactively - rotate the service account token. The kubelet - will start trying to rotate the token if - the token is older than 80 percent of its - time to live or if the token is older than - 24 hours.Defaults to 1 hour and must be - at least 10 minutes. - type: integer - format: int64 - path: - description: Path is the path relative to - the mount point of the file to project the - token into. - type: string - quobyte: - description: Quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - type: object - required: - - registry - - volume - properties: - group: - description: Group to map volume access to Default is - no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults - to false. - type: boolean - registry: - description: Registry represents a single or multiple - Quobyte Registry services specified as a string as - host:port pair (multiple entries are separated with - commas) which acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume - in the Backend Used with dynamically provisioned Quobyte - volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to - serivceaccount user - type: string - volume: - description: Volume is a string that references an already - created Quobyte volume by name. - type: string - rbd: - description: 'RBD represents a Rados Block Device mount - on the host that shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' - type: object - required: - - image - - monitors - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: array - items: - type: string - pool: - description: 'The rados pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. - Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - user: - description: 'The rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - type: object - required: - - gateway - - secretRef - - system - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain - for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for - ScaleIO user and other sensitive information. If this - is not provided, Login operation will fail. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - sslEnabled: - description: Flag to enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with - the protection domain. - type: string - system: - description: The name of the storage system as configured - in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in - the ScaleIO system that is associated with this volume - source. - type: string - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and - content is the value. If specified, the listed keys - will be projected into the specified paths, and unlisted - keys will not be present. If a key is specified which - is not present in the Secret, the volume setup will - error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start - with '..'. - type: array - items: - description: Maps a string key to a path within a - volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to - map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. - type: string - optional: - description: Specify whether the Secret or its keys - must be defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - storageos: - description: StorageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - type: object - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for - obtaining the StorageOS API credentials. If not specified, - default values will be attempted. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - volumeName: - description: VolumeName is the human-readable name of - the StorageOS volume. Volume names are only unique - within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of - the volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows - the Kubernetes name scoping to be mirrored within - StorageOS for tighter integration. Set VolumeName - to any name to override the default behaviour. Set - to "default" if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist within - StorageOS will be created. - type: string - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - type: object - required: - - volumePath - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) - profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) - profile name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - installPlanApproval: - description: Approval is the user approval policy for an InstallPlan. - It must be one of "Automatic" or "Manual". - type: string - name: - type: string - source: - type: string - sourceNamespace: - type: string - startingCSV: - type: string - status: - type: object - required: - - lastUpdated - properties: - catalogHealth: - description: CatalogHealth contains the Subscription's view of its - relevant CatalogSources' status. It is used to determine SubscriptionStatusConditions - related to CatalogSources. - type: array - items: - description: SubscriptionCatalogHealth describes the health of a - CatalogSource the Subscription knows about. - type: object - required: - - catalogSourceRef - - healthy - - lastUpdated - properties: - catalogSourceRef: - description: CatalogSourceRef is a reference to a CatalogSource. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container - within a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that - triggered the event) or if no container name is specified - "spec.containers[2]" (container with index 2 in this pod). - This syntax is chosen only to have some well-defined way - of referencing a part of an object. TODO: this design - is not final and this field is subject to change in the - future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - healthy: - description: Healthy is true if the CatalogSource is healthy; - false otherwise. - type: boolean - lastUpdated: - description: LastUpdated represents the last time that the CatalogSourceHealth - changed - type: string - format: date-time - conditions: - description: Conditions is a list of the latest available observations - about a Subscription's current state. - type: array - items: - description: SubscriptionCondition represents the latest available - observations of a Subscription's state. - type: object - required: - - status - - type - properties: - lastHeartbeatTime: - description: LastHeartbeatTime is the last time we got an update - on a given condition - type: string - format: date-time - lastTransitionTime: - description: LastTransitionTime is the last time the condition - transit from one status to another - type: string - format: date-time - message: - description: Message is a human-readable message indicating - details about last transition. - type: string - reason: - description: Reason is a one-word CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition, one of True, - False, Unknown. - type: string - type: - description: Type is the type of Subscription condition. - type: string - currentCSV: - description: CurrentCSV is the CSV the Subscription is progressing - to. - type: string - installPlanGeneration: - description: InstallPlanGeneration is the current generation of the - installplan - type: integer - installPlanRef: - description: InstallPlanRef is a reference to the latest InstallPlan - that contains the Subscription's current CSV. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - installedCSV: - description: InstalledCSV is the CSV currently installed by the Subscription. - type: string - installplan: - description: 'Install is a reference to the latest InstallPlan generated - for the Subscription. DEPRECATED: InstallPlanRef' - type: object - required: - - apiVersion - - kind - - name - - uuid - properties: - apiVersion: - type: string - kind: - type: string - name: - type: string - uuid: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias to - string. Being a type captures intent and helps make sure that - UIDs and names do not get conflated. - type: string - lastUpdated: - description: LastUpdated represents the last time that the Subscription - status was updated. - type: string - format: date-time - reason: - description: Reason is the reason the Subscription was transitioned - to its current state. - type: string - state: - description: State represents the current state of the Subscription - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_01-olm-operator.serviceaccount.yaml deleted file mode 100644 index e21d33d03d..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: olm ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-olm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_07-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_07-olm-operator.deployment.yaml deleted file mode 100644 index df51452961..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_07-olm-operator.deployment.yaml +++ /dev/null @@ -1,63 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_07-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: olm - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - args: - - --namespace - - $(OPERATOR_NAMESPACE) - - --writeStatusName - - "" - image: quay.io/operator-framework/olm@sha256:b9d011c0fbfb65b387904f8fafc47ee1a9479d28d395473341288ee126ed993b - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator - resources: - requests: - cpu: 10m - memory: 160Mi - - - nodeSelector: - kubernetes.io/os: linux diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_08-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_08-catalog-operator.deployment.yaml deleted file mode 100644 index 4dadfcc9e6..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_08-catalog-operator.deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_08-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: olm - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - args: - - '-namespace' - - olm - - -configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest - - -util-image - - quay.io/operator-framework/olm@sha256:b9d011c0fbfb65b387904f8fafc47ee1a9479d28d395473341288ee126ed993b - image: quay.io/operator-framework/olm@sha256:b9d011c0fbfb65b387904f8fafc47ee1a9479d28d395473341288ee126ed993b - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - resources: - requests: - cpu: 10m - memory: 80Mi - - - nodeSelector: - kubernetes.io/os: linux diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_09-aggregated.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_09-aggregated.clusterrole.yaml deleted file mode 100644 index e7aa0af341..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_09-aggregated.clusterrole.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["subscriptions"] - verbs: ["create", "update", "patch", "delete"] -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] - verbs: ["delete"] ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "admin", "edit" and "view" default roles - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "operatorgroups"] - verbs: ["get", "list", "watch"] -- apiGroups: ["packages.operators.coreos.com"] - resources: ["packagemanifests", "packagemanifests/icon"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_13-operatorgroup-default.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_13-operatorgroup-default.yaml deleted file mode 100644 index 56f5bca2bd..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_13-operatorgroup-default.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: global-operators - namespace: operators ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: olm-operators - namespace: olm -spec: - targetNamespaces: - - olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_15-packageserver.clusterserviceversion.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_15-packageserver.clusterserviceversion.yaml deleted file mode 100644 index bae2f0e35e..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_15-packageserver.clusterserviceversion.yaml +++ /dev/null @@ -1,132 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_15-packageserver.clusterserviceversion.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - name: packageserver - namespace: olm - labels: - olm.version: 0.16.1 -spec: - displayName: Package Server - description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion. - minKubeVersion: 1.11.0 - keywords: ['packagemanifests', 'olm', 'packages'] - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - provider: - name: Red Hat - links: - - name: Package Server - url: https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/package-server - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: true - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - clusterPermissions: - - serviceAccountName: olm-operator-serviceaccount - rules: - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - get - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "operators.coreos.com" - resources: - - catalogsources - verbs: - - get - - list - - watch - - apiGroups: - - "packages.operators.coreos.com" - resources: - - packagemanifests - verbs: - - get - - list - deployments: - - name: packageserver - spec: - strategy: - type: RollingUpdate - replicas: 2 - selector: - matchLabels: - app: packageserver - template: - metadata: - labels: - app: packageserver - spec: - serviceAccountName: olm-operator-serviceaccount - nodeSelector: - kubernetes.io/os: linux - containers: - - name: packageserver - command: - - /bin/package-server - - -v=4 - - --secure-port - - "5443" - - --global-namespace - - olm - image: quay.io/operator-framework/olm@sha256:b9d011c0fbfb65b387904f8fafc47ee1a9479d28d395473341288ee126ed993b - imagePullPolicy: Always - ports: - - containerPort: 5443 - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - terminationMessagePolicy: FallbackToLogsOnError - resources: - requests: - cpu: 10m - memory: 50Mi - securityContext: - runAsUser: 1000 - volumeMounts: - - name: tmpfs - mountPath: /tmp - volumes: - - name: tmpfs - emptyDir: {} - maturity: alpha - version: 0.16.1 - apiservicedefinitions: - owned: - - group: packages.operators.coreos.com - version: v1 - kind: PackageManifest - name: packagemanifests - displayName: PackageManifest - description: A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps - deploymentName: packageserver - containerPort: 5443 diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_17-upstream-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_17-upstream-operators.catalogsource.yaml deleted file mode 100644 index 559b4dc719..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.16.1/0000_50_olm_17-upstream-operators.catalogsource.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_17-upstream-operators.catalogsource.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: operatorhubio-catalog - namespace: olm -spec: - sourceType: grpc - image: quay.io/operatorhubio/catalog:latest - displayName: Community Operators - publisher: OperatorHub.io diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-catalogsources.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-catalogsources.crd.yaml deleted file mode 100644 index c762c4e06e..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-catalogsources.crd.yaml +++ /dev/null @@ -1,201 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-catalogsources.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: catalogsources.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: CatalogSource - listKind: CatalogSourceList - plural: catalogsources - shortNames: - - catsrc - singular: catalogsource - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The pretty name of the catalog - jsonPath: .spec.displayName - name: Display - type: string - - description: The type of the catalog - jsonPath: .spec.sourceType - name: Type - type: string - - description: The publisher of the catalog - jsonPath: .spec.publisher - name: Publisher - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: CatalogSource is a repository of CSVs, CRDs, and operator packages. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - required: - - sourceType - properties: - address: - description: 'Address is a host that OLM can use to connect to a pre-existing - registry. Format: : Only used when SourceType - = SourceTypeGrpc. Ignored when the Image field is set.' - type: string - configMap: - description: ConfigMap is the name of the ConfigMap to be used to - back a configmap-server registry. Only used when SourceType = SourceTypeConfigmap - or SourceTypeInternal. - type: string - description: - type: string - displayName: - description: Metadata - type: string - icon: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - mediatype: - type: string - image: - description: Image is an operator-registry container image to instantiate - a registry-server with. Only used when SourceType = SourceTypeGrpc. - If present, the address field is ignored. - type: string - priority: - description: 'Priority field assigns a weight to the catalog source - to prioritize them so that it can be consumed by the dependency - resolver. Usage: Higher weight indicates that this catalog source - is preferred over lower weighted catalog sources during dependency - resolution. The range of the priority value can go from positive - to negative in the range of int32. The default value to a catalog - source with unassigned priority would be 0. The catalog source with - the same priority values will be ranked lexicographically based - on its name.' - type: integer - publisher: - type: string - secrets: - description: Secrets represent set of secrets that can be used to - access the contents of the catalog. It is best to keep this list - small, since each will need to be tried for every catalog entry. - type: array - items: - type: string - sourceType: - description: SourceType is the type of source - type: string - updateStrategy: - description: UpdateStrategy defines how updated catalog source images - can be discovered Consists of an interval that defines polling duration - and an embedded strategy type - type: object - properties: - registryPoll: - type: object - properties: - interval: - description: Interval is used to determine the time interval - between checks of the latest catalog source version. The - catalog operator polls to see if a new version of the catalog - source is available. If available, the latest image is pulled - and gRPC traffic is directed to the latest catalog source. - type: string - status: - type: object - properties: - configMapReference: - type: object - required: - - name - - namespace - properties: - lastUpdateTime: - type: string - format: date-time - name: - type: string - namespace: - type: string - resourceVersion: - type: string - uid: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias to - string. Being a type captures intent and helps make sure that - UIDs and names do not get conflated. - type: string - connectionState: - type: object - required: - - lastObservedState - properties: - address: - type: string - lastConnect: - type: string - format: date-time - lastObservedState: - type: string - latestImageRegistryPoll: - description: The last time the CatalogSource image registry has been - polled to ensure the image is up-to-date - type: string - format: date-time - message: - description: A human readable message indicating details about why - the CatalogSource is in this condition. - type: string - reason: - description: Reason is the reason the CatalogSource was transitioned - to its current state. - type: string - registryService: - type: object - properties: - createdAt: - type: string - format: date-time - port: - type: string - protocol: - type: string - serviceName: - type: string - serviceNamespace: - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-clusterserviceversions.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-clusterserviceversions.crd.yaml deleted file mode 100644 index 9fc84f01ff..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-clusterserviceversions.crd.yaml +++ /dev/null @@ -1,8970 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-clusterserviceversions.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: clusterserviceversions.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - plural: clusterserviceversions - shortNames: - - csv - - csvs - singular: clusterserviceversion - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The name of the CSV - jsonPath: .spec.displayName - name: Display - type: string - - description: The version of the CSV - jsonPath: .spec.version - name: Version - type: string - - description: The name of a CSV that this one replaces - jsonPath: .spec.replaces - name: Replaces - type: string - - jsonPath: .status.phase - name: Phase - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: ClusterServiceVersion is a Custom Resource of type `ClusterServiceVersionSpec`. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClusterServiceVersionSpec declarations tell OLM how to install - an operator that can manage apps for a given version. - type: object - required: - - displayName - - install - properties: - annotations: - description: Annotations is an unstructured key value map stored with - a resource that may be set by external tools to store and retrieve - arbitrary metadata. - type: object - additionalProperties: - type: string - apiservicedefinitions: - description: APIServiceDefinitions declares all of the extension apis - managed or required by an operator being ran by ClusterServiceVersion. - type: object - properties: - owned: - type: array - items: - description: APIServiceDescription provides details to OLM about - apis provided via aggregation - type: object - required: - - group - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - description: - type: string - displayName: - type: string - group: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - required: - type: array - items: - description: APIServiceDescription provides details to OLM about - apis provided via aggregation - type: object - required: - - group - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - description: - type: string - displayName: - type: string - group: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - customresourcedefinitions: - description: "CustomResourceDefinitions declares all of the CRDs managed - or required by an operator being ran by ClusterServiceVersion. \n - If the CRD is present in the Owned list, it is implicitly required." - type: object - properties: - owned: - type: array - items: - description: CRDDescription provides details to OLM about the - CRDs - type: object - required: - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - description: - type: string - displayName: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - required: - type: array - items: - description: CRDDescription provides details to OLM about the - CRDs - type: object - required: - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative - action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - description: - type: string - displayName: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource - type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status - block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. - It implements Marshaler and Unmarshaler and can - be used to delay JSON decoding or precompute a JSON - encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - description: - type: string - displayName: - type: string - icon: - type: array - items: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - mediatype: - type: string - install: - description: NamedInstallStrategy represents the block of an ClusterServiceVersion - resource where the install strategy is specified. - type: object - required: - - strategy - properties: - spec: - description: StrategyDetailsDeployment represents the parsed details - of a Deployment InstallStrategy. - type: object - required: - - deployments - properties: - clusterPermissions: - type: array - items: - description: StrategyDeploymentPermissions describe the - rbac rules and service account needed by the install strategy - type: object - required: - - rules - - serviceAccountName - properties: - rules: - type: array - items: - description: PolicyRule holds information that describes - a policy rule, but does not contain information - about who the rule applies to or which namespace - the rule applies to. - type: object - required: - - verbs - properties: - apiGroups: - description: APIGroups is the name of the APIGroup - that contains the resources. If multiple API - groups are specified, any action requested against - one of the enumerated resources in any API group - will be allowed. - type: array - items: - type: string - nonResourceURLs: - description: NonResourceURLs is a set of partial - urls that a user should have access to. *s - are allowed, but only as the full, final step - in the path Since non-resource URLs are not - namespaced, this field is only applicable for - ClusterRoles referenced from a ClusterRoleBinding. - Rules can either apply to API resources (such - as "pods" or "secrets") or non-resource URL - paths (such as "/api"), but not both. - type: array - items: - type: string - resourceNames: - description: ResourceNames is an optional white - list of names that the rule applies to. An - empty set means that everything is allowed. - type: array - items: - type: string - resources: - description: Resources is a list of resources - this rule applies to. ResourceAll represents - all resources. - type: array - items: - type: string - verbs: - description: Verbs is a list of Verbs that apply - to ALL the ResourceKinds and AttributeRestrictions - contained in this rule. VerbAll represents - all kinds. - type: array - items: - type: string - serviceAccountName: - type: string - deployments: - type: array - items: - description: StrategyDeploymentSpec contains the name, spec - and labels for the deployment ALM should create - type: object - required: - - name - - spec - properties: - label: - description: Set is a map of label:value. It implements - Labels. - type: object - additionalProperties: - type: string - name: - type: string - spec: - description: DeploymentSpec is the specification of - the desired behavior of the Deployment. - type: object - required: - - selector - - template - properties: - minReadySeconds: - description: Minimum number of seconds for which - a newly created pod should be ready without any - of its container crashing, for it to be considered - available. Defaults to 0 (pod will be considered - available as soon as it is ready) - type: integer - format: int32 - paused: - description: Indicates that the deployment is paused. - type: boolean - progressDeadlineSeconds: - description: The maximum time in seconds for a deployment - to make progress before it is considered to be - failed. The deployment controller will continue - to process failed deployments and a condition - with a ProgressDeadlineExceeded reason will be - surfaced in the deployment status. Note that progress - will not be estimated during the time a deployment - is paused. Defaults to 600s. - type: integer - format: int32 - replicas: - description: Number of desired pods. This is a pointer - to distinguish between explicit zero and not specified. - Defaults to 1. - type: integer - format: int32 - revisionHistoryLimit: - description: The number of old ReplicaSets to retain - to allow rollback. This is a pointer to distinguish - between explicit zero and not specified. Defaults - to 10. - type: integer - format: int32 - selector: - description: Label selector for pods. Existing ReplicaSets - whose pods are selected by this will be the ones - affected by this deployment. It must match the - pod template's labels. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - type: array - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - additionalProperties: - type: string - strategy: - description: The deployment strategy to use to replace - existing pods with new ones. - type: object - properties: - rollingUpdate: - description: 'Rolling update config params. - Present only if DeploymentStrategyType = RollingUpdate. - --- TODO: Update this to follow our convention - for oneOf, whatever we decide it to be.' - type: object - properties: - maxSurge: - description: 'The maximum number of pods - that can be scheduled above the desired - number of pods. Value can be an absolute - number (ex: 5) or a percentage of desired - pods (ex: 10%). This can not be 0 if MaxUnavailable - is 0. Absolute number is calculated from - percentage by rounding up. Defaults to - 25%. Example: when this is set to 30%, - the new ReplicaSet can be scaled up immediately - when the rolling update starts, such that - the total number of old and new pods do - not exceed 130% of desired pods. Once - old pods have been killed, new ReplicaSet - can be scaled up further, ensuring that - total number of pods running at any time - during the update is at most 130% of desired - pods.' - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - description: 'The maximum number of pods - that can be unavailable during the update. - Value can be an absolute number (ex: 5) - or a percentage of desired pods (ex: 10%). - Absolute number is calculated from percentage - by rounding down. This can not be 0 if - MaxSurge is 0. Defaults to 25%. Example: - when this is set to 30%, the old ReplicaSet - can be scaled down to 70% of desired pods - immediately when the rolling update starts. - Once new pods are ready, old ReplicaSet - can be scaled down further, followed by - scaling up the new ReplicaSet, ensuring - that the total number of pods available - at all times during the update is at least - 70% of desired pods.' - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: - description: Type of deployment. Can be "Recreate" - or "RollingUpdate". Default is RollingUpdate. - type: string - template: - description: Template describes the pods that will - be created. - type: object - properties: - metadata: - description: 'Standard object''s metadata. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - description: 'Specification of the desired behavior - of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - containers - properties: - activeDeadlineSeconds: - description: Optional duration in seconds - the pod may be active on the node relative - to StartTime before the system will actively - try to mark it failed and kill associated - containers. Value must be a positive integer. - type: integer - format: int64 - affinity: - description: If specified, the pod's scheduling - constraints - type: object - properties: - nodeAffinity: - description: Describes node affinity - scheduling rules for the pod. - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node matches - the corresponding matchExpressions; - the node(s) with the highest sum - are the most preferred. - type: array - items: - description: An empty preferred - scheduling term matches all - objects with implicit weight - 0 (i.e. it's a no-op). A null - preferred scheduling term matches - no objects (i.e. is also a no-op). - type: object - required: - - preference - - weight - properties: - preference: - description: A node selector - term, associated with the - corresponding weight. - type: object - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchFields: - description: A list of - node selector requirements - by node's fields. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - weight: - description: Weight associated - with matching the corresponding - nodeSelectorTerm, in the - range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to an - update), the system may or may - not try to eventually evict the - pod from its node. - type: object - required: - - nodeSelectorTerms - properties: - nodeSelectorTerms: - description: Required. A list - of node selector terms. The - terms are ORed. - type: array - items: - description: A null or empty - node selector term matches - no objects. The requirements - of them are ANDed. The TopologySelectorTerm - type implements a subset - of the NodeSelectorTerm. - type: object - properties: - matchExpressions: - description: A list of - node selector requirements - by node's labels. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchFields: - description: A list of - node selector requirements - by node's fields. - type: array - items: - description: A node - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: The - label key that - the selector applies - to. - type: string - operator: - description: Represents - a key's relationship - to a set of values. - Valid operators - are In, NotIn, - Exists, DoesNotExist. - Gt, and Lt. - type: string - values: - description: An - array of string - values. If the - operator is In - or NotIn, the - values array must - be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - If the operator - is Gt or Lt, the - values array must - have a single - element, which - will be interpreted - as an integer. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - podAffinity: - description: Describes pod affinity - scheduling rules (e.g. co-locate this - pod in the same node, zone, etc. as - some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the affinity expressions - specified by this field, but it - may choose a node that violates - one or more of the expressions. - The node that is most preferred - is the one with the greatest sum - of weights, i.e. for each node - that meets all of the scheduling - requirements (resource request, - requiredDuringScheduling affinity - expressions, etc.), compute a - sum by iterating through the elements - of this field and adding "weight" - to the sum if the node has pods - which matches the corresponding - podAffinityTerm; the node(s) with - the highest sum are the most preferred. - type: array - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces - specifies which namespaces - the labelSelector applies - to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements - specified by this field are not - met at scheduling time, the pod - will not be scheduled onto the - node. If the affinity requirements - specified by this field cease - to be met at some point during - pod execution (e.g. due to a pod - label update), the system may - or may not try to eventually evict - the pod from its node. When there - are multiple elements, the lists - of nodes corresponding to each - podAffinityTerm are intersected, - i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - podAntiAffinity: - description: Describes pod anti-affinity - scheduling rules (e.g. avoid putting - this pod in the same node, zone, etc. - as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will - prefer to schedule pods to nodes - that satisfy the anti-affinity - expressions specified by this - field, but it may choose a node - that violates one or more of the - expressions. The node that is - most preferred is the one with - the greatest sum of weights, i.e. - for each node that meets all of - the scheduling requirements (resource - request, requiredDuringScheduling - anti-affinity expressions, etc.), - compute a sum by iterating through - the elements of this field and - adding "weight" to the sum if - the node has pods which matches - the corresponding podAffinityTerm; - the node(s) with the highest sum - are the most preferred. - type: array - items: - description: The weights of all - of the matched WeightedPodAffinityTerm - fields are added per-node to - find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod - affinity term, associated - with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label - selector requirements. - The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector - that contains - values, a key, - and an operator - that relates the - key and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label - key that the - selector applies - to. - type: string - operator: - description: operator - represents - a key's relationship - to a set of - values. Valid - operators - are In, NotIn, - Exists and - DoesNotExist. - type: string - values: - description: values - is an array - of string - values. If - the operator - is In or NotIn, - the values - array must - be non-empty. - If the operator - is Exists - or DoesNotExist, - the values - array must - be empty. - This array - is replaced - during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single - {key,value} in the - matchLabels map - is equivalent to - an element of matchExpressions, - whose key field - is "key", the operator - is "In", and the - values array contains - only "value". The - requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces - specifies which namespaces - the labelSelector applies - to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod - should be co-located - (affinity) or not co-located - (anti-affinity) with - the pods matching the - labelSelector in the - specified namespaces, - where co-located is - defined as running on - a node whose value of - the label with key topologyKey - matches that of any - node on which any of - the selected pods is - running. Empty topologyKey - is not allowed. - type: string - weight: - description: weight associated - with matching the corresponding - podAffinityTerm, in the - range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity - requirements specified by this - field are not met at scheduling - time, the pod will not be scheduled - onto the node. If the anti-affinity - requirements specified by this - field cease to be met at some - point during pod execution (e.g. - due to a pod label update), the - system may or may not try to eventually - evict the pod from its node. When - there are multiple elements, the - lists of nodes corresponding to - each podAffinityTerm are intersected, - i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of - pods (namely those matching - the labelSelector relative to - the given namespace(s)) that - this pod should be co-located - (affinity) or not co-located - (anti-affinity) with, where - co-located is defined as running - on a node whose value of the - label with key - matches that of any node on - which a pod of the set of pods - is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query - over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - type: array - items: - description: A label - selector requirement - is a selector that - contains values, a - key, and an operator - that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key - is the label key - that the selector - applies to. - type: string - operator: - description: operator - represents a key's - relationship to - a set of values. - Valid operators - are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values - is an array of - string values. - If the operator - is In or NotIn, - the values array - must be non-empty. - If the operator - is Exists or DoesNotExist, - the values array - must be empty. - This array is - replaced during - a strategic merge - patch. - type: array - items: - type: string - matchLabels: - description: matchLabels - is a map of {key,value} - pairs. A single {key,value} - in the matchLabels map - is equivalent to an - element of matchExpressions, - whose key field is "key", - the operator is "In", - and the values array - contains only "value". - The requirements are - ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies - which namespaces the labelSelector - applies to (matches against); - null or empty list means - "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should - be co-located (affinity) - or not co-located (anti-affinity) - with the pods matching the - labelSelector in the specified - namespaces, where co-located - is defined as running on - a node whose value of the - label with key topologyKey - matches that of any node - on which any of the selected - pods is running. Empty topologyKey - is not allowed. - type: string - automountServiceAccountToken: - description: AutomountServiceAccountToken - indicates whether a service account token - should be automatically mounted. - type: boolean - containers: - description: List of containers belonging - to the pod. Containers cannot currently - be added or removed. There must be at - least one container in a Pod. Cannot be - updated. - type: array - items: - description: A single application container - that you want to run within a pod. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used - if this is not provided. Variable - references $(VAR_NAME) are expanded - using the container''s environment. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless - of whether the variable exists or - not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not - executed within a shell. The docker - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be - expanded, regardless of whether - the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables - to set in the container. Cannot - be updated. - type: array - items: - description: EnvVar represents an - environment variable present in - a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previous defined environment - variables in the container - and any service environment - variables. If a variable cannot - be resolved, the reference - in the input string will be - unchanged. The $(VAR_NAME) - syntax can be escaped with - a double $$, ie: $$(VAR_NAME). - Escaped references will never - be expanded, regardless of - whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the - environment variable's value. - Cannot be used if value is - not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key - of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key - to select. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its key must be - defined - type: boolean - fieldRef: - description: 'Selects a - field of the pod: supports - metadata.name, metadata.namespace, - metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key - of the secret to select - from. Must be a valid - secret key. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source - must be a C_IDENTIFIER. All invalid - keys will be reported as an event - when the container is starting. - When a key exists in multiple sources, - the value associated with the last - source will take precedence. Values - defined by an Env with a duplicate - key will take precedence. Cannot - be updated. - type: array - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to - select from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be - defined - type: boolean - prefix: - description: An optional identifier - to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - image: - description: 'Docker image name. More - info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow - higher level config management to - default or override container images - in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. - Defaults to Always if :latest tag - is specified, or IfNotPresent otherwise. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management - system should take in response to - container lifecycle events. Cannot - be updated. - type: object - properties: - postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated - and restarted according to its - restart policy. Other management - of the container blocks until - the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API - request or management event - such as liveness/startup probe - failure, preemption, resource - contention, etc. The handler - is not called if the container - crashes or exits. The reason - for termination is passed to - the handler. The Pod''s termination - grace period countdown begins - before the PreStop hooked is - executed. Regardless of the - outcome of the handler, the - container will eventually terminate - within the Pod''s termination - grace period. Other management - of the container blocks until - the hook completes or until - the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container - specified as a DNS_LABEL. Each container - in a pod must have a unique name - (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose - from the container. Exposing a port - here gives the system additional - information about the network connections - a container uses, but is primarily - informational. Not specifying a - port here DOES NOT prevent that - port from being exposed. Any port - which is listening on the default - "0.0.0.0" address inside a container - will be accessible from the network. - Cannot be updated. - type: array - items: - description: ContainerPort represents - a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port - to expose on the pod's IP - address. This must be a valid - port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to - bind the external port to. - type: string - hostPort: - description: Number of port - to expose on the host. If - specified, this must be a - valid port number, 0 < x < - 65536. If HostNetwork is specified, - this must match ContainerPort. - Most containers do not need - this. - type: integer - format: int32 - name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. - Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container - service readiness. Container will - be removed from service endpoints - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'Security options the - pod should run with. More info: - https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs - flag will be set on the container - process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities - to add/drop when running containers. - Defaults to the default set - of capabilities granted by the - container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - privileged: - description: Run container in - privileged mode. Processes in - privileged containers are essentially - equivalent to root on the host. - Defaults to false. - type: boolean - procMount: - description: procMount denotes - the type of proc mount to use - for the containers. The default - is DefaultProcMount which uses - the container runtime defaults - for readonly paths and masked - paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the - entrypoint of the container - process. Uses runtime default - if unset. May also be set in - PodSecurityContext. If set - in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext - takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to - start the container if it does. - If unset or false, no such validation - will be performed. May also - be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the - entrypoint of the container - process. Defaults to user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: object - properties: - level: - description: Level is SELinux - level label that applies - to the container. - type: string - role: - description: Role is a SELinux - role label that applies - to the container. - type: string - type: - description: Type is a SELinux - type label that applies - to the container. - type: string - user: - description: User is a SELinux - user label that applies - to the container. - type: string - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options - from the PodSecurityContext - will be used. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of - the GMSA credential spec - named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName - in Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - startupProbe: - description: 'StartupProbe indicates - that the Pod has successfully initialized. - If specified, no other probes are - executed until this completes successfully. - If this probe fails, the Pod will - be restarted, just as if the livenessProbe - failed. This can be used to provide - different probe parameters at the - beginning of a Pod''s lifecycle, - when it might take a long time to - load data or warm a cache, than - during steady-state operation. This - cannot be updated. This is a beta - feature enabled by the StartupProbe - feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in - the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container - runtime should close the stdin channel - after it has been opened by a single - attach. When stdin is true the stdin - stream will remain open across multiple - attach sessions. If stdinOnce is - set to true, stdin is opened on - container start, is empty until - the first client attaches to stdin, - and then remains open and accepts - data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads - from stdin will never receive an - EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s - filesystem. Message written is intended - to be brief final status, such as - an assertion failure message. Will - be truncated by the node if greater - than 4096 bytes. The total message - length across all containers will - be limited to 12kb. Defaults to - /dev/termination-log. Cannot be - updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status - message on both success and failure. - FallbackToLogsOnError will use the - last chunk of container log output - if the termination message file - is empty and the container exited - with an error. The log output is - limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to - File. Cannot be updated. - type: string - tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the - list of block devices to be used - by the container. - type: array - items: - description: volumeDevice describes - a mapping of a raw block device - within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. - type: string - name: - description: name must match - the name of a persistentVolumeClaim - in the pod - type: string - volumeMounts: - description: Pod volumes to mount - into the container's filesystem. - Cannot be updated. - type: array - items: - description: VolumeMount describes - a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the - container at which the volume - should be mounted. Must not - contain ':'. - type: string - mountPropagation: - description: mountPropagation - determines how mounts are - propagated from the host to - container and the other way - around. When not set, MountPropagationNone - is used. This field is beta - in 1.10. - type: string - name: - description: This must match - the Name of a Volume. - type: string - readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. - type: boolean - subPath: - description: Path within the - volume from which the container's - volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the - container's volume should - be mounted. Behaves similarly - to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. - If not specified, the container - runtime's default will be used, - which might be configured in the - container image. Cannot be updated. - type: string - dnsConfig: - description: Specifies the DNS parameters - of a pod. Parameters specified here will - be merged to the generated DNS configuration - based on DNSPolicy. - type: object - properties: - nameservers: - description: A list of DNS name server - IP addresses. This will be appended - to the base nameservers generated - from DNSPolicy. Duplicated nameservers - will be removed. - type: array - items: - type: string - options: - description: A list of DNS resolver - options. This will be merged with - the base options generated from DNSPolicy. - Duplicated entries will be removed. - Resolution options given in Options - will override those that appear in - the base DNSPolicy. - type: array - items: - description: PodDNSConfigOption defines - DNS resolver options of a pod. - type: object - properties: - name: - description: Required. - type: string - value: - type: string - searches: - description: A list of DNS search domains - for host-name lookup. This will be - appended to the base search paths - generated from DNSPolicy. Duplicated - search paths will be removed. - type: array - items: - type: string - dnsPolicy: - description: Set DNS policy for the pod. - Defaults to "ClusterFirst". Valid values - are 'ClusterFirstWithHostNet', 'ClusterFirst', - 'Default' or 'None'. DNS parameters given - in DNSConfig will be merged with the policy - selected with DNSPolicy. To have DNS options - set along with hostNetwork, you have to - specify DNS policy explicitly to 'ClusterFirstWithHostNet'. - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates - whether information about services should - be injected into pod''s environment variables, - matching the syntax of Docker links. Optional: - Defaults to true.' - type: boolean - ephemeralContainers: - description: List of ephemeral containers - run in this pod. Ephemeral containers - may be run in an existing pod to perform - user-initiated actions such as debugging. - This list cannot be specified when creating - a pod, and it cannot be modified by updating - the pod spec. In order to add an ephemeral - container to an existing pod, use the - pod's ephemeralcontainers subresource. - This field is alpha-level and is only - honored by servers that enable the EphemeralContainers - feature. - type: array - items: - description: An EphemeralContainer is - a container that may be added temporarily - to an existing pod for user-initiated - activities such as debugging. Ephemeral - containers have no resource or scheduling - guarantees, and they will not be restarted - when they exit or when a pod is removed - or restarted. If an ephemeral container - causes a pod to exceed its resource - allocation, the pod may be evicted. - Ephemeral containers may not be added - by directly updating the pod spec. They - must be added via the pod's ephemeralcontainers - subresource, and they will appear in - the pod spec once added. This is an - alpha feature enabled by the EphemeralContainers - feature flag. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used - if this is not provided. Variable - references $(VAR_NAME) are expanded - using the container''s environment. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless - of whether the variable exists or - not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not - executed within a shell. The docker - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be - expanded, regardless of whether - the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables - to set in the container. Cannot - be updated. - type: array - items: - description: EnvVar represents an - environment variable present in - a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previous defined environment - variables in the container - and any service environment - variables. If a variable cannot - be resolved, the reference - in the input string will be - unchanged. The $(VAR_NAME) - syntax can be escaped with - a double $$, ie: $$(VAR_NAME). - Escaped references will never - be expanded, regardless of - whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the - environment variable's value. - Cannot be used if value is - not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key - of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key - to select. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its key must be - defined - type: boolean - fieldRef: - description: 'Selects a - field of the pod: supports - metadata.name, metadata.namespace, - metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key - of the secret to select - from. Must be a valid - secret key. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source - must be a C_IDENTIFIER. All invalid - keys will be reported as an event - when the container is starting. - When a key exists in multiple sources, - the value associated with the last - source will take precedence. Values - defined by an Env with a duplicate - key will take precedence. Cannot - be updated. - type: array - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to - select from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be - defined - type: boolean - prefix: - description: An optional identifier - to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - image: - description: 'Docker image name. More - info: https://kubernetes.io/docs/concepts/containers/images' - type: string - imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. - Defaults to Always if :latest tag - is specified, or IfNotPresent otherwise. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle is not allowed - for ephemeral containers. - type: object - properties: - postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated - and restarted according to its - restart policy. Other management - of the container blocks until - the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API - request or management event - such as liveness/startup probe - failure, preemption, resource - contention, etc. The handler - is not called if the container - crashes or exits. The reason - for termination is passed to - the handler. The Pod''s termination - grace period countdown begins - before the PreStop hooked is - executed. Regardless of the - outcome of the handler, the - container will eventually terminate - within the Pod''s termination - grace period. Other management - of the container blocks until - the hook completes or until - the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: Probes are not allowed - for ephemeral containers. - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the ephemeral - container specified as a DNS_LABEL. - This name must be unique among all - containers, init containers and - ephemeral containers. - type: string - ports: - description: Ports are not allowed - for ephemeral containers. - type: array - items: - description: ContainerPort represents - a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port - to expose on the pod's IP - address. This must be a valid - port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to - bind the external port to. - type: string - hostPort: - description: Number of port - to expose on the host. If - specified, this must be a - valid port number, 0 < x < - 65536. If HostNetwork is specified, - this must match ContainerPort. - Most containers do not need - this. - type: integer - format: int32 - name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. - Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - readinessProbe: - description: Probes are not allowed - for ephemeral containers. - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: Resources are not allowed - for ephemeral containers. Ephemeral - containers use spare resources already - allocated to the pod. - type: object - properties: - limits: - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: SecurityContext is not - allowed for ephemeral containers. - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs - flag will be set on the container - process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities - to add/drop when running containers. - Defaults to the default set - of capabilities granted by the - container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - privileged: - description: Run container in - privileged mode. Processes in - privileged containers are essentially - equivalent to root on the host. - Defaults to false. - type: boolean - procMount: - description: procMount denotes - the type of proc mount to use - for the containers. The default - is DefaultProcMount which uses - the container runtime defaults - for readonly paths and masked - paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the - entrypoint of the container - process. Uses runtime default - if unset. May also be set in - PodSecurityContext. If set - in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext - takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to - start the container if it does. - If unset or false, no such validation - will be performed. May also - be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the - entrypoint of the container - process. Defaults to user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: object - properties: - level: - description: Level is SELinux - level label that applies - to the container. - type: string - role: - description: Role is a SELinux - role label that applies - to the container. - type: string - type: - description: Type is a SELinux - type label that applies - to the container. - type: string - user: - description: User is a SELinux - user label that applies - to the container. - type: string - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options - from the PodSecurityContext - will be used. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of - the GMSA credential spec - named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName - in Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - startupProbe: - description: Probes are not allowed - for ephemeral containers. - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in - the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container - runtime should close the stdin channel - after it has been opened by a single - attach. When stdin is true the stdin - stream will remain open across multiple - attach sessions. If stdinOnce is - set to true, stdin is opened on - container start, is empty until - the first client attaches to stdin, - and then remains open and accepts - data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads - from stdin will never receive an - EOF. Default is false - type: boolean - targetContainerName: - description: If set, the name of the - container from PodSpec that this - ephemeral container targets. The - ephemeral container will be run - in the namespaces (IPC, PID, etc) - of this container. If not set then - the ephemeral container is run in - whatever namespaces are shared for - the pod. Note that the container - runtime must support this feature. - type: string - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s - filesystem. Message written is intended - to be brief final status, such as - an assertion failure message. Will - be truncated by the node if greater - than 4096 bytes. The total message - length across all containers will - be limited to 12kb. Defaults to - /dev/termination-log. Cannot be - updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status - message on both success and failure. - FallbackToLogsOnError will use the - last chunk of container log output - if the termination message file - is empty and the container exited - with an error. The log output is - limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to - File. Cannot be updated. - type: string - tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the - list of block devices to be used - by the container. - type: array - items: - description: volumeDevice describes - a mapping of a raw block device - within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. - type: string - name: - description: name must match - the name of a persistentVolumeClaim - in the pod - type: string - volumeMounts: - description: Pod volumes to mount - into the container's filesystem. - Cannot be updated. - type: array - items: - description: VolumeMount describes - a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the - container at which the volume - should be mounted. Must not - contain ':'. - type: string - mountPropagation: - description: mountPropagation - determines how mounts are - propagated from the host to - container and the other way - around. When not set, MountPropagationNone - is used. This field is beta - in 1.10. - type: string - name: - description: This must match - the Name of a Volume. - type: string - readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. - type: boolean - subPath: - description: Path within the - volume from which the container's - volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the - container's volume should - be mounted. Behaves similarly - to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. - If not specified, the container - runtime's default will be used, - which might be configured in the - container image. Cannot be updated. - type: string - hostAliases: - description: HostAliases is an optional - list of hosts and IPs that will be injected - into the pod's hosts file if specified. - This is only valid for non-hostNetwork - pods. - type: array - items: - description: HostAlias holds the mapping - between IP and hostnames that will be - injected as an entry in the pod's hosts - file. - type: object - properties: - hostnames: - description: Hostnames for the above - IP address. - type: array - items: - type: string - ip: - description: IP address of the host - file entry. - type: string - hostIPC: - description: 'Use the host''s ipc namespace. - Optional: Default to false.' - type: boolean - hostNetwork: - description: Host networking requested for - this pod. Use the host's network namespace. - If this option is set, the ports that - will be used must be specified. Default - to false. - type: boolean - hostPID: - description: 'Use the host''s pid namespace. - Optional: Default to false.' - type: boolean - hostname: - description: Specifies the hostname of the - Pod If not specified, the pod's hostname - will be set to a system-defined value. - type: string - imagePullSecrets: - description: 'ImagePullSecrets is an optional - list of references to secrets in the same - namespace to use for pulling any of the - images used by this PodSpec. If specified, - these secrets will be passed to individual - puller implementations for them to use. - For example, in the case of docker, only - DockerConfig type secrets are honored. - More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains - enough information to let you locate - the referenced object inside the same - namespace. - type: object - properties: - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - initContainers: - description: 'List of initialization containers - belonging to the pod. Init containers - are executed in order prior to containers - being started. If any init container fails, - the pod is considered to have failed and - is handled according to its restartPolicy. - The name for an init container or normal - container must be unique among all containers. - Init containers may not have Lifecycle - actions, Readiness probes, Liveness probes, - or Startup probes. The resourceRequirements - of an init container are taken into account - during scheduling by finding the highest - request/limit for each resource type, - and then using the max of of that value - or the sum of the normal containers. Limits - are applied to init containers in a similar - fashion. Init containers cannot currently - be added or removed. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: A single application container - that you want to run within a pod. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. - The docker image''s CMD is used - if this is not provided. Variable - references $(VAR_NAME) are expanded - using the container''s environment. - If a variable cannot be resolved, - the reference in the input string - will be unchanged. The $(VAR_NAME) - syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless - of whether the variable exists or - not. Cannot be updated. More info: - https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not - executed within a shell. The docker - image''s ENTRYPOINT is used if this - is not provided. Variable references - $(VAR_NAME) are expanded using the - container''s environment. If a variable - cannot be resolved, the reference - in the input string will be unchanged. - The $(VAR_NAME) syntax can be escaped - with a double $$, ie: $$(VAR_NAME). - Escaped references will never be - expanded, regardless of whether - the variable exists or not. Cannot - be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables - to set in the container. Cannot - be updated. - type: array - items: - description: EnvVar represents an - environment variable present in - a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment - variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references - $(VAR_NAME) are expanded using - the previous defined environment - variables in the container - and any service environment - variables. If a variable cannot - be resolved, the reference - in the input string will be - unchanged. The $(VAR_NAME) - syntax can be escaped with - a double $$, ie: $$(VAR_NAME). - Escaped references will never - be expanded, regardless of - whether the variable exists - or not. Defaults to "".' - type: string - valueFrom: - description: Source for the - environment variable's value. - Cannot be used if value is - not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key - of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key - to select. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its key must be - defined - type: boolean - fieldRef: - description: 'Selects a - field of the pod: supports - metadata.name, metadata.namespace, - metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, - status.hostIP, status.podIP, - status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, limits.ephemeral-storage, - requests.cpu, requests.memory - and requests.ephemeral-storage) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - secretKeyRef: - description: Selects a key - of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key - of the secret to select - from. Must be a valid - secret key. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - envFrom: - description: List of sources to populate - environment variables in the container. - The keys defined within a source - must be a C_IDENTIFIER. All invalid - keys will be reported as an event - when the container is starting. - When a key exists in multiple sources, - the value associated with the last - source will take precedence. Values - defined by an Env with a duplicate - key will take precedence. Cannot - be updated. - type: array - items: - description: EnvFromSource represents - the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to - select from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the ConfigMap must be - defined - type: boolean - prefix: - description: An optional identifier - to prepend to each key in - the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select - from - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether - the Secret must be defined - type: boolean - image: - description: 'Docker image name. More - info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow - higher level config management to - default or override container images - in workload controllers like Deployments - and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One - of Always, Never, IfNotPresent. - Defaults to Always if :latest tag - is specified, or IfNotPresent otherwise. - Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management - system should take in response to - container lifecycle events. Cannot - be updated. - type: object - properties: - postStart: - description: 'PostStart is called - immediately after a container - is created. If the handler fails, - the container is terminated - and restarted according to its - restart policy. Other management - of the container blocks until - the hook completes. More info: - https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called - immediately before a container - is terminated due to an API - request or management event - such as liveness/startup probe - failure, preemption, resource - contention, etc. The handler - is not called if the container - crashes or exits. The reason - for termination is passed to - the handler. The Pod''s termination - grace period countdown begins - before the PreStop hooked is - executed. Regardless of the - outcome of the handler, the - container will eventually terminate - within the Pod''s termination - grace period. Other management - of the container blocks until - the hook completes or until - the termination grace period - is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only - one of the following should - be specified. Exec specifies - the action to take. - type: object - properties: - command: - description: Command is - the command line to - execute inside the container, - the working directory - for the command is - root ('/') in the container's - filesystem. The command - is simply exec'd, it - is not run inside a - shell, so traditional - shell instructions ('|', - etc) won't work. To - use a shell, you need - to explicitly call out - to that shell. Exit - status of 0 is treated - as live/healthy and - non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name - to connect to, defaults - to the pod IP. You probably - want to set "Host" in - httpHeaders instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. - HTTP allows repeated - headers. - type: array - items: - description: HTTPHeader - describes a custom - header to be used - in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The - header field name - type: string - value: - description: The - header field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access - on the container. Number - must be in the range - 1 to 65535. Name must - be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to - use for connecting to - the host. Defaults to - HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP - port. TCP hooks not yet - supported TODO: implement - a realistic TCP lifecycle - hook' - type: object - required: - - port - properties: - host: - description: 'Optional: - Host name to connect - to, defaults to the - pod IP.' - type: string - port: - description: Number or - name of the port to - access on the container. - Number must be in the - range 1 to 65535. Name - must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: 'Periodic probe of container - liveness. Container will be restarted - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container - specified as a DNS_LABEL. Each container - in a pod must have a unique name - (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose - from the container. Exposing a port - here gives the system additional - information about the network connections - a container uses, but is primarily - informational. Not specifying a - port here DOES NOT prevent that - port from being exposed. Any port - which is listening on the default - "0.0.0.0" address inside a container - will be accessible from the network. - Cannot be updated. - type: array - items: - description: ContainerPort represents - a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port - to expose on the pod's IP - address. This must be a valid - port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to - bind the external port to. - type: string - hostPort: - description: Number of port - to expose on the host. If - specified, this must be a - valid port number, 0 < x < - 65536. If HostNetwork is specified, - this must match ContainerPort. - Most containers do not need - this. - type: integer - format: int32 - name: - description: If specified, this - must be an IANA_SVC_NAME and - unique within the pod. Each - named port in a pod must have - a unique name. Name for the - port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. - Must be UDP, TCP, or SCTP. - Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container - service readiness. Container will - be removed from service endpoints - if the probe fails. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required - by this container. Cannot be updated. - More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes - the maximum amount of compute - resources allowed. More info: - https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes - the minimum amount of compute - resources required. If Requests - is omitted for a container, - it defaults to Limits if that - is explicitly specified, otherwise - to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'Security options the - pod should run with. More info: - https://kubernetes.io/docs/concepts/policy/security-context/ - More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation - controls whether a process can - gain more privileges than its - parent process. This bool directly - controls if the no_new_privs - flag will be set on the container - process. AllowPrivilegeEscalation - is true always when the container - is: 1) run as Privileged 2) - has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities - to add/drop when running containers. - Defaults to the default set - of capabilities granted by the - container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability - represent POSIX capabilities - type - type: string - privileged: - description: Run container in - privileged mode. Processes in - privileged containers are essentially - equivalent to root on the host. - Defaults to false. - type: boolean - procMount: - description: procMount denotes - the type of proc mount to use - for the containers. The default - is DefaultProcMount which uses - the container runtime defaults - for readonly paths and masked - paths. This requires the ProcMountType - feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container - has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the - entrypoint of the container - process. Uses runtime default - if unset. May also be set in - PodSecurityContext. If set - in both SecurityContext and - PodSecurityContext, the value - specified in SecurityContext - takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the - container must run as a non-root - user. If true, the Kubelet will - validate the image at runtime - to ensure that it does not run - as UID 0 (root) and fail to - start the container if it does. - If unset or false, no such validation - will be performed. May also - be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the - entrypoint of the container - process. Defaults to user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context - to be applied to the container. - If unspecified, the container - runtime will allocate a random - SELinux context for each container. May - also be set in PodSecurityContext. If - set in both SecurityContext - and PodSecurityContext, the - value specified in SecurityContext - takes precedence. - type: object - properties: - level: - description: Level is SELinux - level label that applies - to the container. - type: string - role: - description: Role is a SELinux - role label that applies - to the container. - type: string - type: - description: Type is a SELinux - type label that applies - to the container. - type: string - user: - description: User is a SELinux - user label that applies - to the container. - type: string - windowsOptions: - description: The Windows specific - settings applied to all containers. - If unspecified, the options - from the PodSecurityContext - will be used. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission - webhook (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of - the GMSA credential spec - named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA - credential spec to use. - type: string - runAsUserName: - description: The UserName - in Windows to run the entrypoint - of the container process. - Defaults to the user specified - in image metadata if unspecified. - May also be set in PodSecurityContext. - If set in both SecurityContext - and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - startupProbe: - description: 'StartupProbe indicates - that the Pod has successfully initialized. - If specified, no other probes are - executed until this completes successfully. - If this probe fails, the Pod will - be restarted, just as if the livenessProbe - failed. This can be used to provide - different probe parameters at the - beginning of a Pod''s lifecycle, - when it might take a long time to - load data or warm a cache, than - during steady-state operation. This - cannot be updated. This is a beta - feature enabled by the StartupProbe - feature flag. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one - of the following should be specified. - Exec specifies the action to - take. - type: object - properties: - command: - description: Command is the - command line to execute - inside the container, the - working directory for the - command is root ('/') in - the container's filesystem. - The command is simply exec'd, - it is not run inside a shell, - so traditional shell instructions - ('|', etc) won't work. To - use a shell, you need to - explicitly call out to that - shell. Exit status of 0 - is treated as live/healthy - and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive - failures for the probe to be - considered failed after having - succeeded. Defaults to 3. Minimum - value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies - the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to - connect to, defaults to - the pod IP. You probably - want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers - to set in the request. HTTP - allows repeated headers. - type: array - items: - description: HTTPHeader - describes a custom header - to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header - field name - type: string - value: - description: The header - field value - type: string - path: - description: Path to access - on the HTTP server. - type: string - port: - description: Name or number - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use - for connecting to the host. - Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds - after the container has started - before liveness probes are initiated. - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) - to perform the probe. Default - to 10 seconds. Minimum value - is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive - successes for the probe to be - considered successful after - having failed. Defaults to 1. - Must be 1 for liveness and startup. - Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies - an action involving a TCP port. - TCP hooks not yet supported - TODO: implement a realistic - TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host - name to connect to, defaults - to the pod IP.' - type: string - port: - description: Number or name - of the port to access on - the container. Number must - be in the range 1 to 65535. - Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds - after which the probe times - out. Defaults to 1 second. Minimum - value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container - should allocate a buffer for stdin - in the container runtime. If this - is not set, reads from stdin in - the container will always result - in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container - runtime should close the stdin channel - after it has been opened by a single - attach. When stdin is true the stdin - stream will remain open across multiple - attach sessions. If stdinOnce is - set to true, stdin is opened on - container start, is empty until - the first client attaches to stdin, - and then remains open and accepts - data until the client disconnects, - at which time stdin is closed and - remains closed until the container - is restarted. If this flag is false, - a container processes that reads - from stdin will never receive an - EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which - the file to which the container''s - termination message will be written - is mounted into the container''s - filesystem. Message written is intended - to be brief final status, such as - an assertion failure message. Will - be truncated by the node if greater - than 4096 bytes. The total message - length across all containers will - be limited to 12kb. Defaults to - /dev/termination-log. Cannot be - updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination - message should be populated. File - will use the contents of terminationMessagePath - to populate the container status - message on both success and failure. - FallbackToLogsOnError will use the - last chunk of container log output - if the termination message file - is empty and the container exited - with an error. The log output is - limited to 2048 bytes or 80 lines, - whichever is smaller. Defaults to - File. Cannot be updated. - type: string - tty: - description: Whether this container - should allocate a TTY for itself, - also requires 'stdin' to be true. - Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the - list of block devices to be used - by the container. - type: array - items: - description: volumeDevice describes - a mapping of a raw block device - within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the - path inside of the container - that the device will be mapped - to. - type: string - name: - description: name must match - the name of a persistentVolumeClaim - in the pod - type: string - volumeMounts: - description: Pod volumes to mount - into the container's filesystem. - Cannot be updated. - type: array - items: - description: VolumeMount describes - a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the - container at which the volume - should be mounted. Must not - contain ':'. - type: string - mountPropagation: - description: mountPropagation - determines how mounts are - propagated from the host to - container and the other way - around. When not set, MountPropagationNone - is used. This field is beta - in 1.10. - type: string - name: - description: This must match - the Name of a Volume. - type: string - readOnly: - description: Mounted read-only - if true, read-write otherwise - (false or unspecified). Defaults - to false. - type: boolean - subPath: - description: Path within the - volume from which the container's - volume should be mounted. - Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within - the volume from which the - container's volume should - be mounted. Behaves similarly - to SubPath but environment - variable references $(VAR_NAME) - are expanded using the container's - environment. Defaults to "" - (volume's root). SubPathExpr - and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. - If not specified, the container - runtime's default will be used, - which might be configured in the - container image. Cannot be updated. - type: string - nodeName: - description: NodeName is a request to schedule - this pod onto a specific node. If it is - non-empty, the scheduler simply schedules - this pod onto that node, assuming that - it fits resource requirements. - type: string - nodeSelector: - description: 'NodeSelector is a selector - which must be true for the pod to fit - on a node. Selector which must match a - node''s labels for the pod to be scheduled - on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - overhead: - description: 'Overhead represents the resource - overhead associated with running a pod - for a given RuntimeClass. This field will - be autopopulated at admission time by - the RuntimeClass admission controller. - If the RuntimeClass admission controller - is enabled, overhead must not be set in - Pod create requests. The RuntimeClass - admission controller will reject Pod create - requests which have the overhead already - set. If RuntimeClass is configured and - selected in the PodSpec, Overhead will - be set to the value defined in the corresponding - RuntimeClass, otherwise it will remain - unset and treated as zero. More info: - https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md - This field is alpha-level as of Kubernetes - v1.16, and is only honored by servers - that enable the PodOverhead feature.' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preemptionPolicy: - description: PreemptionPolicy is the Policy - for preempting pods with lower priority. - One of Never, PreemptLowerPriority. Defaults - to PreemptLowerPriority if unset. This - field is alpha-level and is only honored - by servers that enable the NonPreemptingPriority - feature. - type: string - priority: - description: The priority value. Various - system components use this field to find - the priority of the pod. When Priority - Admission Controller is enabled, it prevents - users from setting this field. The admission - controller populates this field from PriorityClassName. - The higher the value, the higher the priority. - type: integer - format: int32 - priorityClassName: - description: If specified, indicates the - pod's priority. "system-node-critical" - and "system-cluster-critical" are two - special keywords which indicate the highest - priorities with the former being the highest - priority. Any other name must be defined - by creating a PriorityClass object with - that name. If not specified, the pod priority - will be default or zero if there is no - default. - type: string - readinessGates: - description: 'If specified, all readiness - gates will be evaluated for pod readiness. - A pod is ready when all its containers - are ready AND all conditions specified - in the readiness gates have status equal - to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' - type: array - items: - description: PodReadinessGate contains - the reference to a pod condition - type: object - required: - - conditionType - properties: - conditionType: - description: ConditionType refers - to a condition in the pod's condition - list with matching type. - type: string - restartPolicy: - description: 'Restart policy for all containers - within the pod. One of Always, OnFailure, - Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' - type: string - runtimeClassName: - description: 'RuntimeClassName refers to - a RuntimeClass object in the node.k8s.io - group, which should be used to run this - pod. If no RuntimeClass resource matches - the named class, the pod will not be run. - If unset or empty, the "legacy" RuntimeClass - will be used, which is an implicit class - with an empty definition that uses the - default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md - This is a beta feature as of Kubernetes - v1.14.' - type: string - schedulerName: - description: If specified, the pod will - be dispatched by specified scheduler. - If not specified, the pod will be dispatched - by default scheduler. - type: string - securityContext: - description: 'SecurityContext holds pod-level - security attributes and common container - settings. Optional: Defaults to empty. See - type description for default values of - each field.' - type: object - properties: - fsGroup: - description: "A special supplemental - group that applies to all containers - in a pod. Some volume types allow - the Kubelet to change the ownership - of that volume to be owned by the - pod: \n 1. The owning GID will be - the FSGroup 2. The setgid bit is set - (new files created in the volume will - be owned by FSGroup) 3. The permission - bits are OR'd with rw-rw---- \n If - unset, the Kubelet will not modify - the ownership and permissions of any - volume." - type: integer - format: int64 - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines - behavior of changing ownership and - permission of the volume before being - exposed inside Pod. This field will - only apply to volume types which support - fsGroup based ownership(and permissions). - It will have no effect on ephemeral - volume types such as: secret, configmaps - and emptydir. Valid values are "OnRootMismatch" - and "Always". If not specified defaults - to "Always".' - type: string - runAsGroup: - description: The GID to run the entrypoint - of the container process. Uses runtime - default if unset. May also be set - in SecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container - must run as a non-root user. If true, - the Kubelet will validate the image - at runtime to ensure that it does - not run as UID 0 (root) and fail to - start the container if it does. If - unset or false, no such validation - will be performed. May also be set - in SecurityContext. If set in both - SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint - of the container process. Defaults - to user specified in image metadata - if unspecified. May also be set in - SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value - specified in SecurityContext takes - precedence for that container. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context to - be applied to all containers. If unspecified, - the container runtime will allocate - a random SELinux context for each - container. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence for that container. - type: object - properties: - level: - description: Level is SELinux level - label that applies to the container. - type: string - role: - description: Role is a SELinux role - label that applies to the container. - type: string - type: - description: Type is a SELinux type - label that applies to the container. - type: string - user: - description: User is a SELinux user - label that applies to the container. - type: string - supplementalGroups: - description: A list of groups applied - to the first process run in each container, - in addition to the container's primary - GID. If unspecified, no groups will - be added to any container. - type: array - items: - type: integer - format: int64 - sysctls: - description: Sysctls hold a list of - namespaced sysctls used for the pod. - Pods with unsupported sysctls (by - the container runtime) might fail - to launch. - type: array - items: - description: Sysctl defines a kernel - parameter to be set - type: object - required: - - name - - value - properties: - name: - description: Name of a property - to set - type: string - value: - description: Value of a property - to set - type: string - windowsOptions: - description: The Windows specific settings - applied to all containers. If unspecified, - the options within a container's SecurityContext - will be used. If set in both SecurityContext - and PodSecurityContext, the value - specified in SecurityContext takes - precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec - is where the GMSA admission webhook - (https://github.com/kubernetes-sigs/windows-gmsa) - inlines the contents of the GMSA - credential spec named by the GMSACredentialSpecName - field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName - is the name of the GMSA credential - spec to use. - type: string - runAsUserName: - description: The UserName in Windows - to run the entrypoint of the container - process. Defaults to the user - specified in image metadata if - unspecified. May also be set in - PodSecurityContext. If set in - both SecurityContext and PodSecurityContext, - the value specified in SecurityContext - takes precedence. - type: string - serviceAccount: - description: 'DeprecatedServiceAccount is - a depreciated alias for ServiceAccountName. - Deprecated: Use serviceAccountName instead.' - type: string - serviceAccountName: - description: 'ServiceAccountName is the - name of the ServiceAccount to use to run - this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - shareProcessNamespace: - description: 'Share a single process namespace - between all of the containers in a pod. - When this is set containers will be able - to view and signal processes from other - containers in the same pod, and the first - process in each container will not be - assigned PID 1. HostPID and ShareProcessNamespace - cannot both be set. Optional: Default - to false.' - type: boolean - subdomain: - description: If specified, the fully qualified - Pod hostname will be "...svc.". If not - specified, the pod will not have a domainname - at all. - type: string - terminationGracePeriodSeconds: - description: Optional duration in seconds - the pod needs to terminate gracefully. - May be decreased in delete request. Value - must be non-negative integer. The value - zero indicates delete immediately. If - this value is nil, the default grace period - will be used instead. The grace period - is the duration in seconds after the processes - running in the pod are sent a termination - signal and the time when the processes - are forcibly halted with a kill signal. - Set this value longer than the expected - cleanup time for your process. Defaults - to 30 seconds. - type: integer - format: int64 - tolerations: - description: If specified, the pod's tolerations. - type: array - items: - description: The pod this Toleration is - attached to tolerates any taint that - matches the triple - using the matching operator . - type: object - properties: - effect: - description: Effect indicates the - taint effect to match. Empty means - match all taint effects. When specified, - allowed values are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Key is the taint key - that the toleration applies to. - Empty means match all taint keys. - If the key is empty, operator must - be Exists; this combination means - to match all values and all keys. - type: string - operator: - description: Operator represents a - key's relationship to the value. - Valid operators are Exists and Equal. - Defaults to Equal. Exists is equivalent - to wildcard for value, so that a - pod can tolerate all taints of a - particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents - the period of time the toleration - (which must be of effect NoExecute, - otherwise this field is ignored) - tolerates the taint. By default, - it is not set, which means tolerate - the taint forever (do not evict). - Zero and negative values will be - treated as 0 (evict immediately) - by the system. - type: integer - format: int64 - value: - description: Value is the taint value - the toleration matches to. If the - operator is Exists, the value should - be empty, otherwise just a regular - string. - type: string - topologySpreadConstraints: - description: TopologySpreadConstraints describes - how a group of pods ought to spread across - topology domains. Scheduler will schedule - pods in a way which abides by the constraints. - This field is only honored by clusters - that enable the EvenPodsSpread feature. - All topologySpreadConstraints are ANDed. - type: array - items: - description: TopologySpreadConstraint - specifies how to spread matching pods - among the given topology. - type: object - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - properties: - labelSelector: - description: LabelSelector is used - to find matching pods. Pods that - match this label selector are counted - to determine the number of pods - in their corresponding topology - domain. - type: object - properties: - matchExpressions: - description: matchExpressions - is a list of label selector - requirements. The requirements - are ANDed. - type: array - items: - description: A label selector - requirement is a selector - that contains values, a key, - and an operator that relates - the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the - label key that the selector - applies to. - type: string - operator: - description: operator represents - a key's relationship to - a set of values. Valid - operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an - array of string values. - If the operator is In - or NotIn, the values array - must be non-empty. If - the operator is Exists - or DoesNotExist, the values - array must be empty. This - array is replaced during - a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a - map of {key,value} pairs. A - single {key,value} in the matchLabels - map is equivalent to an element - of matchExpressions, whose key - field is "key", the operator - is "In", and the values array - contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - maxSkew: - description: 'MaxSkew describes the - degree to which pods may be unevenly - distributed. It''s the maximum permitted - difference between the number of - matching pods in any two topology - domains of a given topology type. - For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with - the same labelSelector spread as - 1/1/0: | zone1 | zone2 | zone3 | - | P | P | | - if MaxSkew - is 1, incoming pod can only be scheduled - to zone3 to become 1/1/1; scheduling - it onto zone1(zone2) would make - the ActualSkew(2-0) on zone1(zone2) - violate MaxSkew(1). - if MaxSkew - is 2, incoming pod can be scheduled - onto any zone. It''s a required - field. Default value is 1 and 0 - is not allowed.' - type: integer - format: int32 - topologyKey: - description: TopologyKey is the key - of node labels. Nodes that have - a label with this key and identical - values are considered to be in the - same topology. We consider each - as a "bucket", and - try to put balanced number of pods - into each bucket. It's a required - field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates - how to deal with a pod if it doesn''t - satisfy the spread constraint. - - DoNotSchedule (default) tells the - scheduler not to schedule it - ScheduleAnyway - tells the scheduler to still schedule - it It''s considered as "Unsatisfiable" - if and only if placing incoming - pod on any topology violates "MaxSkew". - For example, in a 3-zone cluster, - MaxSkew is set to 1, and pods with - the same labelSelector spread as - 3/1/1: | zone1 | zone2 | zone3 | - | P P P | P | P | If WhenUnsatisfiable - is set to DoNotSchedule, incoming - pod can only be scheduled to zone2(zone3) - to become 3/2/1(3/1/2) as ActualSkew(2-1) - on zone2(zone3) satisfies MaxSkew(1). - In other words, the cluster can - still be imbalanced, but scheduler - won''t make it *more* imbalanced. - It''s a required field.' - type: string - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - description: 'List of volumes that can be - mounted by containers belonging to the - pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named - volume in a pod that may be accessed - by any container in the pod. - type: object - required: - - name - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore - represents an AWS Disk resource - that is attached to a kubelet''s - host machine and then exposed to - the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - partition: - description: 'The partition in - the volume that you want to - mount. If omitted, the default - is to mount by volume name. - Examples: For volume /dev/sda1, - you specify the partition as - "1". Similarly, the volume partition - for /dev/sda is "0" (or you - can leave the property empty).' - type: integer - format: int32 - readOnly: - description: 'Specify "true" to - force and set the ReadOnly property - in VolumeMounts to "true". If - omitted, the default is "false". - More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the - persistent disk resource in - AWS (Amazon EBS volume). More - info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - azureDisk: - description: AzureDisk represents - an Azure Data Disk mount on the - host and bind mount to the pod. - type: object - required: - - diskName - - diskURI - properties: - cachingMode: - description: 'Host Caching mode: - None, Read Only, Read Write.' - type: string - diskName: - description: The Name of the data - disk in the blob storage - type: string - diskURI: - description: The URI the data - disk in the blob storage - type: string - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - kind: - description: 'Expected values - Shared: multiple blob disks - per storage account Dedicated: - single blob disk per storage - account Managed: azure managed - data disk (only in managed availability - set). defaults to shared' - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - azureFile: - description: AzureFile represents - an Azure File Service mount on the - host and bind mount to the pod. - type: object - required: - - secretName - - shareName - properties: - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretName: - description: the name of secret - that contains Azure Storage - Account Name and Key - type: string - shareName: - description: Share Name - type: string - cephfs: - description: CephFS represents a Ceph - FS mount on the host that shares - a pod's lifetime - type: object - required: - - monitors - properties: - monitors: - description: 'Required: Monitors - is a collection of Ceph monitors - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: array - items: - type: string - path: - description: 'Optional: Used as - the mounted root, rather than - the full Ceph tree, default - is /' - type: string - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile - is the path to key ring for - User, default is /etc/ceph/user.secret - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef - is reference to the authentication - secret for User, default is - empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - user: - description: 'Optional: User is - the rados user name, default - is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - cinder: - description: 'Cinder represents a - cinder volume attached and mounted - on kubelets host machine. More info: - https://examples.k8s.io/mysql-cinder-pd/README.md' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type - to mount. Must be a filesystem - type supported by the host operating - system. Examples: "ext4", "xfs", - "ntfs". Implicitly inferred - to be "ext4" if unspecified. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts. More - info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points - to a secret object containing - parameters used to connect to - OpenStack.' - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - volumeID: - description: 'volume id used to - identify the volume in cinder. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - configMap: - description: ConfigMap represents - a configMap that should populate - this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a value between 0 and - 0777. Defaults to 0644. Directories - within the path are not affected - by this setting. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each - key-value pair in the Data field - of the referenced ConfigMap - will be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the ConfigMap, the volume - setup will error unless it is - marked optional. Paths must - be relative and may not contain - the '..' path or start with - '..'. - type: array - items: - description: Maps a string key - to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to - project. - type: string - mode: - description: 'Optional: - mode bits to use on this - file, must be a value - between 0 and 0777. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, - like fsGroup, and the - result can be other mode - bits set.' - type: integer - format: int32 - path: - description: The relative - path of the file to map - the key to. May not be - an absolute path. May - not contain the path element - '..'. May not start with - the string '..'. - type: string - name: - description: 'Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the - ConfigMap or its keys must be - defined - type: boolean - csi: - description: CSI (Container Storage - Interface) represents storage that - is handled by an external CSI driver - (Alpha feature). - type: object - required: - - driver - properties: - driver: - description: Driver is the name - of the CSI driver that handles - this volume. Consult with your - admin for the correct name as - registered in the cluster. - type: string - fsType: - description: Filesystem type to - mount. Ex. "ext4", "xfs", "ntfs". - If not provided, the empty value - is passed to the associated - CSI driver which will determine - the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef - is a reference to the secret - object containing sensitive - information to pass to the CSI - driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. - This field is optional, and may - be empty if no secret is required. - If the secret object contains - more than one secret, all secret - references are passed. - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - readOnly: - description: Specifies a read-only - configuration for the volume. - Defaults to false (read/write). - type: boolean - volumeAttributes: - description: VolumeAttributes - stores driver-specific properties - that are passed to the CSI driver. - Consult your driver's documentation - for supported values. - type: object - additionalProperties: - type: string - downwardAPI: - description: DownwardAPI represents - downward API about the pod that - should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a value between 0 and - 0777. Defaults to 0644. Directories - within the path are not affected - by this setting. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' - type: integer - format: int32 - items: - description: Items is a list of - downward API volume file - type: array - items: - description: DownwardAPIVolumeFile - represents information to - create the file containing - the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: - Selects a field of the - pod: only annotations, - labels, name and namespace - are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema the - FieldPath is written - in terms of, defaults - to "v1". - type: string - fieldPath: - description: Path of - the field to select - in the specified API - version. - type: string - mode: - description: 'Optional: - mode bits to use on this - file, must be a value - between 0 and 0777. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, - like fsGroup, and the - result can be other mode - bits set.' - type: integer - format: int32 - path: - description: 'Required: - Path is the relative - path name of the file - to be created. Must not - be absolute or contain - the ''..'' path. Must - be utf-8 encoded. The - first item of the relative - path must not start with - ''..''' - type: string - resourceFieldRef: - description: 'Selects a - resource of the container: - only resources limits - and requests (limits.cpu, - limits.memory, requests.cpu - and requests.memory) are - currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required for - volumes, optional - for env vars' - type: string - divisor: - description: Specifies - the output format - of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource to select' - type: string - emptyDir: - description: 'EmptyDir represents - a temporary directory that shares - a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: object - properties: - medium: - description: 'What type of storage - medium should back this directory. - The default is "" which means - to use the node''s default medium. - Must be an empty string (default) - or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of - local storage required for this - EmptyDir volume. The size limit - is also applicable for memory - medium. The maximum usage on - memory medium EmptyDir would - be the minimum value between - the SizeLimit specified here - and the sum of memory limits - of all containers in a pod. - The default is nil which means - that the limit is undefined. - More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - fc: - description: FC represents a Fibre - Channel resource that is attached - to a kubelet's host machine and - then exposed to the pod. - type: object - properties: - fsType: - description: 'Filesystem type - to mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. TODO: how do - we prevent errors in the filesystem - from compromising the machine' - type: string - lun: - description: 'Optional: FC target - lun number' - type: integer - format: int32 - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target - worldwide names (WWNs)' - type: array - items: - type: string - wwids: - description: 'Optional: FC volume - world wide identifiers (wwids) - Either wwids or combination - of targetWWNs and lun must be - set, but not both simultaneously.' - type: array - items: - type: string - flexVolume: - description: FlexVolume represents - a generic volume resource that is - provisioned/attached using an exec - based plugin. - type: object - required: - - driver - properties: - driver: - description: Driver is the name - of the driver to use for this - volume. - type: string - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - The default filesystem depends - on FlexVolume script. - type: string - options: - description: 'Optional: Extra - command options if any.' - type: object - additionalProperties: - type: string - readOnly: - description: 'Optional: Defaults - to false (read/write). ReadOnly - here will force the ReadOnly - setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef - is reference to the secret object - containing sensitive information - to pass to the plugin scripts. - This may be empty if no secret - object is specified. If the - secret object contains more - than one secret, all secrets - are passed to the plugin scripts.' - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - flocker: - description: Flocker represents a - Flocker volume attached to a kubelet's - host machine. This depends on the - Flocker control service being running - type: object - properties: - datasetName: - description: Name of the dataset - stored as metadata -> name on - the dataset for Flocker should - be considered as deprecated - type: string - datasetUUID: - description: UUID of the dataset. - This is unique identifier of - a Flocker dataset - type: string - gcePersistentDisk: - description: 'GCEPersistentDisk represents - a GCE Disk resource that is attached - to a kubelet''s host machine and - then exposed to the pod. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: object - required: - - pdName - properties: - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - partition: - description: 'The partition in - the volume that you want to - mount. If omitted, the default - is to mount by volume name. - Examples: For volume /dev/sda1, - you specify the partition as - "1". Similarly, the volume partition - for /dev/sda is "0" (or you - can leave the property empty). - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: integer - format: int32 - pdName: - description: 'Unique name of the - PD resource in GCE. Used to - identify the disk in GCE. More - info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - gitRepo: - description: 'GitRepo represents a - git repository at a particular revision. - DEPRECATED: GitRepo is deprecated. - To provision a container with a - git repo, mount an EmptyDir into - an InitContainer that clones the - repo using git, then mount the EmptyDir - into the Pod''s container.' - type: object - required: - - repository - properties: - directory: - description: Target directory - name. Must not contain or start - with '..'. If '.' is supplied, - the volume directory will be - the git repository. Otherwise, - if specified, the volume will - contain the git repository in - the subdirectory with the given - name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the - specified revision. - type: string - glusterfs: - description: 'Glusterfs represents - a Glusterfs mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/glusterfs/README.md' - type: object - required: - - endpoints - - path - properties: - endpoints: - description: 'EndpointsName is - the endpoint name that details - Glusterfs topology. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs - volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will - force the Glusterfs volume to - be mounted with read-only permissions. - Defaults to false. More info: - https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - hostPath: - description: 'HostPath represents - a pre-existing file or directory - on the host machine that is directly - exposed to the container. This is - generally used for system agents - or other privileged things that - are allowed to see the host machine. - Most containers will NOT need this. - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict - who can use host directory mounts - and who can/can not mount host directories - as read/write.' - type: object - required: - - path - properties: - path: - description: 'Path of the directory - on the host. If the path is - a symlink, it will follow the - link to the real path. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath - Volume Defaults to "" More info: - https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - iscsi: - description: 'ISCSI represents an - ISCSI Disk resource that is attached - to a kubelet''s host machine and - then exposed to the pod. More info: - https://examples.k8s.io/volumes/iscsi/README.md' - type: object - required: - - iqn - - lun - - targetPortal - properties: - chapAuthDiscovery: - description: whether support iSCSI - Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI - Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator - Name. If initiatorName is specified - with iscsiInterface simultaneously, - new iSCSI interface : will be - created for the connection. - type: string - iqn: - description: Target iSCSI Qualified - Name. - type: string - iscsiInterface: - description: iSCSI Interface Name - that uses an iSCSI transport. - Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun - number. - type: integer - format: int32 - portals: - description: iSCSI Target Portal - List. The portal is either an - IP or ip_addr:port if the port - is other than default (typically - TCP ports 860 and 3260). - type: array - items: - type: string - readOnly: - description: ReadOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI - target and initiator authentication - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - targetPortal: - description: iSCSI Target Portal. - The Portal is either an IP or - ip_addr:port if the port is - other than default (typically - TCP ports 860 and 3260). - type: string - name: - description: 'Volume''s name. Must - be a DNS_LABEL and unique within - the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS - mount on the host that shares a - pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: object - required: - - path - - server - properties: - path: - description: 'Path that is exported - by the NFS server. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will - force the NFS export to be mounted - with read-only permissions. - Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname - or IP address of the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource - represents a reference to a PersistentVolumeClaim - in the same namespace. More info: - https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: object - required: - - claimName - properties: - claimName: - description: 'ClaimName is the - name of a PersistentVolumeClaim - in the same namespace as the - pod using this volume. More - info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly - setting in VolumeMounts. Default - false. - type: boolean - photonPersistentDisk: - description: PhotonPersistentDisk - represents a PhotonController persistent - disk attached and mounted on kubelets - host machine - type: object - required: - - pdID - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - pdID: - description: ID that identifies - Photon Controller persistent - disk - type: string - portworxVolume: - description: PortworxVolume represents - a portworx volume attached and mounted - on kubelets host machine - type: object - required: - - volumeID - properties: - fsType: - description: FSType represents - the filesystem type to mount - Must be a filesystem type supported - by the host operating system. - Ex. "ext4", "xfs". Implicitly - inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely - identifies a Portworx volume - type: string - projected: - description: Items for all in one - resources secrets, configmaps, and - downward API - type: object - required: - - sources - properties: - defaultMode: - description: Mode bits to use - on created files by default. - Must be a value between 0 and - 0777. Directories within the - path are not affected by this - setting. This might be in conflict - with other options that affect - the file mode, like fsGroup, - and the result can be other - mode bits set. - type: integer - format: int32 - sources: - description: list of volume projections - type: array - items: - description: Projection that - may be projected along with - other supported volume types - type: object - properties: - configMap: - description: information - about the configMap data - to project - type: object - properties: - items: - description: If unspecified, - each key-value pair - in the Data field - of the referenced - ConfigMap will be - projected into the - volume as a file whose - name is the key and - content is the value. - If specified, the - listed keys will be - projected into the - specified paths, and - unlisted keys will - not be present. If - a key is specified - which is not present - in the ConfigMap, - the volume setup will - error unless it is - marked optional. Paths - must be relative and - may not contain the - '..' path or start - with '..'. - type: array - items: - description: Maps - a string key to - a path within a - volume. - type: object - required: - - key - - path - properties: - key: - description: The - key to project. - type: string - mode: - description: 'Optional: - mode bits to - use on this - file, must be - a value between - 0 and 0777. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' - type: integer - format: int32 - path: - description: The - relative path - of the file - to map the key - to. May not - be an absolute - path. May not - contain the - path element - '..'. May not - start with the - string '..'. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the ConfigMap - or its keys must be - defined - type: boolean - downwardAPI: - description: information - about the downwardAPI - data to project - type: object - properties: - items: - description: Items is - a list of DownwardAPIVolume - file - type: array - items: - description: DownwardAPIVolumeFile - represents information - to create the file - containing the pod - field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: - Selects a field - of the pod: - only annotations, - labels, name - and namespace - are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version - of the schema - the FieldPath - is written - in terms - of, defaults - to "v1". - type: string - fieldPath: - description: Path - of the field - to select - in the specified - API version. - type: string - mode: - description: 'Optional: - mode bits to - use on this - file, must be - a value between - 0 and 0777. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' - type: integer - format: int32 - path: - description: 'Required: - Path is the - relative path - name of the - file to be created. - Must not be - absolute or - contain the - ''..'' path. - Must be utf-8 - encoded. The - first item of - the relative - path must not - start with ''..''' - type: string - resourceFieldRef: - description: 'Selects - a resource of - the container: - only resources - limits and requests - (limits.cpu, - limits.memory, - requests.cpu - and requests.memory) - are currently - supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container - name: required - for volumes, - optional - for env - vars' - type: string - divisor: - description: Specifies - the output - format of - the exposed - resources, - defaults - to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: - resource - to select' - type: string - secret: - description: information - about the secret data - to project - type: object - properties: - items: - description: If unspecified, - each key-value pair - in the Data field - of the referenced - Secret will be projected - into the volume as - a file whose name - is the key and content - is the value. If specified, - the listed keys will - be projected into - the specified paths, - and unlisted keys - will not be present. - If a key is specified - which is not present - in the Secret, the - volume setup will - error unless it is - marked optional. Paths - must be relative and - may not contain the - '..' path or start - with '..'. - type: array - items: - description: Maps - a string key to - a path within a - volume. - type: object - required: - - key - - path - properties: - key: - description: The - key to project. - type: string - mode: - description: 'Optional: - mode bits to - use on this - file, must be - a value between - 0 and 0777. - If not specified, - the volume defaultMode - will be used. - This might be - in conflict - with other options - that affect - the file mode, - like fsGroup, - and the result - can be other - mode bits set.' - type: integer - format: int32 - path: - description: The - relative path - of the file - to map the key - to. May not - be an absolute - path. May not - contain the - path element - '..'. May not - start with the - string '..'. - type: string - name: - description: 'Name of - the referent. More - info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful - fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify - whether the Secret - or its key must be - defined - type: boolean - serviceAccountToken: - description: information - about the serviceAccountToken - data to project - type: object - required: - - path - properties: - audience: - description: Audience - is the intended audience - of the token. A recipient - of a token must identify - itself with an identifier - specified in the audience - of the token, and - otherwise should reject - the token. The audience - defaults to the identifier - of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds - is the requested duration - of validity of the - service account token. - As the token approaches - expiration, the kubelet - volume plugin will - proactively rotate - the service account - token. The kubelet - will start trying - to rotate the token - if the token is older - than 80 percent of - its time to live or - if the token is older - than 24 hours.Defaults - to 1 hour and must - be at least 10 minutes. - type: integer - format: int64 - path: - description: Path is - the path relative - to the mount point - of the file to project - the token into. - type: string - quobyte: - description: Quobyte represents a - Quobyte mount on the host that shares - a pod's lifetime - type: object - required: - - registry - - volume - properties: - group: - description: Group to map volume - access to Default is no group - type: string - readOnly: - description: ReadOnly here will - force the Quobyte volume to - be mounted with read-only permissions. - Defaults to false. - type: boolean - registry: - description: Registry represents - a single or multiple Quobyte - Registry services specified - as a string as host:port pair - (multiple entries are separated - with commas) which acts as the - central registry for volumes - type: string - tenant: - description: Tenant owning the - given Quobyte volume in the - Backend Used with dynamically - provisioned Quobyte volumes, - value is set by the plugin - type: string - user: - description: User to map volume - access to Defaults to serivceaccount - user - type: string - volume: - description: Volume is a string - that references an already created - Quobyte volume by name. - type: string - rbd: - description: 'RBD represents a Rados - Block Device mount on the host that - shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' - type: object - required: - - image - - monitors - properties: - fsType: - description: 'Filesystem type - of the volume that you want - to mount. Tip: Ensure that the - filesystem type is supported - by the host operating system. - Examples: "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors - in the filesystem from compromising - the machine' - type: string - image: - description: 'The rados image - name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path - to key ring for RBDUser. Default - is /etc/ceph/keyring. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of - Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: array - items: - type: string - pool: - description: 'The rados pool name. - Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will - force the ReadOnly setting in - VolumeMounts. Defaults to false. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name - of the authentication secret - for RBDUser. If provided overrides - keyring. Default is nil. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - user: - description: 'The rados user name. - Default is admin. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - scaleIO: - description: ScaleIO represents a - ScaleIO persistent volume attached - and mounted on Kubernetes nodes. - type: object - required: - - gateway - - secretRef - - system - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Default is "xfs". - type: string - gateway: - description: The host address - of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO - Protection Domain for the configured - storage. - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references - to the secret for ScaleIO user - and other sensitive information. - If this is not provided, Login - operation will fail. - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - sslEnabled: - description: Flag to enable/disable - SSL communication with Gateway, - default false - type: boolean - storageMode: - description: Indicates whether - the storage for a volume should - be ThickProvisioned or ThinProvisioned. - Default is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage - Pool associated with the protection - domain. - type: string - system: - description: The name of the storage - system as configured in ScaleIO. - type: string - volumeName: - description: The name of a volume - already created in the ScaleIO - system that is associated with - this volume source. - type: string - secret: - description: 'Secret represents a - secret that should populate this - volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'Optional: mode bits - to use on created files by default. - Must be a value between 0 and - 0777. Defaults to 0644. Directories - within the path are not affected - by this setting. This might - be in conflict with other options - that affect the file mode, like - fsGroup, and the result can - be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each - key-value pair in the Data field - of the referenced Secret will - be projected into the volume - as a file whose name is the - key and content is the value. - If specified, the listed keys - will be projected into the specified - paths, and unlisted keys will - not be present. If a key is - specified which is not present - in the Secret, the volume setup - will error unless it is marked - optional. Paths must be relative - and may not contain the '..' - path or start with '..'. - type: array - items: - description: Maps a string key - to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to - project. - type: string - mode: - description: 'Optional: - mode bits to use on this - file, must be a value - between 0 and 0777. If - not specified, the volume - defaultMode will be used. - This might be in conflict - with other options that - affect the file mode, - like fsGroup, and the - result can be other mode - bits set.' - type: integer - format: int32 - path: - description: The relative - path of the file to map - the key to. May not be - an absolute path. May - not contain the path element - '..'. May not start with - the string '..'. - type: string - optional: - description: Specify whether the - Secret or its keys must be defined - type: boolean - secretName: - description: 'Name of the secret - in the pod''s namespace to use. - More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - storageos: - description: StorageOS represents - a StorageOS volume attached and - mounted on Kubernetes nodes. - type: object - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - readOnly: - description: Defaults to false - (read/write). ReadOnly here - will force the ReadOnly setting - in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies - the secret to use for obtaining - the StorageOS API credentials. If - not specified, default values - will be attempted. - type: object - properties: - name: - description: 'Name of the - referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. - apiVersion, kind, uid?' - type: string - volumeName: - description: VolumeName is the - human-readable name of the StorageOS - volume. Volume names are only - unique within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies - the scope of the volume within - StorageOS. If no namespace - is specified then the Pod's - namespace will be used. This - allows the Kubernetes name scoping - to be mirrored within StorageOS - for tighter integration. Set - VolumeName to any name to override - the default behaviour. Set to - "default" if you are not using - namespaces within StorageOS. - Namespaces that do not pre-exist - within StorageOS will be created. - type: string - vsphereVolume: - description: VsphereVolume represents - a vSphere volume attached and mounted - on kubelets host machine - type: object - required: - - volumePath - properties: - fsType: - description: Filesystem type to - mount. Must be a filesystem - type supported by the host operating - system. Ex. "ext4", "xfs", "ntfs". - Implicitly inferred to be "ext4" - if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based - Management (SPBM) profile ID - associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based - Management (SPBM) profile name. - type: string - volumePath: - description: Path that identifies - vSphere volume vmdk - type: string - permissions: - type: array - items: - description: StrategyDeploymentPermissions describe the - rbac rules and service account needed by the install strategy - type: object - required: - - rules - - serviceAccountName - properties: - rules: - type: array - items: - description: PolicyRule holds information that describes - a policy rule, but does not contain information - about who the rule applies to or which namespace - the rule applies to. - type: object - required: - - verbs - properties: - apiGroups: - description: APIGroups is the name of the APIGroup - that contains the resources. If multiple API - groups are specified, any action requested against - one of the enumerated resources in any API group - will be allowed. - type: array - items: - type: string - nonResourceURLs: - description: NonResourceURLs is a set of partial - urls that a user should have access to. *s - are allowed, but only as the full, final step - in the path Since non-resource URLs are not - namespaced, this field is only applicable for - ClusterRoles referenced from a ClusterRoleBinding. - Rules can either apply to API resources (such - as "pods" or "secrets") or non-resource URL - paths (such as "/api"), but not both. - type: array - items: - type: string - resourceNames: - description: ResourceNames is an optional white - list of names that the rule applies to. An - empty set means that everything is allowed. - type: array - items: - type: string - resources: - description: Resources is a list of resources - this rule applies to. ResourceAll represents - all resources. - type: array - items: - type: string - verbs: - description: Verbs is a list of Verbs that apply - to ALL the ResourceKinds and AttributeRestrictions - contained in this rule. VerbAll represents - all kinds. - type: array - items: - type: string - serviceAccountName: - type: string - strategy: - type: string - installModes: - description: InstallModes specify supported installation types - type: array - items: - description: InstallMode associates an InstallModeType with a flag - representing if the CSV supports it - type: object - required: - - supported - - type - properties: - supported: - type: boolean - type: - description: InstallModeType is a supported type of install - mode for CSV installation - type: string - keywords: - type: array - items: - type: string - labels: - description: Map of string keys and values that can be used to organize - and categorize (scope and select) objects. - type: object - additionalProperties: - type: string - links: - type: array - items: - type: object - properties: - name: - type: string - url: - type: string - maintainers: - type: array - items: - type: object - properties: - email: - type: string - name: - type: string - maturity: - type: string - minKubeVersion: - type: string - nativeAPIs: - type: array - items: - description: GroupVersionKind unambiguously identifies a kind. It - doesn't anonymously include GroupVersion to avoid automatic coersion. It - doesn't use a GroupVersion to avoid custom marshalling - type: object - required: - - group - - kind - - version - properties: - group: - type: string - kind: - type: string - version: - type: string - provider: - type: object - properties: - name: - type: string - url: - type: string - replaces: - description: The name of a CSV this one replaces. Should match the - `metadata.Name` field of the old CSV. - type: string - selector: - description: Label selector for related resources. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - version: - description: OperatorVersion is a wrapper around semver.Version which - supports correct marshaling to YAML and JSON. - type: string - webhookdefinitions: - type: array - items: - description: WebhookDescription provides details to OLM about required - webhooks - type: object - required: - - admissionReviewVersions - - generateName - - sideEffects - - type - properties: - admissionReviewVersions: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - default: 443 - maximum: 65535 - minimum: 1 - conversionCRDs: - type: array - items: - type: string - deploymentName: - type: string - failurePolicy: - type: string - generateName: - type: string - matchPolicy: - description: MatchPolicyType specifies the type of match policy - type: string - objectSelector: - description: A label selector is a label query over a set of - resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. A - null label selector matches no objects. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - reinvocationPolicy: - description: ReinvocationPolicyType specifies what type of policy - the admission hook uses. - type: string - rules: - type: array - items: - description: RuleWithOperations is a tuple of Operations and - Resources. It is recommended to make sure that all the tuple - expansions are valid. - type: object - properties: - apiGroups: - description: APIGroups is the API groups the resources - belong to. '*' is all groups. If '*' is present, the - length of the slice must be one. Required. - type: array - items: - type: string - apiVersions: - description: APIVersions is the API versions the resources - belong to. '*' is all versions. If '*' is present, the - length of the slice must be one. Required. - type: array - items: - type: string - operations: - description: Operations is the operations the admission - hook cares about - CREATE, UPDATE, or * for all operations. - If '*' is present, the length of the slice must be one. - Required. - type: array - items: - type: string - resources: - description: "Resources is a list of resources this rule - applies to. \n For example: 'pods' means pods. 'pods/log' - means the log subresource of pods. '*' means all resources, - but not subresources. 'pods/*' means all subresources - of pods. '*/scale' means all scale subresources. '*/*' - means all resources and their subresources. \n If wildcard - is present, the validation rule will ensure resources - do not overlap with each other. \n Depending on the - enclosing object, subresources might not be allowed. - Required." - type: array - items: - type: string - scope: - description: scope specifies the scope of this rule. Valid - values are "Cluster", "Namespaced", and "*" "Cluster" - means that only cluster-scoped resources will match - this rule. Namespace API objects are cluster-scoped. - "Namespaced" means that only namespaced resources will - match this rule. "*" means that there are no scope restrictions. - Subresources match the scope of their parent resource. - Default is "*". - type: string - sideEffects: - type: string - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - type: integer - format: int32 - type: - description: WebhookAdmissionType is the type of admission webhooks - supported by OLM - type: string - enum: - - ValidatingAdmissionWebhook - - MutatingAdmissionWebhook - - ConversionWebhook - webhookPath: - type: string - status: - description: ClusterServiceVersionStatus represents information about - the status of a pod. Status may trail the actual state of a system. - type: object - properties: - certsLastUpdated: - description: Last time the owned APIService certs were updated - type: string - format: date-time - certsRotateAt: - description: Time the owned APIService certs will rotate next - type: string - format: date-time - conditions: - description: List of conditions, a history of state transitions - type: array - items: - description: Conditions appear in the status as a record of state - transitions on the ClusterServiceVersion - type: object - properties: - lastTransitionTime: - description: Last time the status transitioned from one status - to another. - type: string - format: date-time - lastUpdateTime: - description: Last time we updated the status - type: string - format: date-time - message: - description: A human readable message indicating details about - why the ClusterServiceVersion is in this condition. - type: string - phase: - description: Condition of the ClusterServiceVersion - type: string - reason: - description: A brief CamelCase message indicating details about - why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' - type: string - lastTransitionTime: - description: Last time the status transitioned from one status to - another. - type: string - format: date-time - lastUpdateTime: - description: Last time we updated the status - type: string - format: date-time - message: - description: A human readable message indicating details about why - the ClusterServiceVersion is in this condition. - type: string - phase: - description: Current condition of the ClusterServiceVersion - type: string - reason: - description: A brief CamelCase message indicating details about why - the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' - type: string - requirementStatus: - description: The status of each requirement for this CSV - type: array - items: - type: object - required: - - group - - kind - - message - - name - - status - - version - properties: - dependents: - type: array - items: - description: DependentStatus is the status for a dependent - requirement (to prevent infinite nesting) - type: object - required: - - group - - kind - - status - - version - properties: - group: - type: string - kind: - type: string - message: - type: string - status: - description: StatusReason is a camelcased reason for the - status of a RequirementStatus or DependentStatus - type: string - uuid: - type: string - version: - type: string - group: - type: string - kind: - type: string - message: - type: string - name: - type: string - status: - description: StatusReason is a camelcased reason for the status - of a RequirementStatus or DependentStatus - type: string - uuid: - type: string - version: - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-installplans.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-installplans.crd.yaml deleted file mode 100644 index eff28c1f93..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-installplans.crd.yaml +++ /dev/null @@ -1,306 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-installplans.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: installplans.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: InstallPlan - listKind: InstallPlanList - plural: installplans - shortNames: - - ip - singular: installplan - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The first CSV in the list of clusterServiceVersionNames - jsonPath: .spec.clusterServiceVersionNames[0] - name: CSV - type: string - - description: The approval mode - jsonPath: .spec.approval - name: Approval - type: string - - jsonPath: .spec.approved - name: Approved - type: boolean - name: v1alpha1 - schema: - openAPIV3Schema: - description: InstallPlan defines the installation of a set of operators. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: InstallPlanSpec defines a set of Application resources to - be installed - type: object - required: - - approval - - approved - - clusterServiceVersionNames - properties: - approval: - description: Approval is the user approval policy for an InstallPlan. - It must be one of "Automatic" or "Manual". - type: string - approved: - type: boolean - clusterServiceVersionNames: - type: array - items: - type: string - generation: - type: integer - source: - type: string - sourceNamespace: - type: string - status: - description: "InstallPlanStatus represents the information about the status - of steps required to complete installation. \n Status may trail the - actual state of a system." - type: object - required: - - catalogSources - - phase - properties: - attenuatedServiceAccountRef: - description: AttenuatedServiceAccountRef references the service account - that is used to do scoped operator install. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - bundleLookups: - description: BundleLookups is the set of in-progress requests to pull - and unpackage bundle content to the cluster. - type: array - items: - description: BundleLookup is a request to pull and unpackage the - content of a bundle to the cluster. - type: object - required: - - catalogSourceRef - - identifier - - path - - replaces - properties: - catalogSourceRef: - description: CatalogSourceRef is a reference to the CatalogSource - the bundle path was resolved from. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container - within a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that - triggered the event) or if no container name is specified - "spec.containers[2]" (container with index 2 in this pod). - This syntax is chosen only to have some well-defined way - of referencing a part of an object. TODO: this design - is not final and this field is subject to change in the - future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - conditions: - description: Conditions represents the overall state of a BundleLookup. - type: array - items: - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: Last time the condition transitioned from - one status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time the condition was probed. - type: string - format: date-time - message: - description: A human readable message indicating details - about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, - Unknown. - type: string - type: - description: Type of condition. - type: string - identifier: - description: Identifier is the catalog-unique name of the operator - (the name of the CSV for bundles that contain CSVs) - type: string - path: - description: Path refers to the location of a bundle to pull. - It's typically an image reference. - type: string - properties: - description: The effective properties of the unpacked bundle. - type: string - replaces: - description: Replaces is the name of the bundle to replace with - the one found at Path. - type: string - catalogSources: - type: array - items: - type: string - conditions: - type: array - items: - description: InstallPlanCondition represents the overall status - of the execution of an InstallPlan. - type: object - properties: - lastTransitionTime: - type: string - format: date-time - lastUpdateTime: - type: string - format: date-time - message: - type: string - reason: - description: ConditionReason is a camelcased reason for the - state transition. - type: string - status: - type: string - type: - description: InstallPlanConditionType describes the state of - an InstallPlan at a certain point as a whole. - type: string - phase: - description: InstallPlanPhase is the current status of a InstallPlan - as a whole. - type: string - plan: - type: array - items: - description: Step represents the status of an individual step in - an InstallPlan. - type: object - required: - - resolving - - resource - - status - properties: - resolving: - type: string - resource: - description: StepResource represents the status of a resource - to be tracked by an InstallPlan. - type: object - required: - - group - - kind - - name - - sourceName - - sourceNamespace - - version - properties: - group: - type: string - kind: - type: string - manifest: - type: string - name: - type: string - sourceName: - type: string - sourceNamespace: - type: string - version: - type: string - status: - description: StepStatus is the current status of a particular - resource an in InstallPlan - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-namespace.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-namespace.yaml deleted file mode 100644 index 13917074d8..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-namespace.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: olm ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: operators diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-operatorgroups.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-operatorgroups.crd.yaml deleted file mode 100644 index f3116f6b54..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-operatorgroups.crd.yaml +++ /dev/null @@ -1,307 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-operatorgroups.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: operatorgroups.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: OperatorGroup - listKind: OperatorGroupList - plural: operatorgroups - shortNames: - - og - singular: operatorgroup - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: OperatorGroup is the unit of multitenancy for OLM managed operators. - It constrains the installation of operators in its namespace to a specified - set of target namespaces. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorGroupSpec is the spec for an OperatorGroup resource. - type: object - properties: - selector: - description: Selector selects the OperatorGroup's target namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - serviceAccountName: - description: ServiceAccountName is the admin specified service account - which will be used to deploy operator(s) in this operator group. - type: string - staticProvidedAPIs: - description: Static tells OLM not to update the OperatorGroup's providedAPIs - annotation - type: boolean - targetNamespaces: - description: TargetNamespaces is an explicit set of namespaces to - target. If it is set, Selector is ignored. - type: array - items: - type: string - x-kubernetes-list-type: set - status: - description: OperatorGroupStatus is the status for an OperatorGroupResource. - type: object - required: - - lastUpdated - properties: - lastUpdated: - description: LastUpdated is a timestamp of the last time the OperatorGroup's - status was Updated. - type: string - format: date-time - namespaces: - description: Namespaces is the set of target namespaces for the OperatorGroup. - type: array - items: - type: string - x-kubernetes-list-type: set - serviceAccountRef: - description: ServiceAccountRef references the service account object - specified. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: true - subresources: - status: {} - - name: v1alpha2 - schema: - openAPIV3Schema: - description: OperatorGroup is the unit of multitenancy for OLM managed operators. - It constrains the installation of operators in its namespace to a specified - set of target namespaces. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorGroupSpec is the spec for an OperatorGroup resource. - type: object - properties: - selector: - description: Selector selects the OperatorGroup's target namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - serviceAccountName: - description: ServiceAccountName is the admin specified service account - which will be used to deploy operator(s) in this operator group. - type: string - staticProvidedAPIs: - description: Static tells OLM not to update the OperatorGroup's providedAPIs - annotation - type: boolean - targetNamespaces: - description: TargetNamespaces is an explicit set of namespaces to - target. If it is set, Selector is ignored. - type: array - items: - type: string - status: - description: OperatorGroupStatus is the status for an OperatorGroupResource. - type: object - required: - - lastUpdated - properties: - lastUpdated: - description: LastUpdated is a timestamp of the last time the OperatorGroup's - status was Updated. - type: string - format: date-time - namespaces: - description: Namespaces is the set of target namespaces for the OperatorGroup. - type: array - items: - type: string - serviceAccountRef: - description: ServiceAccountRef references the service account object - specified. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: false - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-operators.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-operators.crd.yaml deleted file mode 100644 index fe38703d5c..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-operators.crd.yaml +++ /dev/null @@ -1,179 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-operators.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: operators.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: Operator - listKind: OperatorList - plural: operators - singular: operator - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Operator represents a cluster operator. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorSpec defines the desired state of Operator - type: object - status: - description: OperatorStatus defines the observed state of an Operator - and its components - type: object - properties: - components: - description: Components describes resources that compose the operator. - type: object - required: - - labelSelector - properties: - labelSelector: - description: LabelSelector is a label query over a set of resources - used to select the operator's components - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - refs: - description: Refs are a set of references to the operator's component - resources, selected with LabelSelector. - type: array - items: - description: RichReference is a reference to a resource, enriched - with its status conditions. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - conditions: - description: Conditions represents the latest state of the - component. - type: array - items: - description: Condition represent the latest available - observations of an component's state. - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: Last time the condition transitioned - from one status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time the condition was probed - type: string - format: date-time - message: - description: A human readable message indicating details - about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, - False, Unknown. - type: string - type: - description: Type of condition. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container - within a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that - triggered the event) or if no container name is specified - "spec.containers[2]" (container with index 2 in this pod). - This syntax is chosen only to have some well-defined way - of referencing a part of an object. TODO: this design - is not final and this field is subject to change in the - future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-subscriptions.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-subscriptions.crd.yaml deleted file mode 100644 index 67a4a546fb..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_00-subscriptions.crd.yaml +++ /dev/null @@ -1,1837 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-subscriptions.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.3.0 - creationTimestamp: null - name: subscriptions.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: Subscription - listKind: SubscriptionList - plural: subscriptions - shortNames: - - sub - - subs - singular: subscription - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The package subscribed to - jsonPath: .spec.name - name: Package - type: string - - description: The catalog source for the specified package - jsonPath: .spec.source - name: Source - type: string - - description: The channel of updates to subscribe to - jsonPath: .spec.channel - name: Channel - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Subscription keeps operators up to date by tracking changes to - Catalogs. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: SubscriptionSpec defines an Application that can be installed - type: object - required: - - name - - source - - sourceNamespace - properties: - channel: - type: string - config: - description: SubscriptionConfig contains configuration specified for - a subscription. - type: object - properties: - env: - description: Env is a list of environment variables to set in - the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present - in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, metadata.labels, metadata.annotations, - spec.nodeName, spec.serviceAccountName, status.hostIP, - status.podIP, status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - envFrom: - description: EnvFrom is a list of sources to populate environment - variables in the container. The keys defined within a source - must be a C_IDENTIFIER. All invalid keys will be reported as - an event when the container is starting. When a key exists in - multiple sources, the value associated with the last source - will take precedence. Values defined by an Env with a duplicate - key will take precedence. Immutable. - type: array - items: - description: EnvFromSource represents the source of a set of - ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - nodeSelector: - description: 'NodeSelector is a selector which must be true for - the pod to fit on a node. Selector which must match a node''s - labels for the pod to be scheduled on that node. More info: - https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - resources: - description: 'Resources represents compute resources required - by this container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - selector: - description: Selector is the label selector for pods to be configured. - Existing ReplicaSets whose pods are selected by this will be - the ones affected by this deployment. It must match the pod - template's labels. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - tolerations: - description: Tolerations are the pod's tolerations. - type: array - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - type: object - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - volumeMounts: - description: List of VolumeMounts to set in the container. - type: array - items: - description: VolumeMount describes a mounting of a Volume within - a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationNone is used. This - field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which - the container's volume should be mounted. Behaves similarly - to SubPath but environment variable references $(VAR_NAME) - are expanded using the container's environment. Defaults - to "" (volume's root). SubPathExpr and SubPath are mutually - exclusive. - type: string - volumes: - description: List of Volumes to set in the podSpec. - type: array - items: - description: Volume represents a named volume in a pod that - may be accessed by any container in the pod. - type: object - required: - - name - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk - resource that is attached to a kubelet''s host machine - and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property - empty).' - type: integer - format: int32 - readOnly: - description: 'Specify "true" to force and set the ReadOnly - property in VolumeMounts to "true". If omitted, the - default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource - in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - azureDisk: - description: AzureDisk represents an Azure Data Disk mount - on the host and bind mount to the pod. - type: object - required: - - diskName - - diskURI - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read - Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob - disks per storage account Dedicated: single blob - disk per storage account Managed: azure managed data - disk (only in managed availability set). defaults - to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - azureFile: - description: AzureFile represents an Azure File Service - mount on the host and bind mount to the pod. - type: object - required: - - secretName - - shareName - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure - Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - cephfs: - description: CephFS represents a Ceph FS mount on the host - that shares a pod's lifetime - type: object - required: - - monitors - properties: - monitors: - description: 'Required: Monitors is a collection of - Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: array - items: - type: string - path: - description: 'Optional: Used as the mounted root, rather - than the full Ceph tree, default is /' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key - ring for User, default is /etc/ceph/user.secret More - info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef is reference to the - authentication secret for User, default is empty. - More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - user: - description: 'Optional: User is the rados user name, - default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - cinder: - description: 'Cinder represents a cinder volume attached - and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts. - More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing - parameters used to connect to OpenStack.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - volumeID: - description: 'volume id used to identify the volume - in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - configMap: - description: ConfigMap represents a configMap that should - populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in - the Data field of the referenced ConfigMap will be - projected into the volume as a file whose name is - the key and content is the value. If specified, the - listed keys will be projected into the specified paths, - and unlisted keys will not be present. If a key is - specified which is not present in the ConfigMap, the - volume setup will error unless it is marked optional. - Paths must be relative and may not contain the '..' - path or start with '..'. - type: array - items: - description: Maps a string key to a path within a - volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to - map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys - must be defined - type: boolean - csi: - description: CSI (Container Storage Interface) represents - storage that is handled by an external CSI driver (Alpha - feature). - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the CSI driver that - handles this volume. Consult with your admin for the - correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", - "ntfs". If not provided, the empty value is passed - to the associated CSI driver which will determine - the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to - the secret object containing sensitive information - to pass to the CSI driver to complete the CSI NodePublishVolume - and NodeUnpublishVolume calls. This field is optional, - and may be empty if no secret is required. If the - secret object contains more than one secret, all secret - references are passed. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - readOnly: - description: Specifies a read-only configuration for - the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - description: VolumeAttributes stores driver-specific - properties that are passed to the CSI driver. Consult - your driver's documentation for supported values. - type: object - additionalProperties: - type: string - downwardAPI: - description: DownwardAPI represents downward API about the - pod that should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: Items is a list of downward API volume - file - type: array - items: - description: DownwardAPIVolumeFile represents information - to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the - pod: only annotations, labels, name and namespace - are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in - the specified API version. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative - path name of the file to be created. Must not - be absolute or contain the ''..'' path. Must - be utf-8 encoded. The first item of the relative - path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: - only resources limits and requests (limits.cpu, - limits.memory, requests.cpu and requests.memory) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for - volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of - the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - emptyDir: - description: 'EmptyDir represents a temporary directory - that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: object - properties: - medium: - description: 'What type of storage medium should back - this directory. The default is "" which means to use - the node''s default medium. Must be an empty string - (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required - for this EmptyDir volume. The size limit is also applicable - for memory medium. The maximum usage on memory medium - EmptyDir would be the minimum value between the SizeLimit - specified here and the sum of memory limits of all - containers in a pod. The default is nil which means - that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - fc: - description: FC represents a Fibre Channel resource that - is attached to a kubelet's host machine and then exposed - to the pod. - type: object - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. TODO: how do we prevent errors in the - filesystem from compromising the machine' - type: string - lun: - description: 'Optional: FC target lun number' - type: integer - format: int32 - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - type: array - items: - type: string - wwids: - description: 'Optional: FC volume world wide identifiers - (wwids) Either wwids or combination of targetWWNs - and lun must be set, but not both simultaneously.' - type: array - items: - type: string - flexVolume: - description: FlexVolume represents a generic volume resource - that is provisioned/attached using an exec based plugin. - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the driver to use - for this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". The default filesystem depends on FlexVolume - script. - type: string - options: - description: 'Optional: Extra command options if any.' - type: object - additionalProperties: - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). - ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the - secret object containing sensitive information to - pass to the plugin scripts. This may be empty if no - secret object is specified. If the secret object contains - more than one secret, all secrets are passed to the - plugin scripts.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - flocker: - description: Flocker represents a Flocker volume attached - to a kubelet's host machine. This depends on the Flocker - control service being running - type: object - properties: - datasetName: - description: Name of the dataset stored as metadata - -> name on the dataset for Flocker should be considered - as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier - of a Flocker dataset - type: string - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource - that is attached to a kubelet''s host machine and then - exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: object - required: - - pdName - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want - to mount. If omitted, the default is to mount by volume - name. Examples: For volume /dev/sda1, you specify - the partition as "1". Similarly, the volume partition - for /dev/sda is "0" (or you can leave the property - empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: integer - format: int32 - pdName: - description: 'Unique name of the PD resource in GCE. - Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - gitRepo: - description: 'GitRepo represents a git repository at a particular - revision. DEPRECATED: GitRepo is deprecated. To provision - a container with a git repo, mount an EmptyDir into an - InitContainer that clones the repo using git, then mount - the EmptyDir into the Pod''s container.' - type: object - required: - - repository - properties: - directory: - description: Target directory name. Must not contain - or start with '..'. If '.' is supplied, the volume - directory will be the git repository. Otherwise, - if specified, the volume will contain the git repository - in the subdirectory with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on - the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - type: object - required: - - endpoints - - path - properties: - endpoints: - description: 'EndpointsName is the endpoint name that - details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More - info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs - volume to be mounted with read-only permissions. Defaults - to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - hostPath: - description: 'HostPath represents a pre-existing file or - directory on the host machine that is directly exposed - to the container. This is generally used for system agents - or other privileged things that are allowed to see the - host machine. Most containers will NOT need this. More - info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath - --- TODO(jonesdl) We need to restrict who can use host - directory mounts and who can/can not mount host directories - as read/write.' - type: object - required: - - path - properties: - path: - description: 'Path of the directory on the host. If - the path is a symlink, it will follow the link to - the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" - More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that - is attached to a kubelet''s host machine and then exposed - to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - type: object - required: - - iqn - - lun - - targetPortal - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName - is specified with iscsiInterface simultaneously, new - iSCSI interface : will - be created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI - transport. Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - type: integer - format: int32 - portals: - description: iSCSI Target Portal List. The portal is - either an IP or ip_addr:port if the port is other - than default (typically TCP ports 860 and 3260). - type: array - items: - type: string - readOnly: - description: ReadOnly here will force the ReadOnly setting - in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator - authentication - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - targetPortal: - description: iSCSI Target Portal. The Portal is either - an IP or ip_addr:port if the port is other than default - (typically TCP ports 860 and 3260). - type: string - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique - within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that - shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: object - required: - - path - - server - properties: - path: - description: 'Path that is exported by the NFS server. - More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export - to be mounted with read-only permissions. Defaults - to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of - the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents - a reference to a PersistentVolumeClaim in the same namespace. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: object - required: - - claimName - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim - in the same namespace as the pod using this volume. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. - Default false. - type: boolean - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController - persistent disk attached and mounted on kubelets host - machine - type: object - required: - - pdID - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent - disk - type: string - portworxVolume: - description: PortworxVolume represents a portworx volume - attached and mounted on kubelets host machine - type: object - required: - - volumeID - properties: - fsType: - description: FSType represents the filesystem type to - mount Must be a filesystem type supported by the host - operating system. Ex. "ext4", "xfs". Implicitly inferred - to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx - volume - type: string - projected: - description: Items for all in one resources secrets, configmaps, - and downward API - type: object - required: - - sources - properties: - defaultMode: - description: Mode bits to use on created files by default. - Must be a value between 0 and 0777. Directories within - the path are not affected by this setting. This might - be in conflict with other options that affect the - file mode, like fsGroup, and the result can be other - mode bits set. - type: integer - format: int32 - sources: - description: list of volume projections - type: array - items: - description: Projection that may be projected along - with other supported volume types - type: object - properties: - configMap: - description: information about the configMap data - to project - type: object - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced - ConfigMap will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the ConfigMap, the volume setup will - error unless it is marked optional. Paths - must be relative and may not contain the - '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path - within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap - or its keys must be defined - type: boolean - downwardAPI: - description: information about the downwardAPI - data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume - file - type: array - items: - description: DownwardAPIVolumeFile represents - information to create the file containing - the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field - of the pod: only annotations, labels, - name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema - the FieldPath is written in terms - of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to - select in the specified API version. - type: string - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the - relative path name of the file to - be created. Must not be absolute or - contain the ''..'' path. Must be utf-8 - encoded. The first item of the relative - path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of - the container: only resources limits - and requests (limits.cpu, limits.memory, - requests.cpu and requests.memory) - are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required - for volumes, optional for env - vars' - type: string - divisor: - description: Specifies the output - format of the exposed resources, - defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource - to select' - type: string - secret: - description: information about the secret data - to project - type: object - properties: - items: - description: If unspecified, each key-value - pair in the Data field of the referenced - Secret will be projected into the volume - as a file whose name is the key and content - is the value. If specified, the listed keys - will be projected into the specified paths, - and unlisted keys will not be present. If - a key is specified which is not present - in the Secret, the volume setup will error - unless it is marked optional. Paths must - be relative and may not contain the '..' - path or start with '..'. - type: array - items: - description: Maps a string key to a path - within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to - use on this file, must be a value - between 0 and 0777. If not specified, - the volume defaultMode will be used. - This might be in conflict with other - options that affect the file mode, - like fsGroup, and the result can be - other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the - file to map the key to. May not be - an absolute path. May not contain - the path element '..'. May not start - with the string '..'. - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, - kind, uid?' - type: string - optional: - description: Specify whether the Secret or - its key must be defined - type: boolean - serviceAccountToken: - description: information about the serviceAccountToken - data to project - type: object - required: - - path - properties: - audience: - description: Audience is the intended audience - of the token. A recipient of a token must - identify itself with an identifier specified - in the audience of the token, and otherwise - should reject the token. The audience defaults - to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested - duration of validity of the service account - token. As the token approaches expiration, - the kubelet volume plugin will proactively - rotate the service account token. The kubelet - will start trying to rotate the token if - the token is older than 80 percent of its - time to live or if the token is older than - 24 hours.Defaults to 1 hour and must be - at least 10 minutes. - type: integer - format: int64 - path: - description: Path is the path relative to - the mount point of the file to project the - token into. - type: string - quobyte: - description: Quobyte represents a Quobyte mount on the host - that shares a pod's lifetime - type: object - required: - - registry - - volume - properties: - group: - description: Group to map volume access to Default is - no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume - to be mounted with read-only permissions. Defaults - to false. - type: boolean - registry: - description: Registry represents a single or multiple - Quobyte Registry services specified as a string as - host:port pair (multiple entries are separated with - commas) which acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume - in the Backend Used with dynamically provisioned Quobyte - volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to - serivceaccount user - type: string - volume: - description: Volume is a string that references an already - created Quobyte volume by name. - type: string - rbd: - description: 'RBD represents a Rados Block Device mount - on the host that shares a pod''s lifetime. More info: - https://examples.k8s.io/volumes/rbd/README.md' - type: object - required: - - image - - monitors - properties: - fsType: - description: 'Filesystem type of the volume that you - want to mount. Tip: Ensure that the filesystem type - is supported by the host operating system. Examples: - "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" - if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd - TODO: how do we prevent errors in the filesystem from - compromising the machine' - type: string - image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. - Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: array - items: - type: string - pool: - description: 'The rados pool name. Default is rbd. More - info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly - setting in VolumeMounts. Defaults to false. More info: - https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication - secret for RBDUser. If provided overrides keyring. - Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - user: - description: 'The rados user name. Default is admin. - More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume - attached and mounted on Kubernetes nodes. - type: object - required: - - gateway - - secretRef - - system - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain - for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for - ScaleIO user and other sensitive information. If this - is not provided, Login operation will fail. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - sslEnabled: - description: Flag to enable/disable SSL communication - with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume - should be ThickProvisioned or ThinProvisioned. Default - is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with - the protection domain. - type: string - system: - description: The name of the storage system as configured - in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in - the ScaleIO system that is associated with this volume - source. - type: string - secret: - description: 'Secret represents a secret that should populate - this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created - files by default. Must be a value between 0 and 0777. - Defaults to 0644. Directories within the path are - not affected by this setting. This might be in conflict - with other options that affect the file mode, like - fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in - the Data field of the referenced Secret will be projected - into the volume as a file whose name is the key and - content is the value. If specified, the listed keys - will be projected into the specified paths, and unlisted - keys will not be present. If a key is specified which - is not present in the Secret, the volume setup will - error unless it is marked optional. Paths must be - relative and may not contain the '..' path or start - with '..'. - type: array - items: - description: Maps a string key to a path within a - volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits to use on this - file, must be a value between 0 and 0777. If - not specified, the volume defaultMode will be - used. This might be in conflict with other options - that affect the file mode, like fsGroup, and - the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to - map the key to. May not be an absolute path. - May not contain the path element '..'. May not - start with the string '..'. - type: string - optional: - description: Specify whether the Secret or its keys - must be defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace - to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - storageos: - description: StorageOS represents a StorageOS volume attached - and mounted on Kubernetes nodes. - type: object - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly - here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for - obtaining the StorageOS API credentials. If not specified, - default values will be attempted. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - volumeName: - description: VolumeName is the human-readable name of - the StorageOS volume. Volume names are only unique - within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of - the volume within StorageOS. If no namespace is specified - then the Pod's namespace will be used. This allows - the Kubernetes name scoping to be mirrored within - StorageOS for tighter integration. Set VolumeName - to any name to override the default behaviour. Set - to "default" if you are not using namespaces within - StorageOS. Namespaces that do not pre-exist within - StorageOS will be created. - type: string - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached - and mounted on kubelets host machine - type: object - required: - - volumePath - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem - type supported by the host operating system. Ex. "ext4", - "xfs", "ntfs". Implicitly inferred to be "ext4" if - unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) - profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) - profile name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - installPlanApproval: - description: Approval is the user approval policy for an InstallPlan. - It must be one of "Automatic" or "Manual". - type: string - name: - type: string - source: - type: string - sourceNamespace: - type: string - startingCSV: - type: string - status: - type: object - required: - - lastUpdated - properties: - catalogHealth: - description: CatalogHealth contains the Subscription's view of its - relevant CatalogSources' status. It is used to determine SubscriptionStatusConditions - related to CatalogSources. - type: array - items: - description: SubscriptionCatalogHealth describes the health of a - CatalogSource the Subscription knows about. - type: object - required: - - catalogSourceRef - - healthy - - lastUpdated - properties: - catalogSourceRef: - description: CatalogSourceRef is a reference to a CatalogSource. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container - within a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that - triggered the event) or if no container name is specified - "spec.containers[2]" (container with index 2 in this pod). - This syntax is chosen only to have some well-defined way - of referencing a part of an object. TODO: this design - is not final and this field is subject to change in the - future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - healthy: - description: Healthy is true if the CatalogSource is healthy; - false otherwise. - type: boolean - lastUpdated: - description: LastUpdated represents the last time that the CatalogSourceHealth - changed - type: string - format: date-time - conditions: - description: Conditions is a list of the latest available observations - about a Subscription's current state. - type: array - items: - description: SubscriptionCondition represents the latest available - observations of a Subscription's state. - type: object - required: - - status - - type - properties: - lastHeartbeatTime: - description: LastHeartbeatTime is the last time we got an update - on a given condition - type: string - format: date-time - lastTransitionTime: - description: LastTransitionTime is the last time the condition - transit from one status to another - type: string - format: date-time - message: - description: Message is a human-readable message indicating - details about last transition. - type: string - reason: - description: Reason is a one-word CamelCase reason for the condition's - last transition. - type: string - status: - description: Status is the status of the condition, one of True, - False, Unknown. - type: string - type: - description: Type is the type of Subscription condition. - type: string - currentCSV: - description: CurrentCSV is the CSV the Subscription is progressing - to. - type: string - installPlanGeneration: - description: InstallPlanGeneration is the current generation of the - installplan - type: integer - installPlanRef: - description: InstallPlanRef is a reference to the latest InstallPlan - that contains the Subscription's current CSV. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - installedCSV: - description: InstalledCSV is the CSV currently installed by the Subscription. - type: string - installplan: - description: 'Install is a reference to the latest InstallPlan generated - for the Subscription. DEPRECATED: InstallPlanRef' - type: object - required: - - apiVersion - - kind - - name - - uuid - properties: - apiVersion: - type: string - kind: - type: string - name: - type: string - uuid: - description: UID is a type that holds unique ID values, including - UUIDs. Because we don't ONLY use UUIDs, this is an alias to - string. Being a type captures intent and helps make sure that - UIDs and names do not get conflated. - type: string - lastUpdated: - description: LastUpdated represents the last time that the Subscription - status was updated. - type: string - format: date-time - reason: - description: Reason is the reason the Subscription was transitioned - to its current state. - type: string - state: - description: State represents the current state of the Subscription - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_01-olm-operator.serviceaccount.yaml deleted file mode 100644 index e21d33d03d..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: olm ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-olm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_07-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_07-olm-operator.deployment.yaml deleted file mode 100644 index 99440099d3..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_07-olm-operator.deployment.yaml +++ /dev/null @@ -1,63 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_07-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: olm - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - args: - - --namespace - - $(OPERATOR_NAMESPACE) - - --writeStatusName - - "" - image: quay.io/operator-framework/olm@sha256:de396b540b82219812061d0d753440d5655250c621c753ed1dc67d6154741607 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator - resources: - requests: - cpu: 10m - memory: 160Mi - - - nodeSelector: - kubernetes.io/os: linux diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_08-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_08-catalog-operator.deployment.yaml deleted file mode 100644 index 97bd8042d1..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_08-catalog-operator.deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_08-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: olm - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - args: - - '-namespace' - - olm - - -configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest - - -util-image - - quay.io/operator-framework/olm@sha256:de396b540b82219812061d0d753440d5655250c621c753ed1dc67d6154741607 - image: quay.io/operator-framework/olm@sha256:de396b540b82219812061d0d753440d5655250c621c753ed1dc67d6154741607 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - resources: - requests: - cpu: 10m - memory: 80Mi - - - nodeSelector: - kubernetes.io/os: linux diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_09-aggregated.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_09-aggregated.clusterrole.yaml deleted file mode 100644 index e7aa0af341..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_09-aggregated.clusterrole.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["subscriptions"] - verbs: ["create", "update", "patch", "delete"] -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] - verbs: ["delete"] ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "admin", "edit" and "view" default roles - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "operatorgroups"] - verbs: ["get", "list", "watch"] -- apiGroups: ["packages.operators.coreos.com"] - resources: ["packagemanifests", "packagemanifests/icon"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_13-operatorgroup-default.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_13-operatorgroup-default.yaml deleted file mode 100644 index 56f5bca2bd..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_13-operatorgroup-default.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: global-operators - namespace: operators ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: olm-operators - namespace: olm -spec: - targetNamespaces: - - olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml deleted file mode 100644 index 8f0480b6c6..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml +++ /dev/null @@ -1,132 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_15-packageserver.clusterserviceversion.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - name: packageserver - namespace: olm - labels: - olm.version: 0.17.0 -spec: - displayName: Package Server - description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion. - minKubeVersion: 1.11.0 - keywords: ['packagemanifests', 'olm', 'packages'] - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - provider: - name: Red Hat - links: - - name: Package Server - url: https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/package-server - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: true - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - clusterPermissions: - - serviceAccountName: olm-operator-serviceaccount - rules: - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - get - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "operators.coreos.com" - resources: - - catalogsources - verbs: - - get - - list - - watch - - apiGroups: - - "packages.operators.coreos.com" - resources: - - packagemanifests - verbs: - - get - - list - deployments: - - name: packageserver - spec: - strategy: - type: RollingUpdate - replicas: 2 - selector: - matchLabels: - app: packageserver - template: - metadata: - labels: - app: packageserver - spec: - serviceAccountName: olm-operator-serviceaccount - nodeSelector: - kubernetes.io/os: linux - containers: - - name: packageserver - command: - - /bin/package-server - - -v=4 - - --secure-port - - "5443" - - --global-namespace - - olm - image: quay.io/operator-framework/olm@sha256:de396b540b82219812061d0d753440d5655250c621c753ed1dc67d6154741607 - imagePullPolicy: Always - ports: - - containerPort: 5443 - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - terminationMessagePolicy: FallbackToLogsOnError - resources: - requests: - cpu: 10m - memory: 50Mi - securityContext: - runAsUser: 1000 - volumeMounts: - - name: tmpfs - mountPath: /tmp - volumes: - - name: tmpfs - emptyDir: {} - maturity: alpha - version: 0.17.0 - apiservicedefinitions: - owned: - - group: packages.operators.coreos.com - version: v1 - kind: PackageManifest - name: packagemanifests - displayName: PackageManifest - description: A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps - deploymentName: packageserver - containerPort: 5443 diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_17-upstream-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_17-upstream-operators.catalogsource.yaml deleted file mode 100644 index 559b4dc719..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.17.0/0000_50_olm_17-upstream-operators.catalogsource.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_17-upstream-operators.catalogsource.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: operatorhubio-catalog - namespace: olm -spec: - sourceType: grpc - image: quay.io/operatorhubio/catalog:latest - displayName: Community Operators - publisher: OperatorHub.io diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-catalogsources.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-catalogsources.crd.yaml deleted file mode 100644 index 2c1efc61dd..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-catalogsources.crd.yaml +++ /dev/null @@ -1,169 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-catalogsources.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: catalogsources.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: CatalogSource - listKind: CatalogSourceList - plural: catalogsources - shortNames: - - catsrc - singular: catalogsource - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The pretty name of the catalog - jsonPath: .spec.displayName - name: Display - type: string - - description: The type of the catalog - jsonPath: .spec.sourceType - name: Type - type: string - - description: The publisher of the catalog - jsonPath: .spec.publisher - name: Publisher - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: CatalogSource is a repository of CSVs, CRDs, and operator packages. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - required: - - sourceType - properties: - address: - description: 'Address is a host that OLM can use to connect to a pre-existing registry. Format: : Only used when SourceType = SourceTypeGrpc. Ignored when the Image field is set.' - type: string - configMap: - description: ConfigMap is the name of the ConfigMap to be used to back a configmap-server registry. Only used when SourceType = SourceTypeConfigmap or SourceTypeInternal. - type: string - description: - type: string - displayName: - description: Metadata - type: string - icon: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - mediatype: - type: string - image: - description: Image is an operator-registry container image to instantiate a registry-server with. Only used when SourceType = SourceTypeGrpc. If present, the address field is ignored. - type: string - priority: - description: 'Priority field assigns a weight to the catalog source to prioritize them so that it can be consumed by the dependency resolver. Usage: Higher weight indicates that this catalog source is preferred over lower weighted catalog sources during dependency resolution. The range of the priority value can go from positive to negative in the range of int32. The default value to a catalog source with unassigned priority would be 0. The catalog source with the same priority values will be ranked lexicographically based on its name.' - type: integer - publisher: - type: string - secrets: - description: Secrets represent set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. - type: array - items: - type: string - sourceType: - description: SourceType is the type of source - type: string - updateStrategy: - description: UpdateStrategy defines how updated catalog source images can be discovered Consists of an interval that defines polling duration and an embedded strategy type - type: object - properties: - registryPoll: - type: object - properties: - interval: - description: Interval is used to determine the time interval between checks of the latest catalog source version. The catalog operator polls to see if a new version of the catalog source is available. If available, the latest image is pulled and gRPC traffic is directed to the latest catalog source. - type: string - status: - type: object - properties: - configMapReference: - type: object - required: - - name - - namespace - properties: - lastUpdateTime: - type: string - format: date-time - name: - type: string - namespace: - type: string - resourceVersion: - type: string - uid: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. - type: string - connectionState: - type: object - required: - - lastObservedState - properties: - address: - type: string - lastConnect: - type: string - format: date-time - lastObservedState: - type: string - latestImageRegistryPoll: - description: The last time the CatalogSource image registry has been polled to ensure the image is up-to-date - type: string - format: date-time - message: - description: A human readable message indicating details about why the CatalogSource is in this condition. - type: string - reason: - description: Reason is the reason the CatalogSource was transitioned to its current state. - type: string - registryService: - type: object - properties: - createdAt: - type: string - format: date-time - port: - type: string - protocol: - type: string - serviceName: - type: string - serviceNamespace: - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-clusterserviceversions.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-clusterserviceversions.crd.yaml deleted file mode 100644 index 394924902a..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-clusterserviceversions.crd.yaml +++ /dev/null @@ -1,4841 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-clusterserviceversions.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: clusterserviceversions.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - plural: clusterserviceversions - shortNames: - - csv - - csvs - singular: clusterserviceversion - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The name of the CSV - jsonPath: .spec.displayName - name: Display - type: string - - description: The version of the CSV - jsonPath: .spec.version - name: Version - type: string - - description: The name of a CSV that this one replaces - jsonPath: .spec.replaces - name: Replaces - type: string - - jsonPath: .status.phase - name: Phase - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: ClusterServiceVersion is a Custom Resource of type `ClusterServiceVersionSpec`. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClusterServiceVersionSpec declarations tell OLM how to install an operator that can manage apps for a given version. - type: object - required: - - displayName - - install - properties: - annotations: - description: Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. - type: object - additionalProperties: - type: string - apiservicedefinitions: - description: APIServiceDefinitions declares all of the extension apis managed or required by an operator being ran by ClusterServiceVersion. - type: object - properties: - owned: - type: array - items: - description: APIServiceDescription provides details to OLM about apis provided via aggregation - type: object - required: - - group - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - description: - type: string - displayName: - type: string - group: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - required: - type: array - items: - description: APIServiceDescription provides details to OLM about apis provided via aggregation - type: object - required: - - group - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - description: - type: string - displayName: - type: string - group: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - cleanup: - description: Cleanup specifies the cleanup behaviour when the CSV gets deleted - type: object - required: - - enabled - properties: - enabled: - type: boolean - customresourcedefinitions: - description: "CustomResourceDefinitions declares all of the CRDs managed or required by an operator being ran by ClusterServiceVersion. \n If the CRD is present in the Owned list, it is implicitly required." - type: object - properties: - owned: - type: array - items: - description: CRDDescription provides details to OLM about the CRDs - type: object - required: - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - description: - type: string - displayName: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - required: - type: array - items: - description: CRDDescription provides details to OLM about the CRDs - type: object - required: - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - description: - type: string - displayName: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - description: - type: string - displayName: - type: string - icon: - type: array - items: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - mediatype: - type: string - install: - description: NamedInstallStrategy represents the block of an ClusterServiceVersion resource where the install strategy is specified. - type: object - required: - - strategy - properties: - spec: - description: StrategyDetailsDeployment represents the parsed details of a Deployment InstallStrategy. - type: object - required: - - deployments - properties: - clusterPermissions: - type: array - items: - description: StrategyDeploymentPermissions describe the rbac rules and service account needed by the install strategy - type: object - required: - - rules - - serviceAccountName - properties: - rules: - type: array - items: - description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. - type: object - required: - - verbs - properties: - apiGroups: - description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. - type: array - items: - type: string - nonResourceURLs: - description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. - type: array - items: - type: string - resourceNames: - description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. - type: array - items: - type: string - resources: - description: Resources is a list of resources this rule applies to. ResourceAll represents all resources. - type: array - items: - type: string - verbs: - description: Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds. - type: array - items: - type: string - serviceAccountName: - type: string - deployments: - type: array - items: - description: StrategyDeploymentSpec contains the name, spec and labels for the deployment ALM should create - type: object - required: - - name - - spec - properties: - label: - description: Set is a map of label:value. It implements Labels. - type: object - additionalProperties: - type: string - name: - type: string - spec: - description: DeploymentSpec is the specification of the desired behavior of the Deployment. - type: object - required: - - selector - - template - properties: - minReadySeconds: - description: Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) - type: integer - format: int32 - paused: - description: Indicates that the deployment is paused. - type: boolean - progressDeadlineSeconds: - description: The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s. - type: integer - format: int32 - replicas: - description: Number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1. - type: integer - format: int32 - revisionHistoryLimit: - description: The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10. - type: integer - format: int32 - selector: - description: Label selector for pods. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment. It must match the pod template's labels. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - strategy: - description: The deployment strategy to use to replace existing pods with new ones. - type: object - properties: - rollingUpdate: - description: 'Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be.' - type: object - properties: - maxSurge: - description: 'The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.' - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - description: 'The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.' - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: - description: Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. - type: string - template: - description: Template describes the pods that will be created. - type: object - properties: - metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - description: 'Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - containers - properties: - activeDeadlineSeconds: - description: Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. - type: integer - format: int64 - affinity: - description: If specified, the pod's scheduling constraints - type: object - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. - type: array - items: - description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - type: object - required: - - preference - - weight - properties: - preference: - description: A node selector term, associated with the corresponding weight. - type: object - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchFields: - description: A list of node selector requirements by node's fields. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. - type: object - required: - - nodeSelectorTerms - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are ORed. - type: array - items: - description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - type: object - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchFields: - description: A list of node selector requirements by node's fields. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. - type: object - properties: - postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. - type: array - items: - description: volumeDevice describes a mapping of a raw block device within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. - type: object - properties: - nameservers: - description: A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. - type: array - items: - type: string - options: - description: A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. - type: array - items: - description: PodDNSConfigOption defines DNS resolver options of a pod. - type: object - properties: - name: - description: Required. - type: string - value: - type: string - searches: - description: A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. - type: array - items: - type: string - dnsPolicy: - description: Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' - type: boolean - ephemeralContainers: - description: List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature. - type: array - items: - description: An EphemeralContainer is a container that may be added temporarily to an existing pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a pod is removed or restarted. If an ephemeral container causes a pod to exceed its resource allocation, the pod may be evicted. Ephemeral containers may not be added by directly updating the pod spec. They must be added via the pod's ephemeralcontainers subresource, and they will appear in the pod spec once added. This is an alpha feature enabled by the EphemeralContainers feature flag. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle is not allowed for ephemeral containers. - type: object - properties: - postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: Probes are not allowed for ephemeral containers. - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers. - type: string - ports: - description: Ports are not allowed for ephemeral containers. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - readinessProbe: - description: Probes are not allowed for ephemeral containers. - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod. - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: SecurityContext is not allowed for ephemeral containers. - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - startupProbe: - description: Probes are not allowed for ephemeral containers. - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - targetContainerName: - description: If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature. - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. - type: array - items: - description: volumeDevice describes a mapping of a raw block device within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - hostAliases: - description: HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods. - type: array - items: - description: HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. - type: object - properties: - hostnames: - description: Hostnames for the above IP address. - type: array - items: - type: string - ip: - description: IP address of the host file entry. - type: string - hostIPC: - description: 'Use the host''s ipc namespace. Optional: Default to false.' - type: boolean - hostNetwork: - description: Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. - type: boolean - hostPID: - description: 'Use the host''s pid namespace. Optional: Default to false.' - type: boolean - hostname: - description: Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. - type: string - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: A single application container that you want to run within a pod. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. - type: object - properties: - postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. - type: array - items: - description: volumeDevice describes a mapping of a raw block device within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - nodeName: - description: NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements. - type: string - nodeSelector: - description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - overhead: - description: 'Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preemptionPolicy: - description: PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is beta-level, gated by the NonPreemptingPriority feature-gate. - type: string - priority: - description: The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. - type: integer - format: int32 - priorityClassName: - description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. - type: string - readinessGates: - description: 'If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' - type: array - items: - description: PodReadinessGate contains the reference to a pod condition - type: object - required: - - conditionType - properties: - conditionType: - description: ConditionType refers to a condition in the pod's condition list with matching type. - type: string - restartPolicy: - description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' - type: string - runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.' - type: string - schedulerName: - description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. - type: string - securityContext: - description: 'SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.' - type: object - properties: - fsGroup: - description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." - type: integer - format: int64 - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - type: object - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - seccompProfile: - description: The seccomp options to use by the containers in this pod. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - supplementalGroups: - description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. - type: array - items: - type: integer - format: int64 - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. - type: array - items: - description: Sysctl defines a kernel parameter to be set - type: object - required: - - name - - value - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - serviceAccount: - description: 'DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.' - type: string - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - setHostnameAsFQDN: - description: If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false. - type: boolean - shareProcessNamespace: - description: 'Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.' - type: boolean - subdomain: - description: If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will not have a domainname at all. - type: string - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. - type: integer - format: int64 - tolerations: - description: If specified, the pod's tolerations. - type: array - items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . - type: object - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - topologySpreadConstraints: - description: TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. - type: array - items: - description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. - type: object - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - properties: - labelSelector: - description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - maxSkew: - description: 'MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It''s a required field. Default value is 1 and 0 is not allowed.' - type: integer - format: int32 - topologyKey: - description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assigment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' - type: string - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' - type: integer - format: int32 - readOnly: - description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - azureDisk: - description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - type: object - required: - - diskName - - diskURI - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - azureFile: - description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. - type: object - required: - - secretName - - shareName - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - cephfs: - description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime - type: object - required: - - monitors - properties: - monitors: - description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: array - items: - type: string - path: - description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - user: - description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - cinder: - description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - volumeID: - description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - configMap: - description: ConfigMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys must be defined - type: boolean - csi: - description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - readOnly: - description: Specifies a read-only configuration for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. - type: object - additionalProperties: - type: string - downwardAPI: - description: DownwardAPI represents downward API about the pod that should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: Items is a list of downward API volume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - emptyDir: - description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: object - properties: - medium: - description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - ephemeral: - description: "Ephemeral represents a volume that is handled by a cluster storage driver (Alpha feature). The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." - type: object - properties: - readOnly: - description: Specifies a read-only configuration for the volume. Defaults to false (read/write). - type: boolean - volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." - type: object - required: - - spec - properties: - metadata: - description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. - type: object - spec: - description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. - type: object - properties: - accessModes: - description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - type: array - items: - type: string - dataSource: - description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.' - type: object - required: - - kind - - name - properties: - apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - resources: - description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - selector: - description: A label query over volumes to consider for binding. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - storageClassName: - description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: VolumeName is the binding reference to the PersistentVolume backing this claim. - type: string - fc: - description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - type: object - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - lun: - description: 'Optional: FC target lun number' - type: integer - format: int32 - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - type: array - items: - type: string - wwids: - description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' - type: array - items: - type: string - flexVolume: - description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the driver to use for this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - type: string - options: - description: 'Optional: Extra command options if any.' - type: object - additionalProperties: - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - flocker: - description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - type: object - properties: - datasetName: - description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier of a Flocker dataset - type: string - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: object - required: - - pdName - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: integer - format: int32 - pdName: - description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - gitRepo: - description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' - type: object - required: - - repository - properties: - directory: - description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - type: object - required: - - endpoints - - path - properties: - endpoints: - description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - hostPath: - description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' - type: object - required: - - path - properties: - path: - description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - type: object - required: - - iqn - - lun - - targetPortal - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - type: integer - format: int32 - portals: - description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - type: array - items: - type: string - readOnly: - description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator authentication - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - targetPortal: - description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - type: string - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: object - required: - - path - - server - properties: - path: - description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: object - required: - - claimName - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. Default false. - type: boolean - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - type: object - required: - - pdID - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent disk - type: string - portworxVolume: - description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine - type: object - required: - - volumeID - properties: - fsType: - description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx volume - type: string - projected: - description: Items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: information about the configMap data to project - type: object - properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys must be defined - type: boolean - downwardAPI: - description: information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secret: - description: information about the secret data to project - type: object - properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - serviceAccountToken: - description: information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: Path is the path relative to the mount point of the file to project the token into. - type: string - quobyte: - description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime - type: object - required: - - registry - - volume - properties: - group: - description: Group to map volume access to Default is no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. - type: boolean - registry: - description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to serivceaccount user - type: string - volume: - description: Volume is a string that references an already created Quobyte volume by name. - type: string - rbd: - description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - type: object - required: - - image - - monitors - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: array - items: - type: string - pool: - description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - user: - description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - type: object - required: - - gateway - - secretRef - - system - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - sslEnabled: - description: Flag to enable/disable SSL communication with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with the protection domain. - type: string - system: - description: The name of the storage system as configured in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in the ScaleIO system that is associated with this volume source. - type: string - secret: - description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: Specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - storageos: - description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. - type: object - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - volumeName: - description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. - type: string - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - type: object - required: - - volumePath - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) profile name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - permissions: - type: array - items: - description: StrategyDeploymentPermissions describe the rbac rules and service account needed by the install strategy - type: object - required: - - rules - - serviceAccountName - properties: - rules: - type: array - items: - description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. - type: object - required: - - verbs - properties: - apiGroups: - description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. - type: array - items: - type: string - nonResourceURLs: - description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. - type: array - items: - type: string - resourceNames: - description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. - type: array - items: - type: string - resources: - description: Resources is a list of resources this rule applies to. ResourceAll represents all resources. - type: array - items: - type: string - verbs: - description: Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds. - type: array - items: - type: string - serviceAccountName: - type: string - strategy: - type: string - installModes: - description: InstallModes specify supported installation types - type: array - items: - description: InstallMode associates an InstallModeType with a flag representing if the CSV supports it - type: object - required: - - supported - - type - properties: - supported: - type: boolean - type: - description: InstallModeType is a supported type of install mode for CSV installation - type: string - keywords: - type: array - items: - type: string - labels: - description: Map of string keys and values that can be used to organize and categorize (scope and select) objects. - type: object - additionalProperties: - type: string - links: - type: array - items: - type: object - properties: - name: - type: string - url: - type: string - maintainers: - type: array - items: - type: object - properties: - email: - type: string - name: - type: string - maturity: - type: string - minKubeVersion: - type: string - nativeAPIs: - type: array - items: - description: GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion to avoid automatic coersion. It doesn't use a GroupVersion to avoid custom marshalling - type: object - required: - - group - - kind - - version - properties: - group: - type: string - kind: - type: string - version: - type: string - provider: - type: object - properties: - name: - type: string - url: - type: string - relatedImages: - description: List any related images, or other container images that your Operator might require to perform their functions. This list should also include operand images as well. All image references should be specified by digest (SHA) and not by tag. This field is only used during catalog creation and plays no part in cluster runtime. - type: array - items: - type: object - required: - - image - - name - properties: - image: - type: string - name: - type: string - replaces: - description: The name of a CSV this one replaces. Should match the `metadata.Name` field of the old CSV. - type: string - selector: - description: Label selector for related resources. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - skips: - description: The name(s) of one or more CSV(s) that should be skipped in the upgrade graph. Should match the `metadata.Name` field of the CSV that should be skipped. This field is only used during catalog creation and plays no part in cluster runtime. - type: array - items: - type: string - version: - description: OperatorVersion is a wrapper around semver.Version which supports correct marshaling to YAML and JSON. - type: string - webhookdefinitions: - type: array - items: - description: WebhookDescription provides details to OLM about required webhooks - type: object - required: - - admissionReviewVersions - - generateName - - sideEffects - - type - properties: - admissionReviewVersions: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - default: 443 - maximum: 65535 - minimum: 1 - conversionCRDs: - type: array - items: - type: string - deploymentName: - type: string - failurePolicy: - type: string - generateName: - type: string - matchPolicy: - description: MatchPolicyType specifies the type of match policy - type: string - objectSelector: - description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - reinvocationPolicy: - description: ReinvocationPolicyType specifies what type of policy the admission hook uses. - type: string - rules: - type: array - items: - description: RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid. - type: object - properties: - apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. - type: array - items: - type: string - apiVersions: - description: APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required. - type: array - items: - type: string - operations: - description: Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required. - type: array - items: - type: string - resources: - description: "Resources is a list of resources this rule applies to. \n For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources. \n If wildcard is present, the validation rule will ensure resources do not overlap with each other. \n Depending on the enclosing object, subresources might not be allowed. Required." - type: array - items: - type: string - scope: - description: scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*". - type: string - sideEffects: - type: string - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - type: integer - format: int32 - type: - description: WebhookAdmissionType is the type of admission webhooks supported by OLM - type: string - enum: - - ValidatingAdmissionWebhook - - MutatingAdmissionWebhook - - ConversionWebhook - webhookPath: - type: string - status: - description: ClusterServiceVersionStatus represents information about the status of a CSV. Status may trail the actual state of a system. - type: object - properties: - certsLastUpdated: - description: Last time the owned APIService certs were updated - type: string - format: date-time - certsRotateAt: - description: Time the owned APIService certs will rotate next - type: string - format: date-time - cleanup: - description: CleanupStatus represents information about the status of cleanup while a CSV is pending deletion - type: object - properties: - pendingDeletion: - description: PendingDeletion is the list of custom resource objects that are pending deletion and blocked on finalizers. This indicates the progress of cleanup that is blocking CSV deletion or operator uninstall. - type: array - items: - description: ResourceList represents a list of resources which are of the same Group/Kind - type: object - required: - - group - - instances - - kind - properties: - group: - type: string - instances: - type: array - items: - type: object - required: - - name - properties: - name: - type: string - namespace: - description: Namespace can be empty for cluster-scoped resources - type: string - kind: - type: string - conditions: - description: List of conditions, a history of state transitions - type: array - items: - description: Conditions appear in the status as a record of state transitions on the ClusterServiceVersion - type: object - properties: - lastTransitionTime: - description: Last time the status transitioned from one status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time we updated the status - type: string - format: date-time - message: - description: A human readable message indicating details about why the ClusterServiceVersion is in this condition. - type: string - phase: - description: Condition of the ClusterServiceVersion - type: string - reason: - description: A brief CamelCase message indicating details about why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' - type: string - lastTransitionTime: - description: Last time the status transitioned from one status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time we updated the status - type: string - format: date-time - message: - description: A human readable message indicating details about why the ClusterServiceVersion is in this condition. - type: string - phase: - description: Current condition of the ClusterServiceVersion - type: string - reason: - description: A brief CamelCase message indicating details about why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' - type: string - requirementStatus: - description: The status of each requirement for this CSV - type: array - items: - type: object - required: - - group - - kind - - message - - name - - status - - version - properties: - dependents: - type: array - items: - description: DependentStatus is the status for a dependent requirement (to prevent infinite nesting) - type: object - required: - - group - - kind - - status - - version - properties: - group: - type: string - kind: - type: string - message: - type: string - status: - description: StatusReason is a camelcased reason for the status of a RequirementStatus or DependentStatus - type: string - uuid: - type: string - version: - type: string - group: - type: string - kind: - type: string - message: - type: string - name: - type: string - status: - description: StatusReason is a camelcased reason for the status of a RequirementStatus or DependentStatus - type: string - uuid: - type: string - version: - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-installplans.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-installplans.crd.yaml deleted file mode 100644 index 6536fe1b79..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-installplans.crd.yaml +++ /dev/null @@ -1,265 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-installplans.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: installplans.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: InstallPlan - listKind: InstallPlanList - plural: installplans - shortNames: - - ip - singular: installplan - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The first CSV in the list of clusterServiceVersionNames - jsonPath: .spec.clusterServiceVersionNames[0] - name: CSV - type: string - - description: The approval mode - jsonPath: .spec.approval - name: Approval - type: string - - jsonPath: .spec.approved - name: Approved - type: boolean - name: v1alpha1 - schema: - openAPIV3Schema: - description: InstallPlan defines the installation of a set of operators. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: InstallPlanSpec defines a set of Application resources to be installed - type: object - required: - - approval - - approved - - clusterServiceVersionNames - properties: - approval: - description: Approval is the user approval policy for an InstallPlan. It must be one of "Automatic" or "Manual". - type: string - approved: - type: boolean - clusterServiceVersionNames: - type: array - items: - type: string - generation: - type: integer - source: - type: string - sourceNamespace: - type: string - status: - description: "InstallPlanStatus represents the information about the status of steps required to complete installation. \n Status may trail the actual state of a system." - type: object - required: - - catalogSources - - phase - properties: - attenuatedServiceAccountRef: - description: AttenuatedServiceAccountRef references the service account that is used to do scoped operator install. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - bundleLookups: - description: BundleLookups is the set of in-progress requests to pull and unpackage bundle content to the cluster. - type: array - items: - description: BundleLookup is a request to pull and unpackage the content of a bundle to the cluster. - type: object - required: - - catalogSourceRef - - identifier - - path - - replaces - properties: - catalogSourceRef: - description: CatalogSourceRef is a reference to the CatalogSource the bundle path was resolved from. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - conditions: - description: Conditions represents the overall state of a BundleLookup. - type: array - items: - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time the condition was probed. - type: string - format: date-time - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - identifier: - description: Identifier is the catalog-unique name of the operator (the name of the CSV for bundles that contain CSVs) - type: string - path: - description: Path refers to the location of a bundle to pull. It's typically an image reference. - type: string - properties: - description: The effective properties of the unpacked bundle. - type: string - replaces: - description: Replaces is the name of the bundle to replace with the one found at Path. - type: string - catalogSources: - type: array - items: - type: string - conditions: - type: array - items: - description: InstallPlanCondition represents the overall status of the execution of an InstallPlan. - type: object - properties: - lastTransitionTime: - type: string - format: date-time - lastUpdateTime: - type: string - format: date-time - message: - type: string - reason: - description: ConditionReason is a camelcased reason for the state transition. - type: string - status: - type: string - type: - description: InstallPlanConditionType describes the state of an InstallPlan at a certain point as a whole. - type: string - message: - description: Message is a human-readable message containing detailed information that may be important to understanding why the plan has its current status. - type: string - phase: - description: InstallPlanPhase is the current status of a InstallPlan as a whole. - type: string - plan: - type: array - items: - description: Step represents the status of an individual step in an InstallPlan. - type: object - required: - - resolving - - resource - - status - properties: - resolving: - type: string - resource: - description: StepResource represents the status of a resource to be tracked by an InstallPlan. - type: object - required: - - group - - kind - - name - - sourceName - - sourceNamespace - - version - properties: - group: - type: string - kind: - type: string - manifest: - type: string - name: - type: string - sourceName: - type: string - sourceNamespace: - type: string - version: - type: string - status: - description: StepStatus is the current status of a particular resource an in InstallPlan - type: string - startTime: - description: StartTime is the time when the controller began applying the resources listed in the plan to the cluster. - type: string - format: date-time - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-namespace.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-namespace.yaml deleted file mode 100644 index 13917074d8..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-namespace.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: olm ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: operators diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-operatorconditions.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-operatorconditions.crd.yaml deleted file mode 100644 index a00ebba628..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-operatorconditions.crd.yaml +++ /dev/null @@ -1,144 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-operatorconditions.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: operatorconditions.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: OperatorCondition - listKind: OperatorConditionList - plural: operatorconditions - shortNames: - - condition - singular: operatorcondition - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: OperatorCondition is a Custom Resource of type `OperatorCondition` which is used to convey information to OLM about the state of an operator. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorConditionSpec allows a cluster admin to convey information about the state of an operator to OLM, potentially overriding state reported by the operator. - type: object - properties: - deployments: - type: array - items: - type: string - overrides: - type: array - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - type: object - required: - - message - - reason - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - type: string - format: date-time - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - type: string - maxLength: 32768 - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - type: integer - format: int64 - minimum: 0 - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - type: string - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - status: - description: status of the condition, one of True, False, Unknown. - type: string - enum: - - "True" - - "False" - - Unknown - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - type: string - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - serviceAccounts: - type: array - items: - type: string - status: - description: OperatorConditionStatus allows an operator to convey information its state to OLM. The status may trail the actual state of a system. - type: object - properties: - conditions: - type: array - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - type: object - required: - - lastTransitionTime - - message - - reason - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - type: string - format: date-time - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - type: string - maxLength: 32768 - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - type: integer - format: int64 - minimum: 0 - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - type: string - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - status: - description: status of the condition, one of True, False, Unknown. - type: string - enum: - - "True" - - "False" - - Unknown - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - type: string - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-operatorgroups.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-operatorgroups.crd.yaml deleted file mode 100644 index f05dca4089..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-operatorgroups.crd.yaml +++ /dev/null @@ -1,235 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-operatorgroups.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: operatorgroups.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: OperatorGroup - listKind: OperatorGroupList - plural: operatorgroups - shortNames: - - og - singular: operatorgroup - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: OperatorGroup is the unit of multitenancy for OLM managed operators. It constrains the installation of operators in its namespace to a specified set of target namespaces. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorGroupSpec is the spec for an OperatorGroup resource. - type: object - properties: - selector: - description: Selector selects the OperatorGroup's target namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - serviceAccountName: - description: ServiceAccountName is the admin specified service account which will be used to deploy operator(s) in this operator group. - type: string - staticProvidedAPIs: - description: Static tells OLM not to update the OperatorGroup's providedAPIs annotation - type: boolean - targetNamespaces: - description: TargetNamespaces is an explicit set of namespaces to target. If it is set, Selector is ignored. - type: array - items: - type: string - x-kubernetes-list-type: set - status: - description: OperatorGroupStatus is the status for an OperatorGroupResource. - type: object - required: - - lastUpdated - properties: - lastUpdated: - description: LastUpdated is a timestamp of the last time the OperatorGroup's status was Updated. - type: string - format: date-time - namespaces: - description: Namespaces is the set of target namespaces for the OperatorGroup. - type: array - items: - type: string - x-kubernetes-list-type: set - serviceAccountRef: - description: ServiceAccountRef references the service account object specified. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: true - subresources: - status: {} - - name: v1alpha2 - schema: - openAPIV3Schema: - description: OperatorGroup is the unit of multitenancy for OLM managed operators. It constrains the installation of operators in its namespace to a specified set of target namespaces. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorGroupSpec is the spec for an OperatorGroup resource. - type: object - properties: - selector: - description: Selector selects the OperatorGroup's target namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - serviceAccountName: - description: ServiceAccountName is the admin specified service account which will be used to deploy operator(s) in this operator group. - type: string - staticProvidedAPIs: - description: Static tells OLM not to update the OperatorGroup's providedAPIs annotation - type: boolean - targetNamespaces: - description: TargetNamespaces is an explicit set of namespaces to target. If it is set, Selector is ignored. - type: array - items: - type: string - status: - description: OperatorGroupStatus is the status for an OperatorGroupResource. - type: object - required: - - lastUpdated - properties: - lastUpdated: - description: LastUpdated is a timestamp of the last time the OperatorGroup's status was Updated. - type: string - format: date-time - namespaces: - description: Namespaces is the set of target namespaces for the OperatorGroup. - type: array - items: - type: string - serviceAccountRef: - description: ServiceAccountRef references the service account object specified. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: false - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-operators.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-operators.crd.yaml deleted file mode 100644 index 31b582b3b8..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-operators.crd.yaml +++ /dev/null @@ -1,140 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-operators.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: operators.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: Operator - listKind: OperatorList - plural: operators - singular: operator - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Operator represents a cluster operator. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorSpec defines the desired state of Operator - type: object - status: - description: OperatorStatus defines the observed state of an Operator and its components - type: object - properties: - components: - description: Components describes resources that compose the operator. - type: object - required: - - labelSelector - properties: - labelSelector: - description: LabelSelector is a label query over a set of resources used to select the operator's components - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - refs: - description: Refs are a set of references to the operator's component resources, selected with LabelSelector. - type: array - items: - description: RichReference is a reference to a resource, enriched with its status conditions. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - conditions: - description: Conditions represents the latest state of the component. - type: array - items: - description: Condition represent the latest available observations of an component's state. - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time the condition was probed - type: string - format: date-time - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-subscriptions.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-subscriptions.crd.yaml deleted file mode 100644 index d9769df42b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_00-subscriptions.crd.yaml +++ /dev/null @@ -1,1344 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-subscriptions.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: subscriptions.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: Subscription - listKind: SubscriptionList - plural: subscriptions - shortNames: - - sub - - subs - singular: subscription - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The package subscribed to - jsonPath: .spec.name - name: Package - type: string - - description: The catalog source for the specified package - jsonPath: .spec.source - name: Source - type: string - - description: The channel of updates to subscribe to - jsonPath: .spec.channel - name: Channel - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Subscription keeps operators up to date by tracking changes to Catalogs. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: SubscriptionSpec defines an Application that can be installed - type: object - required: - - name - - source - - sourceNamespace - properties: - channel: - type: string - config: - description: SubscriptionConfig contains configuration specified for a subscription. - type: object - properties: - env: - description: Env is a list of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - envFrom: - description: EnvFrom is a list of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Immutable. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - nodeSelector: - description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - resources: - description: 'Resources represents compute resources required by this container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - selector: - description: Selector is the label selector for pods to be configured. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment. It must match the pod template's labels. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - tolerations: - description: Tolerations are the pod's tolerations. - type: array - items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . - type: object - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - volumeMounts: - description: List of VolumeMounts to set in the container. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - volumes: - description: List of Volumes to set in the podSpec. - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' - type: integer - format: int32 - readOnly: - description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - azureDisk: - description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - type: object - required: - - diskName - - diskURI - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - azureFile: - description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. - type: object - required: - - secretName - - shareName - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - cephfs: - description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime - type: object - required: - - monitors - properties: - monitors: - description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: array - items: - type: string - path: - description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - user: - description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - cinder: - description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - volumeID: - description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - configMap: - description: ConfigMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys must be defined - type: boolean - csi: - description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - readOnly: - description: Specifies a read-only configuration for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. - type: object - additionalProperties: - type: string - downwardAPI: - description: DownwardAPI represents downward API about the pod that should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: Items is a list of downward API volume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - emptyDir: - description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: object - properties: - medium: - description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - ephemeral: - description: "Ephemeral represents a volume that is handled by a cluster storage driver (Alpha feature). The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." - type: object - properties: - readOnly: - description: Specifies a read-only configuration for the volume. Defaults to false (read/write). - type: boolean - volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." - type: object - required: - - spec - properties: - metadata: - description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. - type: object - spec: - description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. - type: object - properties: - accessModes: - description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - type: array - items: - type: string - dataSource: - description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.' - type: object - required: - - kind - - name - properties: - apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - resources: - description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - selector: - description: A label query over volumes to consider for binding. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - storageClassName: - description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: VolumeName is the binding reference to the PersistentVolume backing this claim. - type: string - fc: - description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - type: object - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - lun: - description: 'Optional: FC target lun number' - type: integer - format: int32 - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - type: array - items: - type: string - wwids: - description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' - type: array - items: - type: string - flexVolume: - description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the driver to use for this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - type: string - options: - description: 'Optional: Extra command options if any.' - type: object - additionalProperties: - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - flocker: - description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - type: object - properties: - datasetName: - description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier of a Flocker dataset - type: string - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: object - required: - - pdName - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: integer - format: int32 - pdName: - description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - gitRepo: - description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' - type: object - required: - - repository - properties: - directory: - description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - type: object - required: - - endpoints - - path - properties: - endpoints: - description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - hostPath: - description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' - type: object - required: - - path - properties: - path: - description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - type: object - required: - - iqn - - lun - - targetPortal - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - type: integer - format: int32 - portals: - description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - type: array - items: - type: string - readOnly: - description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator authentication - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - targetPortal: - description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - type: string - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: object - required: - - path - - server - properties: - path: - description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: object - required: - - claimName - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. Default false. - type: boolean - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - type: object - required: - - pdID - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent disk - type: string - portworxVolume: - description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine - type: object - required: - - volumeID - properties: - fsType: - description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx volume - type: string - projected: - description: Items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: information about the configMap data to project - type: object - properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys must be defined - type: boolean - downwardAPI: - description: information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secret: - description: information about the secret data to project - type: object - properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - serviceAccountToken: - description: information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: Path is the path relative to the mount point of the file to project the token into. - type: string - quobyte: - description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime - type: object - required: - - registry - - volume - properties: - group: - description: Group to map volume access to Default is no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. - type: boolean - registry: - description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to serivceaccount user - type: string - volume: - description: Volume is a string that references an already created Quobyte volume by name. - type: string - rbd: - description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - type: object - required: - - image - - monitors - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: array - items: - type: string - pool: - description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - user: - description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - type: object - required: - - gateway - - secretRef - - system - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - sslEnabled: - description: Flag to enable/disable SSL communication with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with the protection domain. - type: string - system: - description: The name of the storage system as configured in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in the ScaleIO system that is associated with this volume source. - type: string - secret: - description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: Specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - storageos: - description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. - type: object - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - volumeName: - description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. - type: string - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - type: object - required: - - volumePath - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) profile name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - installPlanApproval: - description: Approval is the user approval policy for an InstallPlan. It must be one of "Automatic" or "Manual". - type: string - name: - type: string - source: - type: string - sourceNamespace: - type: string - startingCSV: - type: string - status: - type: object - required: - - lastUpdated - properties: - catalogHealth: - description: CatalogHealth contains the Subscription's view of its relevant CatalogSources' status. It is used to determine SubscriptionStatusConditions related to CatalogSources. - type: array - items: - description: SubscriptionCatalogHealth describes the health of a CatalogSource the Subscription knows about. - type: object - required: - - catalogSourceRef - - healthy - - lastUpdated - properties: - catalogSourceRef: - description: CatalogSourceRef is a reference to a CatalogSource. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - healthy: - description: Healthy is true if the CatalogSource is healthy; false otherwise. - type: boolean - lastUpdated: - description: LastUpdated represents the last time that the CatalogSourceHealth changed - type: string - format: date-time - conditions: - description: Conditions is a list of the latest available observations about a Subscription's current state. - type: array - items: - description: SubscriptionCondition represents the latest available observations of a Subscription's state. - type: object - required: - - status - - type - properties: - lastHeartbeatTime: - description: LastHeartbeatTime is the last time we got an update on a given condition - type: string - format: date-time - lastTransitionTime: - description: LastTransitionTime is the last time the condition transit from one status to another - type: string - format: date-time - message: - description: Message is a human-readable message indicating details about last transition. - type: string - reason: - description: Reason is a one-word CamelCase reason for the condition's last transition. - type: string - status: - description: Status is the status of the condition, one of True, False, Unknown. - type: string - type: - description: Type is the type of Subscription condition. - type: string - currentCSV: - description: CurrentCSV is the CSV the Subscription is progressing to. - type: string - installPlanGeneration: - description: InstallPlanGeneration is the current generation of the installplan - type: integer - installPlanRef: - description: InstallPlanRef is a reference to the latest InstallPlan that contains the Subscription's current CSV. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - installedCSV: - description: InstalledCSV is the CSV currently installed by the Subscription. - type: string - installplan: - description: 'Install is a reference to the latest InstallPlan generated for the Subscription. DEPRECATED: InstallPlanRef' - type: object - required: - - apiVersion - - kind - - name - - uuid - properties: - apiVersion: - type: string - kind: - type: string - name: - type: string - uuid: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. - type: string - lastUpdated: - description: LastUpdated represents the last time that the Subscription status was updated. - type: string - format: date-time - reason: - description: Reason is the reason the Subscription was transitioned to its current state. - type: string - state: - description: State represents the current state of the Subscription - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_01-olm-operator.serviceaccount.yaml deleted file mode 100644 index e21d33d03d..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: olm ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-olm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_07-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_07-olm-operator.deployment.yaml deleted file mode 100644 index 12ca8a61e2..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_07-olm-operator.deployment.yaml +++ /dev/null @@ -1,63 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_07-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: olm - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - args: - - --namespace - - $(OPERATOR_NAMESPACE) - - --writeStatusName - - "" - image: quay.io/operator-framework/olm@sha256:e9de77ac5c08643202ad42a0311d15c98ffbfd8a1dc2eab4e9f2dcaeed7110ac - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator - resources: - requests: - cpu: 10m - memory: 160Mi - - - nodeSelector: - kubernetes.io/os: linux diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_08-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_08-catalog-operator.deployment.yaml deleted file mode 100644 index bbea7424d2..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_08-catalog-operator.deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_08-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: olm - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - args: - - '-namespace' - - olm - - -configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest - - -util-image - - quay.io/operator-framework/olm@sha256:e9de77ac5c08643202ad42a0311d15c98ffbfd8a1dc2eab4e9f2dcaeed7110ac - image: quay.io/operator-framework/olm@sha256:e9de77ac5c08643202ad42a0311d15c98ffbfd8a1dc2eab4e9f2dcaeed7110ac - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - resources: - requests: - cpu: 10m - memory: 80Mi - - - nodeSelector: - kubernetes.io/os: linux diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_09-aggregated.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_09-aggregated.clusterrole.yaml deleted file mode 100644 index e7aa0af341..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_09-aggregated.clusterrole.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["subscriptions"] - verbs: ["create", "update", "patch", "delete"] -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] - verbs: ["delete"] ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "admin", "edit" and "view" default roles - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "operatorgroups"] - verbs: ["get", "list", "watch"] -- apiGroups: ["packages.operators.coreos.com"] - resources: ["packagemanifests", "packagemanifests/icon"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_13-operatorgroup-default.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_13-operatorgroup-default.yaml deleted file mode 100644 index 56f5bca2bd..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_13-operatorgroup-default.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: global-operators - namespace: operators ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: olm-operators - namespace: olm -spec: - targetNamespaces: - - olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml deleted file mode 100644 index fc3f6900c1..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_15-packageserver.clusterserviceversion.yaml +++ /dev/null @@ -1,132 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_15-packageserver.clusterserviceversion.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - name: packageserver - namespace: olm - labels: - olm.version: 0.18.0 -spec: - displayName: Package Server - description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion. - minKubeVersion: 1.11.0 - keywords: ['packagemanifests', 'olm', 'packages'] - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - provider: - name: Red Hat - links: - - name: Package Server - url: https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/package-server - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: true - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - clusterPermissions: - - serviceAccountName: olm-operator-serviceaccount - rules: - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - get - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "operators.coreos.com" - resources: - - catalogsources - verbs: - - get - - list - - watch - - apiGroups: - - "packages.operators.coreos.com" - resources: - - packagemanifests - verbs: - - get - - list - deployments: - - name: packageserver - spec: - strategy: - type: RollingUpdate - replicas: 2 - selector: - matchLabels: - app: packageserver - template: - metadata: - labels: - app: packageserver - spec: - serviceAccountName: olm-operator-serviceaccount - nodeSelector: - kubernetes.io/os: linux - containers: - - name: packageserver - command: - - /bin/package-server - - -v=4 - - --secure-port - - "5443" - - --global-namespace - - olm - image: quay.io/operator-framework/olm@sha256:e9de77ac5c08643202ad42a0311d15c98ffbfd8a1dc2eab4e9f2dcaeed7110ac - imagePullPolicy: Always - ports: - - containerPort: 5443 - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - terminationMessagePolicy: FallbackToLogsOnError - resources: - requests: - cpu: 10m - memory: 50Mi - securityContext: - runAsUser: 1000 - volumeMounts: - - name: tmpfs - mountPath: /tmp - volumes: - - name: tmpfs - emptyDir: {} - maturity: alpha - version: 0.18.0 - apiservicedefinitions: - owned: - - group: packages.operators.coreos.com - version: v1 - kind: PackageManifest - name: packagemanifests - displayName: PackageManifest - description: A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps - deploymentName: packageserver - containerPort: 5443 diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_17-upstream-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_17-upstream-operators.catalogsource.yaml deleted file mode 100644 index 559b4dc719..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.0/0000_50_olm_17-upstream-operators.catalogsource.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_17-upstream-operators.catalogsource.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: operatorhubio-catalog - namespace: olm -spec: - sourceType: grpc - image: quay.io/operatorhubio/catalog:latest - displayName: Community Operators - publisher: OperatorHub.io diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-catalogsources.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-catalogsources.crd.yaml deleted file mode 100644 index 2c1efc61dd..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-catalogsources.crd.yaml +++ /dev/null @@ -1,169 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-catalogsources.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: catalogsources.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: CatalogSource - listKind: CatalogSourceList - plural: catalogsources - shortNames: - - catsrc - singular: catalogsource - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The pretty name of the catalog - jsonPath: .spec.displayName - name: Display - type: string - - description: The type of the catalog - jsonPath: .spec.sourceType - name: Type - type: string - - description: The publisher of the catalog - jsonPath: .spec.publisher - name: Publisher - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: CatalogSource is a repository of CSVs, CRDs, and operator packages. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - required: - - sourceType - properties: - address: - description: 'Address is a host that OLM can use to connect to a pre-existing registry. Format: : Only used when SourceType = SourceTypeGrpc. Ignored when the Image field is set.' - type: string - configMap: - description: ConfigMap is the name of the ConfigMap to be used to back a configmap-server registry. Only used when SourceType = SourceTypeConfigmap or SourceTypeInternal. - type: string - description: - type: string - displayName: - description: Metadata - type: string - icon: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - mediatype: - type: string - image: - description: Image is an operator-registry container image to instantiate a registry-server with. Only used when SourceType = SourceTypeGrpc. If present, the address field is ignored. - type: string - priority: - description: 'Priority field assigns a weight to the catalog source to prioritize them so that it can be consumed by the dependency resolver. Usage: Higher weight indicates that this catalog source is preferred over lower weighted catalog sources during dependency resolution. The range of the priority value can go from positive to negative in the range of int32. The default value to a catalog source with unassigned priority would be 0. The catalog source with the same priority values will be ranked lexicographically based on its name.' - type: integer - publisher: - type: string - secrets: - description: Secrets represent set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. - type: array - items: - type: string - sourceType: - description: SourceType is the type of source - type: string - updateStrategy: - description: UpdateStrategy defines how updated catalog source images can be discovered Consists of an interval that defines polling duration and an embedded strategy type - type: object - properties: - registryPoll: - type: object - properties: - interval: - description: Interval is used to determine the time interval between checks of the latest catalog source version. The catalog operator polls to see if a new version of the catalog source is available. If available, the latest image is pulled and gRPC traffic is directed to the latest catalog source. - type: string - status: - type: object - properties: - configMapReference: - type: object - required: - - name - - namespace - properties: - lastUpdateTime: - type: string - format: date-time - name: - type: string - namespace: - type: string - resourceVersion: - type: string - uid: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. - type: string - connectionState: - type: object - required: - - lastObservedState - properties: - address: - type: string - lastConnect: - type: string - format: date-time - lastObservedState: - type: string - latestImageRegistryPoll: - description: The last time the CatalogSource image registry has been polled to ensure the image is up-to-date - type: string - format: date-time - message: - description: A human readable message indicating details about why the CatalogSource is in this condition. - type: string - reason: - description: Reason is the reason the CatalogSource was transitioned to its current state. - type: string - registryService: - type: object - properties: - createdAt: - type: string - format: date-time - port: - type: string - protocol: - type: string - serviceName: - type: string - serviceNamespace: - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-clusterserviceversions.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-clusterserviceversions.crd.yaml deleted file mode 100644 index 394924902a..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-clusterserviceversions.crd.yaml +++ /dev/null @@ -1,4841 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-clusterserviceversions.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: clusterserviceversions.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - plural: clusterserviceversions - shortNames: - - csv - - csvs - singular: clusterserviceversion - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The name of the CSV - jsonPath: .spec.displayName - name: Display - type: string - - description: The version of the CSV - jsonPath: .spec.version - name: Version - type: string - - description: The name of a CSV that this one replaces - jsonPath: .spec.replaces - name: Replaces - type: string - - jsonPath: .status.phase - name: Phase - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: ClusterServiceVersion is a Custom Resource of type `ClusterServiceVersionSpec`. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClusterServiceVersionSpec declarations tell OLM how to install an operator that can manage apps for a given version. - type: object - required: - - displayName - - install - properties: - annotations: - description: Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. - type: object - additionalProperties: - type: string - apiservicedefinitions: - description: APIServiceDefinitions declares all of the extension apis managed or required by an operator being ran by ClusterServiceVersion. - type: object - properties: - owned: - type: array - items: - description: APIServiceDescription provides details to OLM about apis provided via aggregation - type: object - required: - - group - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - description: - type: string - displayName: - type: string - group: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - required: - type: array - items: - description: APIServiceDescription provides details to OLM about apis provided via aggregation - type: object - required: - - group - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - description: - type: string - displayName: - type: string - group: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - cleanup: - description: Cleanup specifies the cleanup behaviour when the CSV gets deleted - type: object - required: - - enabled - properties: - enabled: - type: boolean - customresourcedefinitions: - description: "CustomResourceDefinitions declares all of the CRDs managed or required by an operator being ran by ClusterServiceVersion. \n If the CRD is present in the Owned list, it is implicitly required." - type: object - properties: - owned: - type: array - items: - description: CRDDescription provides details to OLM about the CRDs - type: object - required: - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - description: - type: string - displayName: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - required: - type: array - items: - description: CRDDescription provides details to OLM about the CRDs - type: object - required: - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - description: - type: string - displayName: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - description: - type: string - displayName: - type: string - icon: - type: array - items: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - mediatype: - type: string - install: - description: NamedInstallStrategy represents the block of an ClusterServiceVersion resource where the install strategy is specified. - type: object - required: - - strategy - properties: - spec: - description: StrategyDetailsDeployment represents the parsed details of a Deployment InstallStrategy. - type: object - required: - - deployments - properties: - clusterPermissions: - type: array - items: - description: StrategyDeploymentPermissions describe the rbac rules and service account needed by the install strategy - type: object - required: - - rules - - serviceAccountName - properties: - rules: - type: array - items: - description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. - type: object - required: - - verbs - properties: - apiGroups: - description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. - type: array - items: - type: string - nonResourceURLs: - description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. - type: array - items: - type: string - resourceNames: - description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. - type: array - items: - type: string - resources: - description: Resources is a list of resources this rule applies to. ResourceAll represents all resources. - type: array - items: - type: string - verbs: - description: Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds. - type: array - items: - type: string - serviceAccountName: - type: string - deployments: - type: array - items: - description: StrategyDeploymentSpec contains the name, spec and labels for the deployment ALM should create - type: object - required: - - name - - spec - properties: - label: - description: Set is a map of label:value. It implements Labels. - type: object - additionalProperties: - type: string - name: - type: string - spec: - description: DeploymentSpec is the specification of the desired behavior of the Deployment. - type: object - required: - - selector - - template - properties: - minReadySeconds: - description: Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) - type: integer - format: int32 - paused: - description: Indicates that the deployment is paused. - type: boolean - progressDeadlineSeconds: - description: The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s. - type: integer - format: int32 - replicas: - description: Number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1. - type: integer - format: int32 - revisionHistoryLimit: - description: The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10. - type: integer - format: int32 - selector: - description: Label selector for pods. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment. It must match the pod template's labels. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - strategy: - description: The deployment strategy to use to replace existing pods with new ones. - type: object - properties: - rollingUpdate: - description: 'Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be.' - type: object - properties: - maxSurge: - description: 'The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.' - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - description: 'The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.' - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: - description: Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. - type: string - template: - description: Template describes the pods that will be created. - type: object - properties: - metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - description: 'Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - containers - properties: - activeDeadlineSeconds: - description: Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. - type: integer - format: int64 - affinity: - description: If specified, the pod's scheduling constraints - type: object - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. - type: array - items: - description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - type: object - required: - - preference - - weight - properties: - preference: - description: A node selector term, associated with the corresponding weight. - type: object - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchFields: - description: A list of node selector requirements by node's fields. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. - type: object - required: - - nodeSelectorTerms - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are ORed. - type: array - items: - description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - type: object - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchFields: - description: A list of node selector requirements by node's fields. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. - type: object - properties: - postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. - type: array - items: - description: volumeDevice describes a mapping of a raw block device within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. - type: object - properties: - nameservers: - description: A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. - type: array - items: - type: string - options: - description: A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. - type: array - items: - description: PodDNSConfigOption defines DNS resolver options of a pod. - type: object - properties: - name: - description: Required. - type: string - value: - type: string - searches: - description: A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. - type: array - items: - type: string - dnsPolicy: - description: Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' - type: boolean - ephemeralContainers: - description: List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature. - type: array - items: - description: An EphemeralContainer is a container that may be added temporarily to an existing pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a pod is removed or restarted. If an ephemeral container causes a pod to exceed its resource allocation, the pod may be evicted. Ephemeral containers may not be added by directly updating the pod spec. They must be added via the pod's ephemeralcontainers subresource, and they will appear in the pod spec once added. This is an alpha feature enabled by the EphemeralContainers feature flag. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle is not allowed for ephemeral containers. - type: object - properties: - postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: Probes are not allowed for ephemeral containers. - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers. - type: string - ports: - description: Ports are not allowed for ephemeral containers. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - readinessProbe: - description: Probes are not allowed for ephemeral containers. - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod. - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: SecurityContext is not allowed for ephemeral containers. - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - startupProbe: - description: Probes are not allowed for ephemeral containers. - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - targetContainerName: - description: If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature. - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. - type: array - items: - description: volumeDevice describes a mapping of a raw block device within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - hostAliases: - description: HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods. - type: array - items: - description: HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. - type: object - properties: - hostnames: - description: Hostnames for the above IP address. - type: array - items: - type: string - ip: - description: IP address of the host file entry. - type: string - hostIPC: - description: 'Use the host''s ipc namespace. Optional: Default to false.' - type: boolean - hostNetwork: - description: Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. - type: boolean - hostPID: - description: 'Use the host''s pid namespace. Optional: Default to false.' - type: boolean - hostname: - description: Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. - type: string - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: A single application container that you want to run within a pod. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. - type: object - properties: - postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. - type: array - items: - description: volumeDevice describes a mapping of a raw block device within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - nodeName: - description: NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements. - type: string - nodeSelector: - description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - overhead: - description: 'Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preemptionPolicy: - description: PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is beta-level, gated by the NonPreemptingPriority feature-gate. - type: string - priority: - description: The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. - type: integer - format: int32 - priorityClassName: - description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. - type: string - readinessGates: - description: 'If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' - type: array - items: - description: PodReadinessGate contains the reference to a pod condition - type: object - required: - - conditionType - properties: - conditionType: - description: ConditionType refers to a condition in the pod's condition list with matching type. - type: string - restartPolicy: - description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' - type: string - runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.' - type: string - schedulerName: - description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. - type: string - securityContext: - description: 'SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.' - type: object - properties: - fsGroup: - description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." - type: integer - format: int64 - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - type: object - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - seccompProfile: - description: The seccomp options to use by the containers in this pod. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - supplementalGroups: - description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. - type: array - items: - type: integer - format: int64 - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. - type: array - items: - description: Sysctl defines a kernel parameter to be set - type: object - required: - - name - - value - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - serviceAccount: - description: 'DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.' - type: string - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - setHostnameAsFQDN: - description: If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false. - type: boolean - shareProcessNamespace: - description: 'Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.' - type: boolean - subdomain: - description: If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will not have a domainname at all. - type: string - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. - type: integer - format: int64 - tolerations: - description: If specified, the pod's tolerations. - type: array - items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . - type: object - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - topologySpreadConstraints: - description: TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. - type: array - items: - description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. - type: object - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - properties: - labelSelector: - description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - maxSkew: - description: 'MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It''s a required field. Default value is 1 and 0 is not allowed.' - type: integer - format: int32 - topologyKey: - description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assigment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' - type: string - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' - type: integer - format: int32 - readOnly: - description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - azureDisk: - description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - type: object - required: - - diskName - - diskURI - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - azureFile: - description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. - type: object - required: - - secretName - - shareName - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - cephfs: - description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime - type: object - required: - - monitors - properties: - monitors: - description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: array - items: - type: string - path: - description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - user: - description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - cinder: - description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - volumeID: - description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - configMap: - description: ConfigMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys must be defined - type: boolean - csi: - description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - readOnly: - description: Specifies a read-only configuration for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. - type: object - additionalProperties: - type: string - downwardAPI: - description: DownwardAPI represents downward API about the pod that should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: Items is a list of downward API volume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - emptyDir: - description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: object - properties: - medium: - description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - ephemeral: - description: "Ephemeral represents a volume that is handled by a cluster storage driver (Alpha feature). The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." - type: object - properties: - readOnly: - description: Specifies a read-only configuration for the volume. Defaults to false (read/write). - type: boolean - volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." - type: object - required: - - spec - properties: - metadata: - description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. - type: object - spec: - description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. - type: object - properties: - accessModes: - description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - type: array - items: - type: string - dataSource: - description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.' - type: object - required: - - kind - - name - properties: - apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - resources: - description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - selector: - description: A label query over volumes to consider for binding. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - storageClassName: - description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: VolumeName is the binding reference to the PersistentVolume backing this claim. - type: string - fc: - description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - type: object - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - lun: - description: 'Optional: FC target lun number' - type: integer - format: int32 - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - type: array - items: - type: string - wwids: - description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' - type: array - items: - type: string - flexVolume: - description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the driver to use for this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - type: string - options: - description: 'Optional: Extra command options if any.' - type: object - additionalProperties: - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - flocker: - description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - type: object - properties: - datasetName: - description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier of a Flocker dataset - type: string - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: object - required: - - pdName - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: integer - format: int32 - pdName: - description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - gitRepo: - description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' - type: object - required: - - repository - properties: - directory: - description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - type: object - required: - - endpoints - - path - properties: - endpoints: - description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - hostPath: - description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' - type: object - required: - - path - properties: - path: - description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - type: object - required: - - iqn - - lun - - targetPortal - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - type: integer - format: int32 - portals: - description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - type: array - items: - type: string - readOnly: - description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator authentication - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - targetPortal: - description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - type: string - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: object - required: - - path - - server - properties: - path: - description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: object - required: - - claimName - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. Default false. - type: boolean - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - type: object - required: - - pdID - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent disk - type: string - portworxVolume: - description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine - type: object - required: - - volumeID - properties: - fsType: - description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx volume - type: string - projected: - description: Items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: information about the configMap data to project - type: object - properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys must be defined - type: boolean - downwardAPI: - description: information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secret: - description: information about the secret data to project - type: object - properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - serviceAccountToken: - description: information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: Path is the path relative to the mount point of the file to project the token into. - type: string - quobyte: - description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime - type: object - required: - - registry - - volume - properties: - group: - description: Group to map volume access to Default is no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. - type: boolean - registry: - description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to serivceaccount user - type: string - volume: - description: Volume is a string that references an already created Quobyte volume by name. - type: string - rbd: - description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - type: object - required: - - image - - monitors - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: array - items: - type: string - pool: - description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - user: - description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - type: object - required: - - gateway - - secretRef - - system - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - sslEnabled: - description: Flag to enable/disable SSL communication with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with the protection domain. - type: string - system: - description: The name of the storage system as configured in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in the ScaleIO system that is associated with this volume source. - type: string - secret: - description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: Specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - storageos: - description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. - type: object - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - volumeName: - description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. - type: string - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - type: object - required: - - volumePath - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) profile name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - permissions: - type: array - items: - description: StrategyDeploymentPermissions describe the rbac rules and service account needed by the install strategy - type: object - required: - - rules - - serviceAccountName - properties: - rules: - type: array - items: - description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. - type: object - required: - - verbs - properties: - apiGroups: - description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. - type: array - items: - type: string - nonResourceURLs: - description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. - type: array - items: - type: string - resourceNames: - description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. - type: array - items: - type: string - resources: - description: Resources is a list of resources this rule applies to. ResourceAll represents all resources. - type: array - items: - type: string - verbs: - description: Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds. - type: array - items: - type: string - serviceAccountName: - type: string - strategy: - type: string - installModes: - description: InstallModes specify supported installation types - type: array - items: - description: InstallMode associates an InstallModeType with a flag representing if the CSV supports it - type: object - required: - - supported - - type - properties: - supported: - type: boolean - type: - description: InstallModeType is a supported type of install mode for CSV installation - type: string - keywords: - type: array - items: - type: string - labels: - description: Map of string keys and values that can be used to organize and categorize (scope and select) objects. - type: object - additionalProperties: - type: string - links: - type: array - items: - type: object - properties: - name: - type: string - url: - type: string - maintainers: - type: array - items: - type: object - properties: - email: - type: string - name: - type: string - maturity: - type: string - minKubeVersion: - type: string - nativeAPIs: - type: array - items: - description: GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion to avoid automatic coersion. It doesn't use a GroupVersion to avoid custom marshalling - type: object - required: - - group - - kind - - version - properties: - group: - type: string - kind: - type: string - version: - type: string - provider: - type: object - properties: - name: - type: string - url: - type: string - relatedImages: - description: List any related images, or other container images that your Operator might require to perform their functions. This list should also include operand images as well. All image references should be specified by digest (SHA) and not by tag. This field is only used during catalog creation and plays no part in cluster runtime. - type: array - items: - type: object - required: - - image - - name - properties: - image: - type: string - name: - type: string - replaces: - description: The name of a CSV this one replaces. Should match the `metadata.Name` field of the old CSV. - type: string - selector: - description: Label selector for related resources. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - skips: - description: The name(s) of one or more CSV(s) that should be skipped in the upgrade graph. Should match the `metadata.Name` field of the CSV that should be skipped. This field is only used during catalog creation and plays no part in cluster runtime. - type: array - items: - type: string - version: - description: OperatorVersion is a wrapper around semver.Version which supports correct marshaling to YAML and JSON. - type: string - webhookdefinitions: - type: array - items: - description: WebhookDescription provides details to OLM about required webhooks - type: object - required: - - admissionReviewVersions - - generateName - - sideEffects - - type - properties: - admissionReviewVersions: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - default: 443 - maximum: 65535 - minimum: 1 - conversionCRDs: - type: array - items: - type: string - deploymentName: - type: string - failurePolicy: - type: string - generateName: - type: string - matchPolicy: - description: MatchPolicyType specifies the type of match policy - type: string - objectSelector: - description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - reinvocationPolicy: - description: ReinvocationPolicyType specifies what type of policy the admission hook uses. - type: string - rules: - type: array - items: - description: RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid. - type: object - properties: - apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. - type: array - items: - type: string - apiVersions: - description: APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required. - type: array - items: - type: string - operations: - description: Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required. - type: array - items: - type: string - resources: - description: "Resources is a list of resources this rule applies to. \n For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources. \n If wildcard is present, the validation rule will ensure resources do not overlap with each other. \n Depending on the enclosing object, subresources might not be allowed. Required." - type: array - items: - type: string - scope: - description: scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*". - type: string - sideEffects: - type: string - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - type: integer - format: int32 - type: - description: WebhookAdmissionType is the type of admission webhooks supported by OLM - type: string - enum: - - ValidatingAdmissionWebhook - - MutatingAdmissionWebhook - - ConversionWebhook - webhookPath: - type: string - status: - description: ClusterServiceVersionStatus represents information about the status of a CSV. Status may trail the actual state of a system. - type: object - properties: - certsLastUpdated: - description: Last time the owned APIService certs were updated - type: string - format: date-time - certsRotateAt: - description: Time the owned APIService certs will rotate next - type: string - format: date-time - cleanup: - description: CleanupStatus represents information about the status of cleanup while a CSV is pending deletion - type: object - properties: - pendingDeletion: - description: PendingDeletion is the list of custom resource objects that are pending deletion and blocked on finalizers. This indicates the progress of cleanup that is blocking CSV deletion or operator uninstall. - type: array - items: - description: ResourceList represents a list of resources which are of the same Group/Kind - type: object - required: - - group - - instances - - kind - properties: - group: - type: string - instances: - type: array - items: - type: object - required: - - name - properties: - name: - type: string - namespace: - description: Namespace can be empty for cluster-scoped resources - type: string - kind: - type: string - conditions: - description: List of conditions, a history of state transitions - type: array - items: - description: Conditions appear in the status as a record of state transitions on the ClusterServiceVersion - type: object - properties: - lastTransitionTime: - description: Last time the status transitioned from one status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time we updated the status - type: string - format: date-time - message: - description: A human readable message indicating details about why the ClusterServiceVersion is in this condition. - type: string - phase: - description: Condition of the ClusterServiceVersion - type: string - reason: - description: A brief CamelCase message indicating details about why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' - type: string - lastTransitionTime: - description: Last time the status transitioned from one status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time we updated the status - type: string - format: date-time - message: - description: A human readable message indicating details about why the ClusterServiceVersion is in this condition. - type: string - phase: - description: Current condition of the ClusterServiceVersion - type: string - reason: - description: A brief CamelCase message indicating details about why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' - type: string - requirementStatus: - description: The status of each requirement for this CSV - type: array - items: - type: object - required: - - group - - kind - - message - - name - - status - - version - properties: - dependents: - type: array - items: - description: DependentStatus is the status for a dependent requirement (to prevent infinite nesting) - type: object - required: - - group - - kind - - status - - version - properties: - group: - type: string - kind: - type: string - message: - type: string - status: - description: StatusReason is a camelcased reason for the status of a RequirementStatus or DependentStatus - type: string - uuid: - type: string - version: - type: string - group: - type: string - kind: - type: string - message: - type: string - name: - type: string - status: - description: StatusReason is a camelcased reason for the status of a RequirementStatus or DependentStatus - type: string - uuid: - type: string - version: - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-installplans.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-installplans.crd.yaml deleted file mode 100644 index 6536fe1b79..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-installplans.crd.yaml +++ /dev/null @@ -1,265 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-installplans.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: installplans.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: InstallPlan - listKind: InstallPlanList - plural: installplans - shortNames: - - ip - singular: installplan - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The first CSV in the list of clusterServiceVersionNames - jsonPath: .spec.clusterServiceVersionNames[0] - name: CSV - type: string - - description: The approval mode - jsonPath: .spec.approval - name: Approval - type: string - - jsonPath: .spec.approved - name: Approved - type: boolean - name: v1alpha1 - schema: - openAPIV3Schema: - description: InstallPlan defines the installation of a set of operators. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: InstallPlanSpec defines a set of Application resources to be installed - type: object - required: - - approval - - approved - - clusterServiceVersionNames - properties: - approval: - description: Approval is the user approval policy for an InstallPlan. It must be one of "Automatic" or "Manual". - type: string - approved: - type: boolean - clusterServiceVersionNames: - type: array - items: - type: string - generation: - type: integer - source: - type: string - sourceNamespace: - type: string - status: - description: "InstallPlanStatus represents the information about the status of steps required to complete installation. \n Status may trail the actual state of a system." - type: object - required: - - catalogSources - - phase - properties: - attenuatedServiceAccountRef: - description: AttenuatedServiceAccountRef references the service account that is used to do scoped operator install. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - bundleLookups: - description: BundleLookups is the set of in-progress requests to pull and unpackage bundle content to the cluster. - type: array - items: - description: BundleLookup is a request to pull and unpackage the content of a bundle to the cluster. - type: object - required: - - catalogSourceRef - - identifier - - path - - replaces - properties: - catalogSourceRef: - description: CatalogSourceRef is a reference to the CatalogSource the bundle path was resolved from. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - conditions: - description: Conditions represents the overall state of a BundleLookup. - type: array - items: - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time the condition was probed. - type: string - format: date-time - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - identifier: - description: Identifier is the catalog-unique name of the operator (the name of the CSV for bundles that contain CSVs) - type: string - path: - description: Path refers to the location of a bundle to pull. It's typically an image reference. - type: string - properties: - description: The effective properties of the unpacked bundle. - type: string - replaces: - description: Replaces is the name of the bundle to replace with the one found at Path. - type: string - catalogSources: - type: array - items: - type: string - conditions: - type: array - items: - description: InstallPlanCondition represents the overall status of the execution of an InstallPlan. - type: object - properties: - lastTransitionTime: - type: string - format: date-time - lastUpdateTime: - type: string - format: date-time - message: - type: string - reason: - description: ConditionReason is a camelcased reason for the state transition. - type: string - status: - type: string - type: - description: InstallPlanConditionType describes the state of an InstallPlan at a certain point as a whole. - type: string - message: - description: Message is a human-readable message containing detailed information that may be important to understanding why the plan has its current status. - type: string - phase: - description: InstallPlanPhase is the current status of a InstallPlan as a whole. - type: string - plan: - type: array - items: - description: Step represents the status of an individual step in an InstallPlan. - type: object - required: - - resolving - - resource - - status - properties: - resolving: - type: string - resource: - description: StepResource represents the status of a resource to be tracked by an InstallPlan. - type: object - required: - - group - - kind - - name - - sourceName - - sourceNamespace - - version - properties: - group: - type: string - kind: - type: string - manifest: - type: string - name: - type: string - sourceName: - type: string - sourceNamespace: - type: string - version: - type: string - status: - description: StepStatus is the current status of a particular resource an in InstallPlan - type: string - startTime: - description: StartTime is the time when the controller began applying the resources listed in the plan to the cluster. - type: string - format: date-time - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-namespace.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-namespace.yaml deleted file mode 100644 index 13917074d8..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-namespace.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: olm ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: operators diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-operatorconditions.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-operatorconditions.crd.yaml deleted file mode 100644 index a00ebba628..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-operatorconditions.crd.yaml +++ /dev/null @@ -1,144 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-operatorconditions.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: operatorconditions.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: OperatorCondition - listKind: OperatorConditionList - plural: operatorconditions - shortNames: - - condition - singular: operatorcondition - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: OperatorCondition is a Custom Resource of type `OperatorCondition` which is used to convey information to OLM about the state of an operator. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorConditionSpec allows a cluster admin to convey information about the state of an operator to OLM, potentially overriding state reported by the operator. - type: object - properties: - deployments: - type: array - items: - type: string - overrides: - type: array - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - type: object - required: - - message - - reason - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - type: string - format: date-time - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - type: string - maxLength: 32768 - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - type: integer - format: int64 - minimum: 0 - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - type: string - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - status: - description: status of the condition, one of True, False, Unknown. - type: string - enum: - - "True" - - "False" - - Unknown - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - type: string - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - serviceAccounts: - type: array - items: - type: string - status: - description: OperatorConditionStatus allows an operator to convey information its state to OLM. The status may trail the actual state of a system. - type: object - properties: - conditions: - type: array - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - type: object - required: - - lastTransitionTime - - message - - reason - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - type: string - format: date-time - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - type: string - maxLength: 32768 - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - type: integer - format: int64 - minimum: 0 - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - type: string - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - status: - description: status of the condition, one of True, False, Unknown. - type: string - enum: - - "True" - - "False" - - Unknown - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - type: string - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-operatorgroups.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-operatorgroups.crd.yaml deleted file mode 100644 index f05dca4089..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-operatorgroups.crd.yaml +++ /dev/null @@ -1,235 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-operatorgroups.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: operatorgroups.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: OperatorGroup - listKind: OperatorGroupList - plural: operatorgroups - shortNames: - - og - singular: operatorgroup - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: OperatorGroup is the unit of multitenancy for OLM managed operators. It constrains the installation of operators in its namespace to a specified set of target namespaces. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorGroupSpec is the spec for an OperatorGroup resource. - type: object - properties: - selector: - description: Selector selects the OperatorGroup's target namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - serviceAccountName: - description: ServiceAccountName is the admin specified service account which will be used to deploy operator(s) in this operator group. - type: string - staticProvidedAPIs: - description: Static tells OLM not to update the OperatorGroup's providedAPIs annotation - type: boolean - targetNamespaces: - description: TargetNamespaces is an explicit set of namespaces to target. If it is set, Selector is ignored. - type: array - items: - type: string - x-kubernetes-list-type: set - status: - description: OperatorGroupStatus is the status for an OperatorGroupResource. - type: object - required: - - lastUpdated - properties: - lastUpdated: - description: LastUpdated is a timestamp of the last time the OperatorGroup's status was Updated. - type: string - format: date-time - namespaces: - description: Namespaces is the set of target namespaces for the OperatorGroup. - type: array - items: - type: string - x-kubernetes-list-type: set - serviceAccountRef: - description: ServiceAccountRef references the service account object specified. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: true - subresources: - status: {} - - name: v1alpha2 - schema: - openAPIV3Schema: - description: OperatorGroup is the unit of multitenancy for OLM managed operators. It constrains the installation of operators in its namespace to a specified set of target namespaces. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorGroupSpec is the spec for an OperatorGroup resource. - type: object - properties: - selector: - description: Selector selects the OperatorGroup's target namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - serviceAccountName: - description: ServiceAccountName is the admin specified service account which will be used to deploy operator(s) in this operator group. - type: string - staticProvidedAPIs: - description: Static tells OLM not to update the OperatorGroup's providedAPIs annotation - type: boolean - targetNamespaces: - description: TargetNamespaces is an explicit set of namespaces to target. If it is set, Selector is ignored. - type: array - items: - type: string - status: - description: OperatorGroupStatus is the status for an OperatorGroupResource. - type: object - required: - - lastUpdated - properties: - lastUpdated: - description: LastUpdated is a timestamp of the last time the OperatorGroup's status was Updated. - type: string - format: date-time - namespaces: - description: Namespaces is the set of target namespaces for the OperatorGroup. - type: array - items: - type: string - serviceAccountRef: - description: ServiceAccountRef references the service account object specified. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: false - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-operators.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-operators.crd.yaml deleted file mode 100644 index 31b582b3b8..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-operators.crd.yaml +++ /dev/null @@ -1,140 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-operators.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: operators.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: Operator - listKind: OperatorList - plural: operators - singular: operator - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Operator represents a cluster operator. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorSpec defines the desired state of Operator - type: object - status: - description: OperatorStatus defines the observed state of an Operator and its components - type: object - properties: - components: - description: Components describes resources that compose the operator. - type: object - required: - - labelSelector - properties: - labelSelector: - description: LabelSelector is a label query over a set of resources used to select the operator's components - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - refs: - description: Refs are a set of references to the operator's component resources, selected with LabelSelector. - type: array - items: - description: RichReference is a reference to a resource, enriched with its status conditions. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - conditions: - description: Conditions represents the latest state of the component. - type: array - items: - description: Condition represent the latest available observations of an component's state. - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time the condition was probed - type: string - format: date-time - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-subscriptions.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-subscriptions.crd.yaml deleted file mode 100644 index d9769df42b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_00-subscriptions.crd.yaml +++ /dev/null @@ -1,1344 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-subscriptions.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: subscriptions.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: Subscription - listKind: SubscriptionList - plural: subscriptions - shortNames: - - sub - - subs - singular: subscription - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The package subscribed to - jsonPath: .spec.name - name: Package - type: string - - description: The catalog source for the specified package - jsonPath: .spec.source - name: Source - type: string - - description: The channel of updates to subscribe to - jsonPath: .spec.channel - name: Channel - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Subscription keeps operators up to date by tracking changes to Catalogs. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: SubscriptionSpec defines an Application that can be installed - type: object - required: - - name - - source - - sourceNamespace - properties: - channel: - type: string - config: - description: SubscriptionConfig contains configuration specified for a subscription. - type: object - properties: - env: - description: Env is a list of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - envFrom: - description: EnvFrom is a list of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Immutable. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - nodeSelector: - description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - resources: - description: 'Resources represents compute resources required by this container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - selector: - description: Selector is the label selector for pods to be configured. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment. It must match the pod template's labels. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - tolerations: - description: Tolerations are the pod's tolerations. - type: array - items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . - type: object - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - volumeMounts: - description: List of VolumeMounts to set in the container. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - volumes: - description: List of Volumes to set in the podSpec. - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' - type: integer - format: int32 - readOnly: - description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - azureDisk: - description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - type: object - required: - - diskName - - diskURI - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - azureFile: - description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. - type: object - required: - - secretName - - shareName - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - cephfs: - description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime - type: object - required: - - monitors - properties: - monitors: - description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: array - items: - type: string - path: - description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - user: - description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - cinder: - description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - volumeID: - description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - configMap: - description: ConfigMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys must be defined - type: boolean - csi: - description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - readOnly: - description: Specifies a read-only configuration for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. - type: object - additionalProperties: - type: string - downwardAPI: - description: DownwardAPI represents downward API about the pod that should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: Items is a list of downward API volume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - emptyDir: - description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: object - properties: - medium: - description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - ephemeral: - description: "Ephemeral represents a volume that is handled by a cluster storage driver (Alpha feature). The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." - type: object - properties: - readOnly: - description: Specifies a read-only configuration for the volume. Defaults to false (read/write). - type: boolean - volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." - type: object - required: - - spec - properties: - metadata: - description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. - type: object - spec: - description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. - type: object - properties: - accessModes: - description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - type: array - items: - type: string - dataSource: - description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.' - type: object - required: - - kind - - name - properties: - apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - resources: - description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - selector: - description: A label query over volumes to consider for binding. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - storageClassName: - description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: VolumeName is the binding reference to the PersistentVolume backing this claim. - type: string - fc: - description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - type: object - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - lun: - description: 'Optional: FC target lun number' - type: integer - format: int32 - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - type: array - items: - type: string - wwids: - description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' - type: array - items: - type: string - flexVolume: - description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the driver to use for this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - type: string - options: - description: 'Optional: Extra command options if any.' - type: object - additionalProperties: - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - flocker: - description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - type: object - properties: - datasetName: - description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier of a Flocker dataset - type: string - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: object - required: - - pdName - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: integer - format: int32 - pdName: - description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - gitRepo: - description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' - type: object - required: - - repository - properties: - directory: - description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - type: object - required: - - endpoints - - path - properties: - endpoints: - description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - hostPath: - description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' - type: object - required: - - path - properties: - path: - description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - type: object - required: - - iqn - - lun - - targetPortal - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - type: integer - format: int32 - portals: - description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - type: array - items: - type: string - readOnly: - description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator authentication - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - targetPortal: - description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - type: string - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: object - required: - - path - - server - properties: - path: - description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: object - required: - - claimName - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. Default false. - type: boolean - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - type: object - required: - - pdID - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent disk - type: string - portworxVolume: - description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine - type: object - required: - - volumeID - properties: - fsType: - description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx volume - type: string - projected: - description: Items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: information about the configMap data to project - type: object - properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys must be defined - type: boolean - downwardAPI: - description: information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secret: - description: information about the secret data to project - type: object - properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - serviceAccountToken: - description: information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: Path is the path relative to the mount point of the file to project the token into. - type: string - quobyte: - description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime - type: object - required: - - registry - - volume - properties: - group: - description: Group to map volume access to Default is no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. - type: boolean - registry: - description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to serivceaccount user - type: string - volume: - description: Volume is a string that references an already created Quobyte volume by name. - type: string - rbd: - description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - type: object - required: - - image - - monitors - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: array - items: - type: string - pool: - description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - user: - description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - type: object - required: - - gateway - - secretRef - - system - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - sslEnabled: - description: Flag to enable/disable SSL communication with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with the protection domain. - type: string - system: - description: The name of the storage system as configured in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in the ScaleIO system that is associated with this volume source. - type: string - secret: - description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: Specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - storageos: - description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. - type: object - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - volumeName: - description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. - type: string - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - type: object - required: - - volumePath - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) profile name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - installPlanApproval: - description: Approval is the user approval policy for an InstallPlan. It must be one of "Automatic" or "Manual". - type: string - name: - type: string - source: - type: string - sourceNamespace: - type: string - startingCSV: - type: string - status: - type: object - required: - - lastUpdated - properties: - catalogHealth: - description: CatalogHealth contains the Subscription's view of its relevant CatalogSources' status. It is used to determine SubscriptionStatusConditions related to CatalogSources. - type: array - items: - description: SubscriptionCatalogHealth describes the health of a CatalogSource the Subscription knows about. - type: object - required: - - catalogSourceRef - - healthy - - lastUpdated - properties: - catalogSourceRef: - description: CatalogSourceRef is a reference to a CatalogSource. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - healthy: - description: Healthy is true if the CatalogSource is healthy; false otherwise. - type: boolean - lastUpdated: - description: LastUpdated represents the last time that the CatalogSourceHealth changed - type: string - format: date-time - conditions: - description: Conditions is a list of the latest available observations about a Subscription's current state. - type: array - items: - description: SubscriptionCondition represents the latest available observations of a Subscription's state. - type: object - required: - - status - - type - properties: - lastHeartbeatTime: - description: LastHeartbeatTime is the last time we got an update on a given condition - type: string - format: date-time - lastTransitionTime: - description: LastTransitionTime is the last time the condition transit from one status to another - type: string - format: date-time - message: - description: Message is a human-readable message indicating details about last transition. - type: string - reason: - description: Reason is a one-word CamelCase reason for the condition's last transition. - type: string - status: - description: Status is the status of the condition, one of True, False, Unknown. - type: string - type: - description: Type is the type of Subscription condition. - type: string - currentCSV: - description: CurrentCSV is the CSV the Subscription is progressing to. - type: string - installPlanGeneration: - description: InstallPlanGeneration is the current generation of the installplan - type: integer - installPlanRef: - description: InstallPlanRef is a reference to the latest InstallPlan that contains the Subscription's current CSV. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - installedCSV: - description: InstalledCSV is the CSV currently installed by the Subscription. - type: string - installplan: - description: 'Install is a reference to the latest InstallPlan generated for the Subscription. DEPRECATED: InstallPlanRef' - type: object - required: - - apiVersion - - kind - - name - - uuid - properties: - apiVersion: - type: string - kind: - type: string - name: - type: string - uuid: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. - type: string - lastUpdated: - description: LastUpdated represents the last time that the Subscription status was updated. - type: string - format: date-time - reason: - description: Reason is the reason the Subscription was transitioned to its current state. - type: string - state: - description: State represents the current state of the Subscription - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_01-olm-operator.serviceaccount.yaml deleted file mode 100644 index e21d33d03d..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: olm ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-olm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_07-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_07-olm-operator.deployment.yaml deleted file mode 100644 index e31d319b02..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_07-olm-operator.deployment.yaml +++ /dev/null @@ -1,63 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_07-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: olm - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - args: - - --namespace - - $(OPERATOR_NAMESPACE) - - --writeStatusName - - "" - image: quay.io/operator-framework/olm@sha256:b706ee6583c4c3cf8059d44234c8a4505804adcc742bcddb3d1e2f6eff3d6519 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator - resources: - requests: - cpu: 10m - memory: 160Mi - - - nodeSelector: - kubernetes.io/os: linux diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_08-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_08-catalog-operator.deployment.yaml deleted file mode 100644 index 09f338c0c5..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_08-catalog-operator.deployment.yaml +++ /dev/null @@ -1,58 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_08-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: olm - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - args: - - '-namespace' - - olm - - -configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest - - -util-image - - quay.io/operator-framework/olm@sha256:b706ee6583c4c3cf8059d44234c8a4505804adcc742bcddb3d1e2f6eff3d6519 - image: quay.io/operator-framework/olm@sha256:b706ee6583c4c3cf8059d44234c8a4505804adcc742bcddb3d1e2f6eff3d6519 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - resources: - requests: - cpu: 10m - memory: 80Mi - - - nodeSelector: - kubernetes.io/os: linux diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_09-aggregated.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_09-aggregated.clusterrole.yaml deleted file mode 100644 index e7aa0af341..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_09-aggregated.clusterrole.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["subscriptions"] - verbs: ["create", "update", "patch", "delete"] -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] - verbs: ["delete"] ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "admin", "edit" and "view" default roles - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "operatorgroups"] - verbs: ["get", "list", "watch"] -- apiGroups: ["packages.operators.coreos.com"] - resources: ["packagemanifests", "packagemanifests/icon"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_13-operatorgroup-default.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_13-operatorgroup-default.yaml deleted file mode 100644 index 56f5bca2bd..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_13-operatorgroup-default.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: global-operators - namespace: operators ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: olm-operators - namespace: olm -spec: - targetNamespaces: - - olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_15-packageserver.clusterserviceversion.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_15-packageserver.clusterserviceversion.yaml deleted file mode 100644 index 60da069c85..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_15-packageserver.clusterserviceversion.yaml +++ /dev/null @@ -1,135 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_15-packageserver.clusterserviceversion.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - name: packageserver - namespace: olm - labels: - olm.version: 0.18.1 -spec: - displayName: Package Server - description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion. - minKubeVersion: 1.11.0 - keywords: ['packagemanifests', 'olm', 'packages'] - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - provider: - name: Red Hat - links: - - name: Package Server - url: https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/package-server - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: true - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - clusterPermissions: - - serviceAccountName: olm-operator-serviceaccount - rules: - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - get - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "operators.coreos.com" - resources: - - catalogsources - verbs: - - get - - list - - watch - - apiGroups: - - "packages.operators.coreos.com" - resources: - - packagemanifests - verbs: - - get - - list - deployments: - - name: packageserver - spec: - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - maxSurge: 1 - replicas: 2 - selector: - matchLabels: - app: packageserver - template: - metadata: - labels: - app: packageserver - spec: - serviceAccountName: olm-operator-serviceaccount - nodeSelector: - kubernetes.io/os: linux - containers: - - name: packageserver - command: - - /bin/package-server - - -v=4 - - --secure-port - - "5443" - - --global-namespace - - olm - image: quay.io/operator-framework/olm@sha256:b706ee6583c4c3cf8059d44234c8a4505804adcc742bcddb3d1e2f6eff3d6519 - imagePullPolicy: Always - ports: - - containerPort: 5443 - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - terminationMessagePolicy: FallbackToLogsOnError - resources: - requests: - cpu: 10m - memory: 50Mi - securityContext: - runAsUser: 1000 - volumeMounts: - - name: tmpfs - mountPath: /tmp - volumes: - - name: tmpfs - emptyDir: {} - maturity: alpha - version: 0.18.1 - apiservicedefinitions: - owned: - - group: packages.operators.coreos.com - version: v1 - kind: PackageManifest - name: packagemanifests - displayName: PackageManifest - description: A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps - deploymentName: packageserver - containerPort: 5443 diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_17-upstream-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_17-upstream-operators.catalogsource.yaml deleted file mode 100644 index 559b4dc719..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.1/0000_50_olm_17-upstream-operators.catalogsource.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_17-upstream-operators.catalogsource.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: operatorhubio-catalog - namespace: olm -spec: - sourceType: grpc - image: quay.io/operatorhubio/catalog:latest - displayName: Community Operators - publisher: OperatorHub.io diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-catalogsources.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-catalogsources.crd.yaml deleted file mode 100644 index 2c1efc61dd..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-catalogsources.crd.yaml +++ /dev/null @@ -1,169 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-catalogsources.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: catalogsources.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: CatalogSource - listKind: CatalogSourceList - plural: catalogsources - shortNames: - - catsrc - singular: catalogsource - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The pretty name of the catalog - jsonPath: .spec.displayName - name: Display - type: string - - description: The type of the catalog - jsonPath: .spec.sourceType - name: Type - type: string - - description: The publisher of the catalog - jsonPath: .spec.publisher - name: Publisher - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1alpha1 - schema: - openAPIV3Schema: - description: CatalogSource is a repository of CSVs, CRDs, and operator packages. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - required: - - sourceType - properties: - address: - description: 'Address is a host that OLM can use to connect to a pre-existing registry. Format: : Only used when SourceType = SourceTypeGrpc. Ignored when the Image field is set.' - type: string - configMap: - description: ConfigMap is the name of the ConfigMap to be used to back a configmap-server registry. Only used when SourceType = SourceTypeConfigmap or SourceTypeInternal. - type: string - description: - type: string - displayName: - description: Metadata - type: string - icon: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - mediatype: - type: string - image: - description: Image is an operator-registry container image to instantiate a registry-server with. Only used when SourceType = SourceTypeGrpc. If present, the address field is ignored. - type: string - priority: - description: 'Priority field assigns a weight to the catalog source to prioritize them so that it can be consumed by the dependency resolver. Usage: Higher weight indicates that this catalog source is preferred over lower weighted catalog sources during dependency resolution. The range of the priority value can go from positive to negative in the range of int32. The default value to a catalog source with unassigned priority would be 0. The catalog source with the same priority values will be ranked lexicographically based on its name.' - type: integer - publisher: - type: string - secrets: - description: Secrets represent set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. - type: array - items: - type: string - sourceType: - description: SourceType is the type of source - type: string - updateStrategy: - description: UpdateStrategy defines how updated catalog source images can be discovered Consists of an interval that defines polling duration and an embedded strategy type - type: object - properties: - registryPoll: - type: object - properties: - interval: - description: Interval is used to determine the time interval between checks of the latest catalog source version. The catalog operator polls to see if a new version of the catalog source is available. If available, the latest image is pulled and gRPC traffic is directed to the latest catalog source. - type: string - status: - type: object - properties: - configMapReference: - type: object - required: - - name - - namespace - properties: - lastUpdateTime: - type: string - format: date-time - name: - type: string - namespace: - type: string - resourceVersion: - type: string - uid: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. - type: string - connectionState: - type: object - required: - - lastObservedState - properties: - address: - type: string - lastConnect: - type: string - format: date-time - lastObservedState: - type: string - latestImageRegistryPoll: - description: The last time the CatalogSource image registry has been polled to ensure the image is up-to-date - type: string - format: date-time - message: - description: A human readable message indicating details about why the CatalogSource is in this condition. - type: string - reason: - description: Reason is the reason the CatalogSource was transitioned to its current state. - type: string - registryService: - type: object - properties: - createdAt: - type: string - format: date-time - port: - type: string - protocol: - type: string - serviceName: - type: string - serviceNamespace: - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-clusterserviceversions.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-clusterserviceversions.crd.yaml deleted file mode 100644 index 394924902a..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-clusterserviceversions.crd.yaml +++ /dev/null @@ -1,4841 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-clusterserviceversions.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: clusterserviceversions.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - plural: clusterserviceversions - shortNames: - - csv - - csvs - singular: clusterserviceversion - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The name of the CSV - jsonPath: .spec.displayName - name: Display - type: string - - description: The version of the CSV - jsonPath: .spec.version - name: Version - type: string - - description: The name of a CSV that this one replaces - jsonPath: .spec.replaces - name: Replaces - type: string - - jsonPath: .status.phase - name: Phase - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: ClusterServiceVersion is a Custom Resource of type `ClusterServiceVersionSpec`. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ClusterServiceVersionSpec declarations tell OLM how to install an operator that can manage apps for a given version. - type: object - required: - - displayName - - install - properties: - annotations: - description: Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. - type: object - additionalProperties: - type: string - apiservicedefinitions: - description: APIServiceDefinitions declares all of the extension apis managed or required by an operator being ran by ClusterServiceVersion. - type: object - properties: - owned: - type: array - items: - description: APIServiceDescription provides details to OLM about apis provided via aggregation - type: object - required: - - group - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - description: - type: string - displayName: - type: string - group: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - required: - type: array - items: - description: APIServiceDescription provides details to OLM about apis provided via aggregation - type: object - required: - - group - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - deploymentName: - type: string - description: - type: string - displayName: - type: string - group: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - cleanup: - description: Cleanup specifies the cleanup behaviour when the CSV gets deleted - type: object - required: - - enabled - properties: - enabled: - type: boolean - customresourcedefinitions: - description: "CustomResourceDefinitions declares all of the CRDs managed or required by an operator being ran by ClusterServiceVersion. \n If the CRD is present in the Owned list, it is implicitly required." - type: object - properties: - owned: - type: array - items: - description: CRDDescription provides details to OLM about the CRDs - type: object - required: - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - description: - type: string - displayName: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - required: - type: array - items: - description: CRDDescription provides details to OLM about the CRDs - type: object - required: - - kind - - name - - version - properties: - actionDescriptors: - type: array - items: - description: ActionDescriptor describes a declarative action that can be performed on a custom resource instance - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - description: - type: string - displayName: - type: string - kind: - type: string - name: - type: string - resources: - type: array - items: - description: APIResourceReference is a Kubernetes resource type used by a custom resource - type: object - required: - - kind - - name - - version - properties: - kind: - type: string - name: - type: string - version: - type: string - specDescriptors: - type: array - items: - description: SpecDescriptor describes a field in a spec block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - statusDescriptors: - type: array - items: - description: StatusDescriptor describes a field in a status block of a CRD so that OLM can consume it - type: object - required: - - path - properties: - description: - type: string - displayName: - type: string - path: - type: string - value: - description: RawMessage is a raw encoded JSON value. It implements Marshaler and Unmarshaler and can be used to delay JSON decoding or precompute a JSON encoding. - type: string - format: byte - x-descriptors: - type: array - items: - type: string - version: - type: string - description: - type: string - displayName: - type: string - icon: - type: array - items: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - mediatype: - type: string - install: - description: NamedInstallStrategy represents the block of an ClusterServiceVersion resource where the install strategy is specified. - type: object - required: - - strategy - properties: - spec: - description: StrategyDetailsDeployment represents the parsed details of a Deployment InstallStrategy. - type: object - required: - - deployments - properties: - clusterPermissions: - type: array - items: - description: StrategyDeploymentPermissions describe the rbac rules and service account needed by the install strategy - type: object - required: - - rules - - serviceAccountName - properties: - rules: - type: array - items: - description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. - type: object - required: - - verbs - properties: - apiGroups: - description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. - type: array - items: - type: string - nonResourceURLs: - description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. - type: array - items: - type: string - resourceNames: - description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. - type: array - items: - type: string - resources: - description: Resources is a list of resources this rule applies to. ResourceAll represents all resources. - type: array - items: - type: string - verbs: - description: Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds. - type: array - items: - type: string - serviceAccountName: - type: string - deployments: - type: array - items: - description: StrategyDeploymentSpec contains the name, spec and labels for the deployment ALM should create - type: object - required: - - name - - spec - properties: - label: - description: Set is a map of label:value. It implements Labels. - type: object - additionalProperties: - type: string - name: - type: string - spec: - description: DeploymentSpec is the specification of the desired behavior of the Deployment. - type: object - required: - - selector - - template - properties: - minReadySeconds: - description: Minimum number of seconds for which a newly created pod should be ready without any of its container crashing, for it to be considered available. Defaults to 0 (pod will be considered available as soon as it is ready) - type: integer - format: int32 - paused: - description: Indicates that the deployment is paused. - type: boolean - progressDeadlineSeconds: - description: The maximum time in seconds for a deployment to make progress before it is considered to be failed. The deployment controller will continue to process failed deployments and a condition with a ProgressDeadlineExceeded reason will be surfaced in the deployment status. Note that progress will not be estimated during the time a deployment is paused. Defaults to 600s. - type: integer - format: int32 - replicas: - description: Number of desired pods. This is a pointer to distinguish between explicit zero and not specified. Defaults to 1. - type: integer - format: int32 - revisionHistoryLimit: - description: The number of old ReplicaSets to retain to allow rollback. This is a pointer to distinguish between explicit zero and not specified. Defaults to 10. - type: integer - format: int32 - selector: - description: Label selector for pods. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment. It must match the pod template's labels. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - strategy: - description: The deployment strategy to use to replace existing pods with new ones. - type: object - properties: - rollingUpdate: - description: 'Rolling update config params. Present only if DeploymentStrategyType = RollingUpdate. --- TODO: Update this to follow our convention for oneOf, whatever we decide it to be.' - type: object - properties: - maxSurge: - description: 'The maximum number of pods that can be scheduled above the desired number of pods. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). This can not be 0 if MaxUnavailable is 0. Absolute number is calculated from percentage by rounding up. Defaults to 25%. Example: when this is set to 30%, the new ReplicaSet can be scaled up immediately when the rolling update starts, such that the total number of old and new pods do not exceed 130% of desired pods. Once old pods have been killed, new ReplicaSet can be scaled up further, ensuring that total number of pods running at any time during the update is at most 130% of desired pods.' - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - maxUnavailable: - description: 'The maximum number of pods that can be unavailable during the update. Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). Absolute number is calculated from percentage by rounding down. This can not be 0 if MaxSurge is 0. Defaults to 25%. Example: when this is set to 30%, the old ReplicaSet can be scaled down to 70% of desired pods immediately when the rolling update starts. Once new pods are ready, old ReplicaSet can be scaled down further, followed by scaling up the new ReplicaSet, ensuring that the total number of pods available at all times during the update is at least 70% of desired pods.' - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - type: - description: Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. - type: string - template: - description: Template describes the pods that will be created. - type: object - properties: - metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - x-kubernetes-preserve-unknown-fields: true - spec: - description: 'Specification of the desired behavior of the pod. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - type: object - required: - - containers - properties: - activeDeadlineSeconds: - description: Optional duration in seconds the pod may be active on the node relative to StartTime before the system will actively try to mark it failed and kill associated containers. Value must be a positive integer. - type: integer - format: int64 - affinity: - description: If specified, the pod's scheduling constraints - type: object - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node matches the corresponding matchExpressions; the node(s) with the highest sum are the most preferred. - type: array - items: - description: An empty preferred scheduling term matches all objects with implicit weight 0 (i.e. it's a no-op). A null preferred scheduling term matches no objects (i.e. is also a no-op). - type: object - required: - - preference - - weight - properties: - preference: - description: A node selector term, associated with the corresponding weight. - type: object - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchFields: - description: A list of node selector requirements by node's fields. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - weight: - description: Weight associated with matching the corresponding nodeSelectorTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to an update), the system may or may not try to eventually evict the pod from its node. - type: object - required: - - nodeSelectorTerms - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The terms are ORed. - type: array - items: - description: A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm. - type: object - properties: - matchExpressions: - description: A list of node selector requirements by node's labels. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchFields: - description: A list of node selector requirements by node's fields. - type: array - items: - description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector applies to. - type: string - operator: - description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. - type: array - items: - type: string - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate this pod in the same node, zone, etc. as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. avoid putting this pod in the same node, zone, etc. as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes that satisfy the anti-affinity expressions specified by this field, but it may choose a node that violates one or more of the expressions. The node that is most preferred is the one with the greatest sum of weights, i.e. for each node that meets all of the scheduling requirements (resource request, requiredDuringScheduling anti-affinity expressions, etc.), compute a sum by iterating through the elements of this field and adding "weight" to the sum if the node has pods which matches the corresponding podAffinityTerm; the node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm fields are added per-node to find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - weight: - description: weight associated with matching the corresponding podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by this field are not met at scheduling time, the pod will not be scheduled onto the node. If the anti-affinity requirements specified by this field cease to be met at some point during pod execution (e.g. due to a pod label update), the system may or may not try to eventually evict the pod from its node. When there are multiple elements, the lists of nodes corresponding to each podAffinityTerm are intersected, i.e. all terms must be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key matches that of any node on which a pod of the set of pods is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies which namespaces the labelSelector applies to (matches against); null or empty list means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) or not co-located (anti-affinity) with the pods matching the labelSelector in the specified namespaces, where co-located is defined as running on a node whose value of the label with key topologyKey matches that of any node on which any of the selected pods is running. Empty topologyKey is not allowed. - type: string - automountServiceAccountToken: - description: AutomountServiceAccountToken indicates whether a service account token should be automatically mounted. - type: boolean - containers: - description: List of containers belonging to the pod. Containers cannot currently be added or removed. There must be at least one container in a Pod. Cannot be updated. - type: array - items: - description: A single application container that you want to run within a pod. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. - type: object - properties: - postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. - type: array - items: - description: volumeDevice describes a mapping of a raw block device within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - dnsConfig: - description: Specifies the DNS parameters of a pod. Parameters specified here will be merged to the generated DNS configuration based on DNSPolicy. - type: object - properties: - nameservers: - description: A list of DNS name server IP addresses. This will be appended to the base nameservers generated from DNSPolicy. Duplicated nameservers will be removed. - type: array - items: - type: string - options: - description: A list of DNS resolver options. This will be merged with the base options generated from DNSPolicy. Duplicated entries will be removed. Resolution options given in Options will override those that appear in the base DNSPolicy. - type: array - items: - description: PodDNSConfigOption defines DNS resolver options of a pod. - type: object - properties: - name: - description: Required. - type: string - value: - type: string - searches: - description: A list of DNS search domains for host-name lookup. This will be appended to the base search paths generated from DNSPolicy. Duplicated search paths will be removed. - type: array - items: - type: string - dnsPolicy: - description: Set DNS policy for the pod. Defaults to "ClusterFirst". Valid values are 'ClusterFirstWithHostNet', 'ClusterFirst', 'Default' or 'None'. DNS parameters given in DNSConfig will be merged with the policy selected with DNSPolicy. To have DNS options set along with hostNetwork, you have to specify DNS policy explicitly to 'ClusterFirstWithHostNet'. - type: string - enableServiceLinks: - description: 'EnableServiceLinks indicates whether information about services should be injected into pod''s environment variables, matching the syntax of Docker links. Optional: Defaults to true.' - type: boolean - ephemeralContainers: - description: List of ephemeral containers run in this pod. Ephemeral containers may be run in an existing pod to perform user-initiated actions such as debugging. This list cannot be specified when creating a pod, and it cannot be modified by updating the pod spec. In order to add an ephemeral container to an existing pod, use the pod's ephemeralcontainers subresource. This field is alpha-level and is only honored by servers that enable the EphemeralContainers feature. - type: array - items: - description: An EphemeralContainer is a container that may be added temporarily to an existing pod for user-initiated activities such as debugging. Ephemeral containers have no resource or scheduling guarantees, and they will not be restarted when they exit or when a pod is removed or restarted. If an ephemeral container causes a pod to exceed its resource allocation, the pod may be evicted. Ephemeral containers may not be added by directly updating the pod spec. They must be added via the pod's ephemeralcontainers subresource, and they will appear in the pod spec once added. This is an alpha feature enabled by the EphemeralContainers feature flag. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle is not allowed for ephemeral containers. - type: object - properties: - postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: Probes are not allowed for ephemeral containers. - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the ephemeral container specified as a DNS_LABEL. This name must be unique among all containers, init containers and ephemeral containers. - type: string - ports: - description: Ports are not allowed for ephemeral containers. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - readinessProbe: - description: Probes are not allowed for ephemeral containers. - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: Resources are not allowed for ephemeral containers. Ephemeral containers use spare resources already allocated to the pod. - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: SecurityContext is not allowed for ephemeral containers. - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - startupProbe: - description: Probes are not allowed for ephemeral containers. - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - targetContainerName: - description: If set, the name of the container from PodSpec that this ephemeral container targets. The ephemeral container will be run in the namespaces (IPC, PID, etc) of this container. If not set then the ephemeral container is run in whatever namespaces are shared for the pod. Note that the container runtime must support this feature. - type: string - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. - type: array - items: - description: volumeDevice describes a mapping of a raw block device within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - hostAliases: - description: HostAliases is an optional list of hosts and IPs that will be injected into the pod's hosts file if specified. This is only valid for non-hostNetwork pods. - type: array - items: - description: HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the pod's hosts file. - type: object - properties: - hostnames: - description: Hostnames for the above IP address. - type: array - items: - type: string - ip: - description: IP address of the host file entry. - type: string - hostIPC: - description: 'Use the host''s ipc namespace. Optional: Default to false.' - type: boolean - hostNetwork: - description: Host networking requested for this pod. Use the host's network namespace. If this option is set, the ports that will be used must be specified. Default to false. - type: boolean - hostPID: - description: 'Use the host''s pid namespace. Optional: Default to false.' - type: boolean - hostname: - description: Specifies the hostname of the Pod If not specified, the pod's hostname will be set to a system-defined value. - type: string - imagePullSecrets: - description: 'ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honored. More info: https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod' - type: array - items: - description: LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - initContainers: - description: 'List of initialization containers belonging to the pod. Init containers are executed in order prior to containers being started. If any init container fails, the pod is considered to have failed and is handled according to its restartPolicy. The name for an init container or normal container must be unique among all containers. Init containers may not have Lifecycle actions, Readiness probes, Liveness probes, or Startup probes. The resourceRequirements of an init container are taken into account during scheduling by finding the highest request/limit for each resource type, and then using the max of of that value or the sum of the normal containers. Limits are applied to init containers in a similar fashion. Init containers cannot currently be added or removed. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/' - type: array - items: - description: A single application container that you want to run within a pod. - type: object - required: - - name - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s CMD is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - command: - description: 'Entrypoint array. Not executed within a shell. The docker image''s ENTRYPOINT is used if this is not provided. Variable references $(VAR_NAME) are expanded using the container''s environment. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - type: array - items: - type: string - env: - description: List of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - envFrom: - description: List of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Cannot be updated. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images This field is optional to allow higher level config management to default or override container images in workload controllers like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. Defaults to Always if :latest tag is specified, or IfNotPresent otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Actions that the management system should take in response to container lifecycle events. Cannot be updated. - type: object - properties: - postStart: - description: 'PostStart is called immediately after a container is created. If the handler fails, the container is terminated and restarted according to its restart policy. Other management of the container blocks until the hook completes. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preStop: - description: 'PreStop is called immediately before a container is terminated due to an API request or management event such as liveness/startup probe failure, preemption, resource contention, etc. The handler is not called if the container crashes or exits. The reason for termination is passed to the handler. The Pod''s termination grace period countdown begins before the PreStop hooked is executed. Regardless of the outcome of the handler, the container will eventually terminate within the Pod''s termination grace period. Other management of the container blocks until the hook completes or until the termination grace period is reached. More info: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - livenessProbe: - description: 'Periodic probe of container liveness. Container will be restarted if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - name: - description: Name of the container specified as a DNS_LABEL. Each container in a pod must have a unique name (DNS_LABEL). Cannot be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing a port here gives the system additional information about the network connections a container uses, but is primarily informational. Not specifying a port here DOES NOT prevent that port from being exposed. Any port which is listening on the default "0.0.0.0" address inside a container will be accessible from the network. Cannot be updated. - type: array - items: - description: ContainerPort represents a network port in a single container. - type: object - required: - - containerPort - properties: - containerPort: - description: Number of port to expose on the pod's IP address. This must be a valid port number, 0 < x < 65536. - type: integer - format: int32 - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, this must be a valid port number, 0 < x < 65536. If HostNetwork is specified, this must match ContainerPort. Most containers do not need this. - type: integer - format: int32 - name: - description: If specified, this must be an IANA_SVC_NAME and unique within the pod. Each named port in a pod must have a unique name. Name for the port that can be referred to by services. - type: string - protocol: - description: Protocol for port. Must be UDP, TCP, or SCTP. Defaults to "TCP". - type: string - default: TCP - x-kubernetes-list-map-keys: - - containerPort - - protocol - x-kubernetes-list-type: map - readinessProbe: - description: 'Periodic probe of container service readiness. Container will be removed from service endpoints if the probe fails. Cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - resources: - description: 'Compute Resources required by this container. Cannot be updated. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - securityContext: - description: 'Security options the pod should run with. More info: https://kubernetes.io/docs/concepts/policy/security-context/ More info: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/' - type: object - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a process can gain more privileges than its parent process. This bool directly controls if the no_new_privs flag will be set on the container process. AllowPrivilegeEscalation is true always when the container is: 1) run as Privileged 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: The capabilities to add/drop when running containers. Defaults to the default set of capabilities granted by the container runtime. - type: object - properties: - add: - description: Added capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - drop: - description: Removed capabilities - type: array - items: - description: Capability represent POSIX capabilities type - type: string - privileged: - description: Run container in privileged mode. Processes in privileged containers are essentially equivalent to root on the host. Defaults to false. - type: boolean - procMount: - description: procMount denotes the type of proc mount to use for the containers. The default is DefaultProcMount which uses the container runtime defaults for readonly paths and masked paths. This requires the ProcMountType feature flag to be enabled. - type: string - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context to be applied to the container. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - seccompProfile: - description: The seccomp options to use by this container. If seccomp options are provided at both the pod & container level, the container options override the pod options. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options from the PodSecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - startupProbe: - description: 'StartupProbe indicates that the Pod has successfully initialized. If specified, no other probes are executed until this completes successfully. If this probe fails, the Pod will be restarted, just as if the livenessProbe failed. This can be used to provide different probe parameters at the beginning of a Pod''s lifecycle, when it might take a long time to load data or warm a cache, than during steady-state operation. This cannot be updated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: object - properties: - exec: - description: One and only one of the following should be specified. Exec specifies the action to take. - type: object - properties: - command: - description: Command is the command line to execute inside the container, the working directory for the command is root ('/') in the container's filesystem. The command is simply exec'd, it is not run inside a shell, so traditional shell instructions ('|', etc) won't work. To use a shell, you need to explicitly call out to that shell. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - type: array - items: - type: string - failureThreshold: - description: Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3. Minimum value is 1. - type: integer - format: int32 - httpGet: - description: HTTPGet specifies the http request to perform. - type: object - required: - - port - properties: - host: - description: Host name to connect to, defaults to the pod IP. You probably want to set "Host" in httpHeaders instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP allows repeated headers. - type: array - items: - description: HTTPHeader describes a custom header to be used in HTTP probes - type: object - required: - - name - - value - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - path: - description: Path to access on the HTTP server. - type: string - port: - description: Name or number of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - scheme: - description: Scheme to use for connecting to the host. Defaults to HTTP. - type: string - initialDelaySeconds: - description: 'Number of seconds after the container has started before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - periodSeconds: - description: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1. - type: integer - format: int32 - successThreshold: - description: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness and startup. Minimum value is 1. - type: integer - format: int32 - tcpSocket: - description: 'TCPSocket specifies an action involving a TCP port. TCP hooks not yet supported TODO: implement a realistic TCP lifecycle hook' - type: object - required: - - port - properties: - host: - description: 'Optional: Host name to connect to, defaults to the pod IP.' - type: string - port: - description: Number or name of the port to access on the container. Number must be in the range 1 to 65535. Name must be an IANA_SVC_NAME. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - description: 'Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - type: integer - format: int32 - stdin: - description: Whether this container should allocate a buffer for stdin in the container runtime. If this is not set, reads from stdin in the container will always result in EOF. Default is false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin channel after it has been opened by a single attach. When stdin is true the stdin stream will remain open across multiple attach sessions. If stdinOnce is set to true, stdin is opened on container start, is empty until the first client attaches to stdin, and then remains open and accepts data until the client disconnects, at which time stdin is closed and remains closed until the container is restarted. If this flag is false, a container processes that reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s termination message will be written is mounted into the container''s filesystem. Message written is intended to be brief final status, such as an assertion failure message. Will be truncated by the node if greater than 4096 bytes. The total message length across all containers will be limited to 12kb. Defaults to /dev/termination-log. Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. File will use the contents of terminationMessagePath to populate the container status message on both success and failure. FallbackToLogsOnError will use the last chunk of container log output if the termination message file is empty and the container exited with an error. The log output is limited to 2048 bytes or 80 lines, whichever is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be used by the container. - type: array - items: - description: volumeDevice describes a mapping of a raw block device within a container. - type: object - required: - - devicePath - - name - properties: - devicePath: - description: devicePath is the path inside of the container that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim in the pod - type: string - volumeMounts: - description: Pod volumes to mount into the container's filesystem. Cannot be updated. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - workingDir: - description: Container's working directory. If not specified, the container runtime's default will be used, which might be configured in the container image. Cannot be updated. - type: string - nodeName: - description: NodeName is a request to schedule this pod onto a specific node. If it is non-empty, the scheduler simply schedules this pod onto that node, assuming that it fits resource requirements. - type: string - nodeSelector: - description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - overhead: - description: 'Overhead represents the resource overhead associated with running a pod for a given RuntimeClass. This field will be autopopulated at admission time by the RuntimeClass admission controller. If the RuntimeClass admission controller is enabled, overhead must not be set in Pod create requests. The RuntimeClass admission controller will reject Pod create requests which have the overhead already set. If RuntimeClass is configured and selected in the PodSpec, Overhead will be set to the value defined in the corresponding RuntimeClass, otherwise it will remain unset and treated as zero. More info: https://git.k8s.io/enhancements/keps/sig-node/20190226-pod-overhead.md This field is alpha-level as of Kubernetes v1.16, and is only honored by servers that enable the PodOverhead feature.' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - preemptionPolicy: - description: PreemptionPolicy is the Policy for preempting pods with lower priority. One of Never, PreemptLowerPriority. Defaults to PreemptLowerPriority if unset. This field is beta-level, gated by the NonPreemptingPriority feature-gate. - type: string - priority: - description: The priority value. Various system components use this field to find the priority of the pod. When Priority Admission Controller is enabled, it prevents users from setting this field. The admission controller populates this field from PriorityClassName. The higher the value, the higher the priority. - type: integer - format: int32 - priorityClassName: - description: If specified, indicates the pod's priority. "system-node-critical" and "system-cluster-critical" are two special keywords which indicate the highest priorities with the former being the highest priority. Any other name must be defined by creating a PriorityClass object with that name. If not specified, the pod priority will be default or zero if there is no default. - type: string - readinessGates: - description: 'If specified, all readiness gates will be evaluated for pod readiness. A pod is ready when all its containers are ready AND all conditions specified in the readiness gates have status equal to "True" More info: https://git.k8s.io/enhancements/keps/sig-network/0007-pod-ready%2B%2B.md' - type: array - items: - description: PodReadinessGate contains the reference to a pod condition - type: object - required: - - conditionType - properties: - conditionType: - description: ConditionType refers to a condition in the pod's condition list with matching type. - type: string - restartPolicy: - description: 'Restart policy for all containers within the pod. One of Always, OnFailure, Never. Default to Always. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy' - type: string - runtimeClassName: - description: 'RuntimeClassName refers to a RuntimeClass object in the node.k8s.io group, which should be used to run this pod. If no RuntimeClass resource matches the named class, the pod will not be run. If unset or empty, the "legacy" RuntimeClass will be used, which is an implicit class with an empty definition that uses the default runtime handler. More info: https://git.k8s.io/enhancements/keps/sig-node/runtime-class.md This is a beta feature as of Kubernetes v1.14.' - type: string - schedulerName: - description: If specified, the pod will be dispatched by specified scheduler. If not specified, the pod will be dispatched by default scheduler. - type: string - securityContext: - description: 'SecurityContext holds pod-level security attributes and common container settings. Optional: Defaults to empty. See type description for default values of each field.' - type: object - properties: - fsGroup: - description: "A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: \n 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- \n If unset, the Kubelet will not modify the ownership and permissions of any volume." - type: integer - format: int64 - fsGroupChangePolicy: - description: 'fsGroupChangePolicy defines behavior of changing ownership and permission of the volume before being exposed inside Pod. This field will only apply to volume types which support fsGroup based ownership(and permissions). It will have no effect on ephemeral volume types such as: secret, configmaps and emptydir. Valid values are "OnRootMismatch" and "Always". If not specified, "Always" is used.' - type: string - runAsGroup: - description: The GID to run the entrypoint of the container process. Uses runtime default if unset. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - type: integer - format: int64 - runAsNonRoot: - description: Indicates that the container must run as a non-root user. If true, the Kubelet will validate the image at runtime to ensure that it does not run as UID 0 (root) and fail to start the container if it does. If unset or false, no such validation will be performed. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. Defaults to user specified in image metadata if unspecified. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - type: integer - format: int64 - seLinuxOptions: - description: The SELinux context to be applied to all containers. If unspecified, the container runtime will allocate a random SELinux context for each container. May also be set in SecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence for that container. - type: object - properties: - level: - description: Level is SELinux level label that applies to the container. - type: string - role: - description: Role is a SELinux role label that applies to the container. - type: string - type: - description: Type is a SELinux type label that applies to the container. - type: string - user: - description: User is a SELinux user label that applies to the container. - type: string - seccompProfile: - description: The seccomp options to use by the containers in this pod. - type: object - required: - - type - properties: - localhostProfile: - description: localhostProfile indicates a profile defined in a file on the node should be used. The profile must be preconfigured on the node to work. Must be a descending path, relative to the kubelet's configured seccomp profile location. Must only be set if type is "Localhost". - type: string - type: - description: "type indicates which kind of seccomp profile will be applied. Valid options are: \n Localhost - a profile defined in a file on the node should be used. RuntimeDefault - the container runtime default profile should be used. Unconfined - no profile should be applied." - type: string - supplementalGroups: - description: A list of groups applied to the first process run in each container, in addition to the container's primary GID. If unspecified, no groups will be added to any container. - type: array - items: - type: integer - format: int64 - sysctls: - description: Sysctls hold a list of namespaced sysctls used for the pod. Pods with unsupported sysctls (by the container runtime) might fail to launch. - type: array - items: - description: Sysctl defines a kernel parameter to be set - type: object - required: - - name - - value - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - windowsOptions: - description: The Windows specific settings applied to all containers. If unspecified, the options within a container's SecurityContext will be used. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: object - properties: - gmsaCredentialSpec: - description: GMSACredentialSpec is where the GMSA admission webhook (https://github.com/kubernetes-sigs/windows-gmsa) inlines the contents of the GMSA credential spec named by the GMSACredentialSpecName field. - type: string - gmsaCredentialSpecName: - description: GMSACredentialSpecName is the name of the GMSA credential spec to use. - type: string - runAsUserName: - description: The UserName in Windows to run the entrypoint of the container process. Defaults to the user specified in image metadata if unspecified. May also be set in PodSecurityContext. If set in both SecurityContext and PodSecurityContext, the value specified in SecurityContext takes precedence. - type: string - serviceAccount: - description: 'DeprecatedServiceAccount is a depreciated alias for ServiceAccountName. Deprecated: Use serviceAccountName instead.' - type: string - serviceAccountName: - description: 'ServiceAccountName is the name of the ServiceAccount to use to run this pod. More info: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/' - type: string - setHostnameAsFQDN: - description: If true the pod's hostname will be configured as the pod's FQDN, rather than the leaf name (the default). In Linux containers, this means setting the FQDN in the hostname field of the kernel (the nodename field of struct utsname). In Windows containers, this means setting the registry value of hostname for the registry key HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters to FQDN. If a pod does not have FQDN, this has no effect. Default to false. - type: boolean - shareProcessNamespace: - description: 'Share a single process namespace between all of the containers in a pod. When this is set containers will be able to view and signal processes from other containers in the same pod, and the first process in each container will not be assigned PID 1. HostPID and ShareProcessNamespace cannot both be set. Optional: Default to false.' - type: boolean - subdomain: - description: If specified, the fully qualified Pod hostname will be "...svc.". If not specified, the pod will not have a domainname at all. - type: string - terminationGracePeriodSeconds: - description: Optional duration in seconds the pod needs to terminate gracefully. May be decreased in delete request. Value must be non-negative integer. The value zero indicates delete immediately. If this value is nil, the default grace period will be used instead. The grace period is the duration in seconds after the processes running in the pod are sent a termination signal and the time when the processes are forcibly halted with a kill signal. Set this value longer than the expected cleanup time for your process. Defaults to 30 seconds. - type: integer - format: int64 - tolerations: - description: If specified, the pod's tolerations. - type: array - items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . - type: object - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - topologySpreadConstraints: - description: TopologySpreadConstraints describes how a group of pods ought to spread across topology domains. Scheduler will schedule pods in a way which abides by the constraints. All topologySpreadConstraints are ANDed. - type: array - items: - description: TopologySpreadConstraint specifies how to spread matching pods among the given topology. - type: object - required: - - maxSkew - - topologyKey - - whenUnsatisfiable - properties: - labelSelector: - description: LabelSelector is used to find matching pods. Pods that match this label selector are counted to determine the number of pods in their corresponding topology domain. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - maxSkew: - description: 'MaxSkew describes the degree to which pods may be unevenly distributed. When `whenUnsatisfiable=DoNotSchedule`, it is the maximum permitted difference between the number of matching pods in the target topology and the global minimum. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 1/1/0: | zone1 | zone2 | zone3 | | P | P | | - if MaxSkew is 1, incoming pod can only be scheduled to zone3 to become 1/1/1; scheduling it onto zone1(zone2) would make the ActualSkew(2-0) on zone1(zone2) violate MaxSkew(1). - if MaxSkew is 2, incoming pod can be scheduled onto any zone. When `whenUnsatisfiable=ScheduleAnyway`, it is used to give higher precedence to topologies that satisfy it. It''s a required field. Default value is 1 and 0 is not allowed.' - type: integer - format: int32 - topologyKey: - description: TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each as a "bucket", and try to put balanced number of pods into each bucket. It's a required field. - type: string - whenUnsatisfiable: - description: 'WhenUnsatisfiable indicates how to deal with a pod if it doesn''t satisfy the spread constraint. - DoNotSchedule (default) tells the scheduler not to schedule it. - ScheduleAnyway tells the scheduler to schedule the pod in any location, but giving higher precedence to topologies that would help reduce the skew. A constraint is considered "Unsatisfiable" for an incoming pod if and only if every possible node assigment for that pod would violate "MaxSkew" on some topology. For example, in a 3-zone cluster, MaxSkew is set to 1, and pods with the same labelSelector spread as 3/1/1: | zone1 | zone2 | zone3 | | P P P | P | P | If WhenUnsatisfiable is set to DoNotSchedule, incoming pod can only be scheduled to zone2(zone3) to become 3/2/1(3/1/2) as ActualSkew(2-1) on zone2(zone3) satisfies MaxSkew(1). In other words, the cluster can still be imbalanced, but scheduler won''t make it *more* imbalanced. It''s a required field.' - type: string - x-kubernetes-list-map-keys: - - topologyKey - - whenUnsatisfiable - x-kubernetes-list-type: map - volumes: - description: 'List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes' - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' - type: integer - format: int32 - readOnly: - description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - azureDisk: - description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - type: object - required: - - diskName - - diskURI - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - azureFile: - description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. - type: object - required: - - secretName - - shareName - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - cephfs: - description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime - type: object - required: - - monitors - properties: - monitors: - description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: array - items: - type: string - path: - description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - user: - description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - cinder: - description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - volumeID: - description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - configMap: - description: ConfigMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys must be defined - type: boolean - csi: - description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - readOnly: - description: Specifies a read-only configuration for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. - type: object - additionalProperties: - type: string - downwardAPI: - description: DownwardAPI represents downward API about the pod that should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: Items is a list of downward API volume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - emptyDir: - description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: object - properties: - medium: - description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - ephemeral: - description: "Ephemeral represents a volume that is handled by a cluster storage driver (Alpha feature). The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." - type: object - properties: - readOnly: - description: Specifies a read-only configuration for the volume. Defaults to false (read/write). - type: boolean - volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." - type: object - required: - - spec - properties: - metadata: - description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. - type: object - spec: - description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. - type: object - properties: - accessModes: - description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - type: array - items: - type: string - dataSource: - description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.' - type: object - required: - - kind - - name - properties: - apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - resources: - description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - selector: - description: A label query over volumes to consider for binding. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - storageClassName: - description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: VolumeName is the binding reference to the PersistentVolume backing this claim. - type: string - fc: - description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - type: object - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - lun: - description: 'Optional: FC target lun number' - type: integer - format: int32 - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - type: array - items: - type: string - wwids: - description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' - type: array - items: - type: string - flexVolume: - description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the driver to use for this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - type: string - options: - description: 'Optional: Extra command options if any.' - type: object - additionalProperties: - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - flocker: - description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - type: object - properties: - datasetName: - description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier of a Flocker dataset - type: string - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: object - required: - - pdName - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: integer - format: int32 - pdName: - description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - gitRepo: - description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' - type: object - required: - - repository - properties: - directory: - description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - type: object - required: - - endpoints - - path - properties: - endpoints: - description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - hostPath: - description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' - type: object - required: - - path - properties: - path: - description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - type: object - required: - - iqn - - lun - - targetPortal - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - type: integer - format: int32 - portals: - description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - type: array - items: - type: string - readOnly: - description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator authentication - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - targetPortal: - description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - type: string - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: object - required: - - path - - server - properties: - path: - description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: object - required: - - claimName - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. Default false. - type: boolean - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - type: object - required: - - pdID - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent disk - type: string - portworxVolume: - description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine - type: object - required: - - volumeID - properties: - fsType: - description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx volume - type: string - projected: - description: Items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: information about the configMap data to project - type: object - properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys must be defined - type: boolean - downwardAPI: - description: information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secret: - description: information about the secret data to project - type: object - properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - serviceAccountToken: - description: information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: Path is the path relative to the mount point of the file to project the token into. - type: string - quobyte: - description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime - type: object - required: - - registry - - volume - properties: - group: - description: Group to map volume access to Default is no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. - type: boolean - registry: - description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to serivceaccount user - type: string - volume: - description: Volume is a string that references an already created Quobyte volume by name. - type: string - rbd: - description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - type: object - required: - - image - - monitors - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: array - items: - type: string - pool: - description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - user: - description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - type: object - required: - - gateway - - secretRef - - system - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - sslEnabled: - description: Flag to enable/disable SSL communication with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with the protection domain. - type: string - system: - description: The name of the storage system as configured in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in the ScaleIO system that is associated with this volume source. - type: string - secret: - description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: Specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - storageos: - description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. - type: object - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - volumeName: - description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. - type: string - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - type: object - required: - - volumePath - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) profile name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - permissions: - type: array - items: - description: StrategyDeploymentPermissions describe the rbac rules and service account needed by the install strategy - type: object - required: - - rules - - serviceAccountName - properties: - rules: - type: array - items: - description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. - type: object - required: - - verbs - properties: - apiGroups: - description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. - type: array - items: - type: string - nonResourceURLs: - description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. - type: array - items: - type: string - resourceNames: - description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. - type: array - items: - type: string - resources: - description: Resources is a list of resources this rule applies to. ResourceAll represents all resources. - type: array - items: - type: string - verbs: - description: Verbs is a list of Verbs that apply to ALL the ResourceKinds and AttributeRestrictions contained in this rule. VerbAll represents all kinds. - type: array - items: - type: string - serviceAccountName: - type: string - strategy: - type: string - installModes: - description: InstallModes specify supported installation types - type: array - items: - description: InstallMode associates an InstallModeType with a flag representing if the CSV supports it - type: object - required: - - supported - - type - properties: - supported: - type: boolean - type: - description: InstallModeType is a supported type of install mode for CSV installation - type: string - keywords: - type: array - items: - type: string - labels: - description: Map of string keys and values that can be used to organize and categorize (scope and select) objects. - type: object - additionalProperties: - type: string - links: - type: array - items: - type: object - properties: - name: - type: string - url: - type: string - maintainers: - type: array - items: - type: object - properties: - email: - type: string - name: - type: string - maturity: - type: string - minKubeVersion: - type: string - nativeAPIs: - type: array - items: - description: GroupVersionKind unambiguously identifies a kind. It doesn't anonymously include GroupVersion to avoid automatic coersion. It doesn't use a GroupVersion to avoid custom marshalling - type: object - required: - - group - - kind - - version - properties: - group: - type: string - kind: - type: string - version: - type: string - provider: - type: object - properties: - name: - type: string - url: - type: string - relatedImages: - description: List any related images, or other container images that your Operator might require to perform their functions. This list should also include operand images as well. All image references should be specified by digest (SHA) and not by tag. This field is only used during catalog creation and plays no part in cluster runtime. - type: array - items: - type: object - required: - - image - - name - properties: - image: - type: string - name: - type: string - replaces: - description: The name of a CSV this one replaces. Should match the `metadata.Name` field of the old CSV. - type: string - selector: - description: Label selector for related resources. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - skips: - description: The name(s) of one or more CSV(s) that should be skipped in the upgrade graph. Should match the `metadata.Name` field of the CSV that should be skipped. This field is only used during catalog creation and plays no part in cluster runtime. - type: array - items: - type: string - version: - description: OperatorVersion is a wrapper around semver.Version which supports correct marshaling to YAML and JSON. - type: string - webhookdefinitions: - type: array - items: - description: WebhookDescription provides details to OLM about required webhooks - type: object - required: - - admissionReviewVersions - - generateName - - sideEffects - - type - properties: - admissionReviewVersions: - type: array - items: - type: string - containerPort: - type: integer - format: int32 - default: 443 - maximum: 65535 - minimum: 1 - conversionCRDs: - type: array - items: - type: string - deploymentName: - type: string - failurePolicy: - type: string - generateName: - type: string - matchPolicy: - description: MatchPolicyType specifies the type of match policy - type: string - objectSelector: - description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - reinvocationPolicy: - description: ReinvocationPolicyType specifies what type of policy the admission hook uses. - type: string - rules: - type: array - items: - description: RuleWithOperations is a tuple of Operations and Resources. It is recommended to make sure that all the tuple expansions are valid. - type: object - properties: - apiGroups: - description: APIGroups is the API groups the resources belong to. '*' is all groups. If '*' is present, the length of the slice must be one. Required. - type: array - items: - type: string - apiVersions: - description: APIVersions is the API versions the resources belong to. '*' is all versions. If '*' is present, the length of the slice must be one. Required. - type: array - items: - type: string - operations: - description: Operations is the operations the admission hook cares about - CREATE, UPDATE, DELETE, CONNECT or * for all of those operations and any future admission operations that are added. If '*' is present, the length of the slice must be one. Required. - type: array - items: - type: string - resources: - description: "Resources is a list of resources this rule applies to. \n For example: 'pods' means pods. 'pods/log' means the log subresource of pods. '*' means all resources, but not subresources. 'pods/*' means all subresources of pods. '*/scale' means all scale subresources. '*/*' means all resources and their subresources. \n If wildcard is present, the validation rule will ensure resources do not overlap with each other. \n Depending on the enclosing object, subresources might not be allowed. Required." - type: array - items: - type: string - scope: - description: scope specifies the scope of this rule. Valid values are "Cluster", "Namespaced", and "*" "Cluster" means that only cluster-scoped resources will match this rule. Namespace API objects are cluster-scoped. "Namespaced" means that only namespaced resources will match this rule. "*" means that there are no scope restrictions. Subresources match the scope of their parent resource. Default is "*". - type: string - sideEffects: - type: string - targetPort: - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - timeoutSeconds: - type: integer - format: int32 - type: - description: WebhookAdmissionType is the type of admission webhooks supported by OLM - type: string - enum: - - ValidatingAdmissionWebhook - - MutatingAdmissionWebhook - - ConversionWebhook - webhookPath: - type: string - status: - description: ClusterServiceVersionStatus represents information about the status of a CSV. Status may trail the actual state of a system. - type: object - properties: - certsLastUpdated: - description: Last time the owned APIService certs were updated - type: string - format: date-time - certsRotateAt: - description: Time the owned APIService certs will rotate next - type: string - format: date-time - cleanup: - description: CleanupStatus represents information about the status of cleanup while a CSV is pending deletion - type: object - properties: - pendingDeletion: - description: PendingDeletion is the list of custom resource objects that are pending deletion and blocked on finalizers. This indicates the progress of cleanup that is blocking CSV deletion or operator uninstall. - type: array - items: - description: ResourceList represents a list of resources which are of the same Group/Kind - type: object - required: - - group - - instances - - kind - properties: - group: - type: string - instances: - type: array - items: - type: object - required: - - name - properties: - name: - type: string - namespace: - description: Namespace can be empty for cluster-scoped resources - type: string - kind: - type: string - conditions: - description: List of conditions, a history of state transitions - type: array - items: - description: Conditions appear in the status as a record of state transitions on the ClusterServiceVersion - type: object - properties: - lastTransitionTime: - description: Last time the status transitioned from one status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time we updated the status - type: string - format: date-time - message: - description: A human readable message indicating details about why the ClusterServiceVersion is in this condition. - type: string - phase: - description: Condition of the ClusterServiceVersion - type: string - reason: - description: A brief CamelCase message indicating details about why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' - type: string - lastTransitionTime: - description: Last time the status transitioned from one status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time we updated the status - type: string - format: date-time - message: - description: A human readable message indicating details about why the ClusterServiceVersion is in this condition. - type: string - phase: - description: Current condition of the ClusterServiceVersion - type: string - reason: - description: A brief CamelCase message indicating details about why the ClusterServiceVersion is in this state. e.g. 'RequirementsNotMet' - type: string - requirementStatus: - description: The status of each requirement for this CSV - type: array - items: - type: object - required: - - group - - kind - - message - - name - - status - - version - properties: - dependents: - type: array - items: - description: DependentStatus is the status for a dependent requirement (to prevent infinite nesting) - type: object - required: - - group - - kind - - status - - version - properties: - group: - type: string - kind: - type: string - message: - type: string - status: - description: StatusReason is a camelcased reason for the status of a RequirementStatus or DependentStatus - type: string - uuid: - type: string - version: - type: string - group: - type: string - kind: - type: string - message: - type: string - name: - type: string - status: - description: StatusReason is a camelcased reason for the status of a RequirementStatus or DependentStatus - type: string - uuid: - type: string - version: - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-installplans.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-installplans.crd.yaml deleted file mode 100644 index 6536fe1b79..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-installplans.crd.yaml +++ /dev/null @@ -1,265 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-installplans.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: installplans.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: InstallPlan - listKind: InstallPlanList - plural: installplans - shortNames: - - ip - singular: installplan - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The first CSV in the list of clusterServiceVersionNames - jsonPath: .spec.clusterServiceVersionNames[0] - name: CSV - type: string - - description: The approval mode - jsonPath: .spec.approval - name: Approval - type: string - - jsonPath: .spec.approved - name: Approved - type: boolean - name: v1alpha1 - schema: - openAPIV3Schema: - description: InstallPlan defines the installation of a set of operators. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: InstallPlanSpec defines a set of Application resources to be installed - type: object - required: - - approval - - approved - - clusterServiceVersionNames - properties: - approval: - description: Approval is the user approval policy for an InstallPlan. It must be one of "Automatic" or "Manual". - type: string - approved: - type: boolean - clusterServiceVersionNames: - type: array - items: - type: string - generation: - type: integer - source: - type: string - sourceNamespace: - type: string - status: - description: "InstallPlanStatus represents the information about the status of steps required to complete installation. \n Status may trail the actual state of a system." - type: object - required: - - catalogSources - - phase - properties: - attenuatedServiceAccountRef: - description: AttenuatedServiceAccountRef references the service account that is used to do scoped operator install. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - bundleLookups: - description: BundleLookups is the set of in-progress requests to pull and unpackage bundle content to the cluster. - type: array - items: - description: BundleLookup is a request to pull and unpackage the content of a bundle to the cluster. - type: object - required: - - catalogSourceRef - - identifier - - path - - replaces - properties: - catalogSourceRef: - description: CatalogSourceRef is a reference to the CatalogSource the bundle path was resolved from. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - conditions: - description: Conditions represents the overall state of a BundleLookup. - type: array - items: - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time the condition was probed. - type: string - format: date-time - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - identifier: - description: Identifier is the catalog-unique name of the operator (the name of the CSV for bundles that contain CSVs) - type: string - path: - description: Path refers to the location of a bundle to pull. It's typically an image reference. - type: string - properties: - description: The effective properties of the unpacked bundle. - type: string - replaces: - description: Replaces is the name of the bundle to replace with the one found at Path. - type: string - catalogSources: - type: array - items: - type: string - conditions: - type: array - items: - description: InstallPlanCondition represents the overall status of the execution of an InstallPlan. - type: object - properties: - lastTransitionTime: - type: string - format: date-time - lastUpdateTime: - type: string - format: date-time - message: - type: string - reason: - description: ConditionReason is a camelcased reason for the state transition. - type: string - status: - type: string - type: - description: InstallPlanConditionType describes the state of an InstallPlan at a certain point as a whole. - type: string - message: - description: Message is a human-readable message containing detailed information that may be important to understanding why the plan has its current status. - type: string - phase: - description: InstallPlanPhase is the current status of a InstallPlan as a whole. - type: string - plan: - type: array - items: - description: Step represents the status of an individual step in an InstallPlan. - type: object - required: - - resolving - - resource - - status - properties: - resolving: - type: string - resource: - description: StepResource represents the status of a resource to be tracked by an InstallPlan. - type: object - required: - - group - - kind - - name - - sourceName - - sourceNamespace - - version - properties: - group: - type: string - kind: - type: string - manifest: - type: string - name: - type: string - sourceName: - type: string - sourceNamespace: - type: string - version: - type: string - status: - description: StepStatus is the current status of a particular resource an in InstallPlan - type: string - startTime: - description: StartTime is the time when the controller began applying the resources listed in the plan to the cluster. - type: string - format: date-time - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-namespace.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-namespace.yaml deleted file mode 100644 index 13917074d8..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-namespace.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: olm ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: operators diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-operatorconditions.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-operatorconditions.crd.yaml deleted file mode 100644 index 334b0c2d33..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-operatorconditions.crd.yaml +++ /dev/null @@ -1,308 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-operatorconditions.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: operatorconditions.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: OperatorCondition - listKind: OperatorConditionList - plural: operatorconditions - shortNames: - - condition - singular: operatorcondition - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: OperatorCondition is a Custom Resource of type `OperatorCondition` which is used to convey information to OLM about the state of an operator. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorConditionSpec allows a cluster admin to convey information about the state of an operator to OLM, potentially overriding state reported by the operator. - type: object - properties: - deployments: - type: array - items: - type: string - overrides: - type: array - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - type: object - required: - - message - - reason - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - type: string - format: date-time - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - type: string - maxLength: 32768 - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - type: integer - format: int64 - minimum: 0 - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - type: string - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - status: - description: status of the condition, one of True, False, Unknown. - type: string - enum: - - "True" - - "False" - - Unknown - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - type: string - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - serviceAccounts: - type: array - items: - type: string - status: - description: OperatorConditionStatus allows an operator to convey information its state to OLM. The status may trail the actual state of a system. - type: object - properties: - conditions: - type: array - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - type: object - required: - - lastTransitionTime - - message - - reason - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - type: string - format: date-time - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - type: string - maxLength: 32768 - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - type: integer - format: int64 - minimum: 0 - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - type: string - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - status: - description: status of the condition, one of True, False, Unknown. - type: string - enum: - - "True" - - "False" - - Unknown - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - type: string - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - served: true - storage: false - subresources: - status: {} - - name: v2 - schema: - openAPIV3Schema: - description: OperatorCondition is a Custom Resource of type `OperatorCondition` which is used to convey information to OLM about the state of an operator. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorConditionSpec allows an operator to report state to OLM and provides cluster admin with the ability to manually override state reported by the operator. - type: object - properties: - conditions: - type: array - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - type: object - required: - - lastTransitionTime - - message - - reason - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - type: string - format: date-time - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - type: string - maxLength: 32768 - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - type: integer - format: int64 - minimum: 0 - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - type: string - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - status: - description: status of the condition, one of True, False, Unknown. - type: string - enum: - - "True" - - "False" - - Unknown - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - type: string - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - deployments: - type: array - items: - type: string - overrides: - type: array - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - type: object - required: - - message - - reason - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - type: string - format: date-time - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - type: string - maxLength: 32768 - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - type: integer - format: int64 - minimum: 0 - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - type: string - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - status: - description: status of the condition, one of True, False, Unknown. - type: string - enum: - - "True" - - "False" - - Unknown - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - type: string - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - serviceAccounts: - type: array - items: - type: string - status: - description: OperatorConditionStatus allows OLM to convey which conditions have been observed. - type: object - properties: - conditions: - type: array - items: - description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - type: object - required: - - lastTransitionTime - - message - - reason - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable. - type: string - format: date-time - message: - description: message is a human readable message indicating details about the transition. This may be an empty string. - type: string - maxLength: 32768 - observedGeneration: - description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance. - type: integer - format: int64 - minimum: 0 - reason: - description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty. - type: string - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - status: - description: status of the condition, one of True, False, Unknown. - type: string - enum: - - "True" - - "False" - - Unknown - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - type: string - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-operatorgroups.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-operatorgroups.crd.yaml deleted file mode 100644 index f05dca4089..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-operatorgroups.crd.yaml +++ /dev/null @@ -1,235 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-operatorgroups.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: operatorgroups.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: OperatorGroup - listKind: OperatorGroupList - plural: operatorgroups - shortNames: - - og - singular: operatorgroup - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: OperatorGroup is the unit of multitenancy for OLM managed operators. It constrains the installation of operators in its namespace to a specified set of target namespaces. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorGroupSpec is the spec for an OperatorGroup resource. - type: object - properties: - selector: - description: Selector selects the OperatorGroup's target namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - serviceAccountName: - description: ServiceAccountName is the admin specified service account which will be used to deploy operator(s) in this operator group. - type: string - staticProvidedAPIs: - description: Static tells OLM not to update the OperatorGroup's providedAPIs annotation - type: boolean - targetNamespaces: - description: TargetNamespaces is an explicit set of namespaces to target. If it is set, Selector is ignored. - type: array - items: - type: string - x-kubernetes-list-type: set - status: - description: OperatorGroupStatus is the status for an OperatorGroupResource. - type: object - required: - - lastUpdated - properties: - lastUpdated: - description: LastUpdated is a timestamp of the last time the OperatorGroup's status was Updated. - type: string - format: date-time - namespaces: - description: Namespaces is the set of target namespaces for the OperatorGroup. - type: array - items: - type: string - x-kubernetes-list-type: set - serviceAccountRef: - description: ServiceAccountRef references the service account object specified. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: true - subresources: - status: {} - - name: v1alpha2 - schema: - openAPIV3Schema: - description: OperatorGroup is the unit of multitenancy for OLM managed operators. It constrains the installation of operators in its namespace to a specified set of target namespaces. - type: object - required: - - metadata - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorGroupSpec is the spec for an OperatorGroup resource. - type: object - properties: - selector: - description: Selector selects the OperatorGroup's target namespaces. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - serviceAccountName: - description: ServiceAccountName is the admin specified service account which will be used to deploy operator(s) in this operator group. - type: string - staticProvidedAPIs: - description: Static tells OLM not to update the OperatorGroup's providedAPIs annotation - type: boolean - targetNamespaces: - description: TargetNamespaces is an explicit set of namespaces to target. If it is set, Selector is ignored. - type: array - items: - type: string - status: - description: OperatorGroupStatus is the status for an OperatorGroupResource. - type: object - required: - - lastUpdated - properties: - lastUpdated: - description: LastUpdated is a timestamp of the last time the OperatorGroup's status was Updated. - type: string - format: date-time - namespaces: - description: Namespaces is the set of target namespaces for the OperatorGroup. - type: array - items: - type: string - serviceAccountRef: - description: ServiceAccountRef references the service account object specified. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: false - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-operators.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-operators.crd.yaml deleted file mode 100644 index 31b582b3b8..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-operators.crd.yaml +++ /dev/null @@ -1,140 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-operators.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: operators.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: Operator - listKind: OperatorList - plural: operators - singular: operator - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: Operator represents a cluster operator. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorSpec defines the desired state of Operator - type: object - status: - description: OperatorStatus defines the observed state of an Operator and its components - type: object - properties: - components: - description: Components describes resources that compose the operator. - type: object - required: - - labelSelector - properties: - labelSelector: - description: LabelSelector is a label query over a set of resources used to select the operator's components - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - refs: - description: Refs are a set of references to the operator's component resources, selected with LabelSelector. - type: array - items: - description: RichReference is a reference to a resource, enriched with its status conditions. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - conditions: - description: Conditions represents the latest state of the component. - type: array - items: - description: Condition represent the latest available observations of an component's state. - type: object - required: - - status - - type - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status to another. - type: string - format: date-time - lastUpdateTime: - description: Last time the condition was probed - type: string - format: date-time - message: - description: A human readable message indicating details about the transition. - type: string - reason: - description: The reason for the condition's last transition. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-subscriptions.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-subscriptions.crd.yaml deleted file mode 100644 index d9769df42b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_00-subscriptions.crd.yaml +++ /dev/null @@ -1,1344 +0,0 @@ ---- -# Source: olm/crds/0000_50_olm_00-subscriptions.crd.yaml -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.4.1 - creationTimestamp: null - name: subscriptions.operators.coreos.com -spec: - group: operators.coreos.com - names: - categories: - - olm - kind: Subscription - listKind: SubscriptionList - plural: subscriptions - shortNames: - - sub - - subs - singular: subscription - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: The package subscribed to - jsonPath: .spec.name - name: Package - type: string - - description: The catalog source for the specified package - jsonPath: .spec.source - name: Source - type: string - - description: The channel of updates to subscribe to - jsonPath: .spec.channel - name: Channel - type: string - name: v1alpha1 - schema: - openAPIV3Schema: - description: Subscription keeps operators up to date by tracking changes to Catalogs. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: SubscriptionSpec defines an Application that can be installed - type: object - required: - - name - - source - - sourceNamespace - properties: - channel: - type: string - config: - description: SubscriptionConfig contains configuration specified for a subscription. - type: object - properties: - env: - description: Env is a list of environment variables to set in the container. Cannot be updated. - type: array - items: - description: EnvVar represents an environment variable present in a Container. - type: object - required: - - name - properties: - name: - description: Name of the environment variable. Must be a C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded using the previous defined environment variables in the container and any service environment variables. If a variable cannot be resolved, the reference in the input string will be unchanged. The $(VAR_NAME) syntax can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references will never be expanded, regardless of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. Cannot be used if value is not empty. - type: object - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - type: object - required: - - key - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its key must be defined - type: boolean - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['''']`, `metadata.annotations['''']`, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secretKeyRef: - description: Selects a key of a secret in the pod's namespace - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - envFrom: - description: EnvFrom is a list of sources to populate environment variables in the container. The keys defined within a source must be a C_IDENTIFIER. All invalid keys will be reported as an event when the container is starting. When a key exists in multiple sources, the value associated with the last source will take precedence. Values defined by an Env with a duplicate key will take precedence. Immutable. - type: array - items: - description: EnvFromSource represents the source of a set of ConfigMaps - type: object - properties: - configMapRef: - description: The ConfigMap to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: The Secret to select from - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - nodeSelector: - description: 'NodeSelector is a selector which must be true for the pod to fit on a node. Selector which must match a node''s labels for the pod to be scheduled on that node. More info: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/' - type: object - additionalProperties: - type: string - resources: - description: 'Resources represents compute resources required by this container. Immutable. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - selector: - description: Selector is the label selector for pods to be configured. Existing ReplicaSets whose pods are selected by this will be the ones affected by this deployment. It must match the pod template's labels. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - tolerations: - description: Tolerations are the pod's tolerations. - type: array - items: - description: The pod this Toleration is attached to tolerates any taint that matches the triple using the matching operator . - type: object - properties: - effect: - description: Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies to. Empty means match all taint keys. If the key is empty, operator must be Exists; this combination means to match all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. Valid operators are Exists and Equal. Defaults to Equal. Exists is equivalent to wildcard for value, so that a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the toleration (which must be of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, it is not set, which means tolerate the taint forever (do not evict). Zero and negative values will be treated as 0 (evict immediately) by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches to. If the operator is Exists, the value should be empty, otherwise just a regular string. - type: string - volumeMounts: - description: List of VolumeMounts to set in the container. - type: array - items: - description: VolumeMount describes a mounting of a Volume within a container. - type: object - required: - - mountPath - - name - properties: - mountPath: - description: Path within the container at which the volume should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are propagated from the host to container and the other way around. When not set, MountPropagationNone is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's volume should be mounted. Defaults to "" (volume's root). - type: string - subPathExpr: - description: Expanded path within the volume from which the container's volume should be mounted. Behaves similarly to SubPath but environment variable references $(VAR_NAME) are expanded using the container's environment. Defaults to "" (volume's root). SubPathExpr and SubPath are mutually exclusive. - type: string - volumes: - description: List of Volumes to set in the podSpec. - type: array - items: - description: Volume represents a named volume in a pod that may be accessed by any container in the pod. - type: object - required: - - name - properties: - awsElasticBlockStore: - description: 'AWSElasticBlockStore represents an AWS Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty).' - type: integer - format: int32 - readOnly: - description: 'Specify "true" to force and set the ReadOnly property in VolumeMounts to "true". If omitted, the default is "false". More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: boolean - volumeID: - description: 'Unique ID of the persistent disk resource in AWS (Amazon EBS volume). More info: https://kubernetes.io/docs/concepts/storage/volumes#awselasticblockstore' - type: string - azureDisk: - description: AzureDisk represents an Azure Data Disk mount on the host and bind mount to the pod. - type: object - required: - - diskName - - diskURI - properties: - cachingMode: - description: 'Host Caching mode: None, Read Only, Read Write.' - type: string - diskName: - description: The Name of the data disk in the blob storage - type: string - diskURI: - description: The URI the data disk in the blob storage - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - kind: - description: 'Expected values Shared: multiple blob disks per storage account Dedicated: single blob disk per storage account Managed: azure managed data disk (only in managed availability set). defaults to shared' - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - azureFile: - description: AzureFile represents an Azure File Service mount on the host and bind mount to the pod. - type: object - required: - - secretName - - shareName - properties: - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretName: - description: the name of secret that contains Azure Storage Account Name and Key - type: string - shareName: - description: Share Name - type: string - cephfs: - description: CephFS represents a Ceph FS mount on the host that shares a pod's lifetime - type: object - required: - - monitors - properties: - monitors: - description: 'Required: Monitors is a collection of Ceph monitors More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: array - items: - type: string - path: - description: 'Optional: Used as the mounted root, rather than the full Ceph tree, default is /' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: boolean - secretFile: - description: 'Optional: SecretFile is the path to key ring for User, default is /etc/ceph/user.secret More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - secretRef: - description: 'Optional: SecretRef is reference to the authentication secret for User, default is empty. More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - user: - description: 'Optional: User is the rados user name, default is admin More info: https://examples.k8s.io/volumes/cephfs/README.md#how-to-use-it' - type: string - cinder: - description: 'Cinder represents a cinder volume attached and mounted on kubelets host machine. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: object - required: - - volumeID - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: boolean - secretRef: - description: 'Optional: points to a secret object containing parameters used to connect to OpenStack.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - volumeID: - description: 'volume id used to identify the volume in cinder. More info: https://examples.k8s.io/mysql-cinder-pd/README.md' - type: string - configMap: - description: ConfigMap represents a configMap that should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys must be defined - type: boolean - csi: - description: CSI (Container Storage Interface) represents ephemeral storage that is handled by certain external CSI drivers (Beta feature). - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the CSI driver that handles this volume. Consult with your admin for the correct name as registered in the cluster. - type: string - fsType: - description: Filesystem type to mount. Ex. "ext4", "xfs", "ntfs". If not provided, the empty value is passed to the associated CSI driver which will determine the default filesystem to apply. - type: string - nodePublishSecretRef: - description: NodePublishSecretRef is a reference to the secret object containing sensitive information to pass to the CSI driver to complete the CSI NodePublishVolume and NodeUnpublishVolume calls. This field is optional, and may be empty if no secret is required. If the secret object contains more than one secret, all secret references are passed. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - readOnly: - description: Specifies a read-only configuration for the volume. Defaults to false (read/write). - type: boolean - volumeAttributes: - description: VolumeAttributes stores driver-specific properties that are passed to the CSI driver. Consult your driver's documentation for supported values. - type: object - additionalProperties: - type: string - downwardAPI: - description: DownwardAPI represents downward API about the pod that should populate this volume - type: object - properties: - defaultMode: - description: 'Optional: mode bits to use on created files by default. Must be a Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: Items is a list of downward API volume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - emptyDir: - description: 'EmptyDir represents a temporary directory that shares a pod''s lifetime. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: object - properties: - medium: - description: 'What type of storage medium should back this directory. The default is "" which means to use the node''s default medium. Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: - description: 'Total amount of local storage required for this EmptyDir volume. The size limit is also applicable for memory medium. The maximum usage on memory medium EmptyDir would be the minimum value between the SizeLimit specified here and the sum of memory limits of all containers in a pod. The default is nil which means that the limit is undefined. More info: http://kubernetes.io/docs/user-guide/volumes#emptydir' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - ephemeral: - description: "Ephemeral represents a volume that is handled by a cluster storage driver (Alpha feature). The volume's lifecycle is tied to the pod that defines it - it will be created before the pod starts, and deleted when the pod is removed. \n Use this if: a) the volume is only needed while the pod runs, b) features of normal volumes like restoring from snapshot or capacity tracking are needed, c) the storage driver is specified through a storage class, and d) the storage driver supports dynamic volume provisioning through a PersistentVolumeClaim (see EphemeralVolumeSource for more information on the connection between this volume type and PersistentVolumeClaim). \n Use PersistentVolumeClaim or one of the vendor-specific APIs for volumes that persist for longer than the lifecycle of an individual pod. \n Use CSI for light-weight local ephemeral volumes if the CSI driver is meant to be used that way - see the documentation of the driver for more information. \n A pod can use both types of ephemeral volumes and persistent volumes at the same time." - type: object - properties: - readOnly: - description: Specifies a read-only configuration for the volume. Defaults to false (read/write). - type: boolean - volumeClaimTemplate: - description: "Will be used to create a stand-alone PVC to provision the volume. The pod in which this EphemeralVolumeSource is embedded will be the owner of the PVC, i.e. the PVC will be deleted together with the pod. The name of the PVC will be `-` where `` is the name from the `PodSpec.Volumes` array entry. Pod validation will reject the pod if the concatenated name is not valid for a PVC (for example, too long). \n An existing PVC with that name that is not owned by the pod will *not* be used for the pod to avoid using an unrelated volume by mistake. Starting the pod is then blocked until the unrelated PVC is removed. If such a pre-created PVC is meant to be used by the pod, the PVC has to updated with an owner reference to the pod once the pod exists. Normally this should not be necessary, but it may be useful when manually reconstructing a broken cluster. \n This field is read-only and no changes will be made by Kubernetes to the PVC after it has been created. \n Required, must not be nil." - type: object - required: - - spec - properties: - metadata: - description: May contain labels and annotations that will be copied into the PVC when creating it. No other fields are allowed and will be rejected during validation. - type: object - spec: - description: The specification for the PersistentVolumeClaim. The entire content is copied unchanged into the PVC that gets created from this template. The same fields as in a PersistentVolumeClaim are also valid here. - type: object - properties: - accessModes: - description: 'AccessModes contains the desired access modes the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - type: array - items: - type: string - dataSource: - description: 'This field can be used to specify either: * An existing VolumeSnapshot object (snapshot.storage.k8s.io/VolumeSnapshot) * An existing PVC (PersistentVolumeClaim) * An existing custom resource that implements data population (Alpha) In order to use custom resource types that implement data population, the AnyVolumeDataSource feature gate must be enabled. If the provisioner or an external controller can support the specified data source, it will create a new volume based on the contents of the specified data source.' - type: object - required: - - kind - - name - properties: - apiGroup: - description: APIGroup is the group for the resource being referenced. If APIGroup is not specified, the specified Kind must be in the core API group. For any other third-party types, APIGroup is required. - type: string - kind: - description: Kind is the type of resource being referenced - type: string - name: - description: Name is the name of resource being referenced - type: string - resources: - description: 'Resources represents the minimum resources the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#resources' - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - requests: - description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, otherwise to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - selector: - description: A label query over volumes to consider for binding. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies to. - type: string - operator: - description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - additionalProperties: - type: string - storageClassName: - description: 'Name of the StorageClass required by the claim. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required by the claim. Value of Filesystem is implied when not included in claim spec. - type: string - volumeName: - description: VolumeName is the binding reference to the PersistentVolume backing this claim. - type: string - fc: - description: FC represents a Fibre Channel resource that is attached to a kubelet's host machine and then exposed to the pod. - type: object - properties: - fsType: - description: 'Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - lun: - description: 'Optional: FC target lun number' - type: integer - format: int32 - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - targetWWNs: - description: 'Optional: FC target worldwide names (WWNs)' - type: array - items: - type: string - wwids: - description: 'Optional: FC volume world wide identifiers (wwids) Either wwids or combination of targetWWNs and lun must be set, but not both simultaneously.' - type: array - items: - type: string - flexVolume: - description: FlexVolume represents a generic volume resource that is provisioned/attached using an exec based plugin. - type: object - required: - - driver - properties: - driver: - description: Driver is the name of the driver to use for this volume. - type: string - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". The default filesystem depends on FlexVolume script. - type: string - options: - description: 'Optional: Extra command options if any.' - type: object - additionalProperties: - type: string - readOnly: - description: 'Optional: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts.' - type: boolean - secretRef: - description: 'Optional: SecretRef is reference to the secret object containing sensitive information to pass to the plugin scripts. This may be empty if no secret object is specified. If the secret object contains more than one secret, all secrets are passed to the plugin scripts.' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - flocker: - description: Flocker represents a Flocker volume attached to a kubelet's host machine. This depends on the Flocker control service being running - type: object - properties: - datasetName: - description: Name of the dataset stored as metadata -> name on the dataset for Flocker should be considered as deprecated - type: string - datasetUUID: - description: UUID of the dataset. This is unique identifier of a Flocker dataset - type: string - gcePersistentDisk: - description: 'GCEPersistentDisk represents a GCE Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: object - required: - - pdName - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - partition: - description: 'The partition in the volume that you want to mount. If omitted, the default is to mount by volume name. Examples: For volume /dev/sda1, you specify the partition as "1". Similarly, the volume partition for /dev/sda is "0" (or you can leave the property empty). More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: integer - format: int32 - pdName: - description: 'Unique name of the PD resource in GCE. Used to identify the disk in GCE. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#gcepersistentdisk' - type: boolean - gitRepo: - description: 'GitRepo represents a git repository at a particular revision. DEPRECATED: GitRepo is deprecated. To provision a container with a git repo, mount an EmptyDir into an InitContainer that clones the repo using git, then mount the EmptyDir into the Pod''s container.' - type: object - required: - - repository - properties: - directory: - description: Target directory name. Must not contain or start with '..'. If '.' is supplied, the volume directory will be the git repository. Otherwise, if specified, the volume will contain the git repository in the subdirectory with the given name. - type: string - repository: - description: Repository URL - type: string - revision: - description: Commit hash for the specified revision. - type: string - glusterfs: - description: 'Glusterfs represents a Glusterfs mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/glusterfs/README.md' - type: object - required: - - endpoints - - path - properties: - endpoints: - description: 'EndpointsName is the endpoint name that details Glusterfs topology. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - path: - description: 'Path is the Glusterfs volume path. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: string - readOnly: - description: 'ReadOnly here will force the Glusterfs volume to be mounted with read-only permissions. Defaults to false. More info: https://examples.k8s.io/volumes/glusterfs/README.md#create-a-pod' - type: boolean - hostPath: - description: 'HostPath represents a pre-existing file or directory on the host machine that is directly exposed to the container. This is generally used for system agents or other privileged things that are allowed to see the host machine. Most containers will NOT need this. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath --- TODO(jonesdl) We need to restrict who can use host directory mounts and who can/can not mount host directories as read/write.' - type: object - required: - - path - properties: - path: - description: 'Path of the directory on the host. If the path is a symlink, it will follow the link to the real path. More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - type: - description: 'Type for HostPath Volume Defaults to "" More info: https://kubernetes.io/docs/concepts/storage/volumes#hostpath' - type: string - iscsi: - description: 'ISCSI represents an ISCSI Disk resource that is attached to a kubelet''s host machine and then exposed to the pod. More info: https://examples.k8s.io/volumes/iscsi/README.md' - type: object - required: - - iqn - - lun - - targetPortal - properties: - chapAuthDiscovery: - description: whether support iSCSI Discovery CHAP authentication - type: boolean - chapAuthSession: - description: whether support iSCSI Session CHAP authentication - type: boolean - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#iscsi TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - initiatorName: - description: Custom iSCSI Initiator Name. If initiatorName is specified with iscsiInterface simultaneously, new iSCSI interface : will be created for the connection. - type: string - iqn: - description: Target iSCSI Qualified Name. - type: string - iscsiInterface: - description: iSCSI Interface Name that uses an iSCSI transport. Defaults to 'default' (tcp). - type: string - lun: - description: iSCSI Target Lun number. - type: integer - format: int32 - portals: - description: iSCSI Target Portal List. The portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - type: array - items: - type: string - readOnly: - description: ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. - type: boolean - secretRef: - description: CHAP Secret for iSCSI target and initiator authentication - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - targetPortal: - description: iSCSI Target Portal. The Portal is either an IP or ip_addr:port if the port is other than default (typically TCP ports 860 and 3260). - type: string - name: - description: 'Volume''s name. Must be a DNS_LABEL and unique within the pod. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - nfs: - description: 'NFS represents an NFS mount on the host that shares a pod''s lifetime More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: object - required: - - path - - server - properties: - path: - description: 'Path that is exported by the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - readOnly: - description: 'ReadOnly here will force the NFS export to be mounted with read-only permissions. Defaults to false. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: boolean - server: - description: 'Server is the hostname or IP address of the NFS server. More info: https://kubernetes.io/docs/concepts/storage/volumes#nfs' - type: string - persistentVolumeClaim: - description: 'PersistentVolumeClaimVolumeSource represents a reference to a PersistentVolumeClaim in the same namespace. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: object - required: - - claimName - properties: - claimName: - description: 'ClaimName is the name of a PersistentVolumeClaim in the same namespace as the pod using this volume. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#persistentvolumeclaims' - type: string - readOnly: - description: Will force the ReadOnly setting in VolumeMounts. Default false. - type: boolean - photonPersistentDisk: - description: PhotonPersistentDisk represents a PhotonController persistent disk attached and mounted on kubelets host machine - type: object - required: - - pdID - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - pdID: - description: ID that identifies Photon Controller persistent disk - type: string - portworxVolume: - description: PortworxVolume represents a portworx volume attached and mounted on kubelets host machine - type: object - required: - - volumeID - properties: - fsType: - description: FSType represents the filesystem type to mount Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - volumeID: - description: VolumeID uniquely identifies a Portworx volume - type: string - projected: - description: Items for all in one resources secrets, configmaps, and downward API - type: object - properties: - defaultMode: - description: Mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set. - type: integer - format: int32 - sources: - description: list of volume projections - type: array - items: - description: Projection that may be projected along with other supported volume types - type: object - properties: - configMap: - description: information about the configMap data to project - type: object - properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced ConfigMap will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the ConfigMap, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the ConfigMap or its keys must be defined - type: boolean - downwardAPI: - description: information about the downwardAPI data to project - type: object - properties: - items: - description: Items is a list of DownwardAPIVolume file - type: array - items: - description: DownwardAPIVolumeFile represents information to create the file containing the pod field - type: object - required: - - path - properties: - fieldRef: - description: 'Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.' - type: object - required: - - fieldPath - properties: - apiVersion: - description: Version of the schema the FieldPath is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the specified API version. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file, must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: 'Required: Path is the relative path name of the file to be created. Must not be absolute or contain the ''..'' path. Must be utf-8 encoded. The first item of the relative path must not start with ''..''' - type: string - resourceFieldRef: - description: 'Selects a resource of the container: only resources limits and requests (limits.cpu, limits.memory, requests.cpu and requests.memory) are currently supported.' - type: object - required: - - resource - properties: - containerName: - description: 'Container name: required for volumes, optional for env vars' - type: string - divisor: - description: Specifies the output format of the exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - secret: - description: information about the secret data to project - type: object - properties: - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must be defined - type: boolean - serviceAccountToken: - description: information about the serviceAccountToken data to project - type: object - required: - - path - properties: - audience: - description: Audience is the intended audience of the token. A recipient of a token must identify itself with an identifier specified in the audience of the token, and otherwise should reject the token. The audience defaults to the identifier of the apiserver. - type: string - expirationSeconds: - description: ExpirationSeconds is the requested duration of validity of the service account token. As the token approaches expiration, the kubelet volume plugin will proactively rotate the service account token. The kubelet will start trying to rotate the token if the token is older than 80 percent of its time to live or if the token is older than 24 hours.Defaults to 1 hour and must be at least 10 minutes. - type: integer - format: int64 - path: - description: Path is the path relative to the mount point of the file to project the token into. - type: string - quobyte: - description: Quobyte represents a Quobyte mount on the host that shares a pod's lifetime - type: object - required: - - registry - - volume - properties: - group: - description: Group to map volume access to Default is no group - type: string - readOnly: - description: ReadOnly here will force the Quobyte volume to be mounted with read-only permissions. Defaults to false. - type: boolean - registry: - description: Registry represents a single or multiple Quobyte Registry services specified as a string as host:port pair (multiple entries are separated with commas) which acts as the central registry for volumes - type: string - tenant: - description: Tenant owning the given Quobyte volume in the Backend Used with dynamically provisioned Quobyte volumes, value is set by the plugin - type: string - user: - description: User to map volume access to Defaults to serivceaccount user - type: string - volume: - description: Volume is a string that references an already created Quobyte volume by name. - type: string - rbd: - description: 'RBD represents a Rados Block Device mount on the host that shares a pod''s lifetime. More info: https://examples.k8s.io/volumes/rbd/README.md' - type: object - required: - - image - - monitors - properties: - fsType: - description: 'Filesystem type of the volume that you want to mount. Tip: Ensure that the filesystem type is supported by the host operating system. Examples: "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. More info: https://kubernetes.io/docs/concepts/storage/volumes#rbd TODO: how do we prevent errors in the filesystem from compromising the machine' - type: string - image: - description: 'The rados image name. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - keyring: - description: 'Keyring is the path to key ring for RBDUser. Default is /etc/ceph/keyring. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - monitors: - description: 'A collection of Ceph monitors. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: array - items: - type: string - pool: - description: 'The rados pool name. Default is rbd. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - readOnly: - description: 'ReadOnly here will force the ReadOnly setting in VolumeMounts. Defaults to false. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: boolean - secretRef: - description: 'SecretRef is name of the authentication secret for RBDUser. If provided overrides keyring. Default is nil. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - user: - description: 'The rados user name. Default is admin. More info: https://examples.k8s.io/volumes/rbd/README.md#how-to-use-it' - type: string - scaleIO: - description: ScaleIO represents a ScaleIO persistent volume attached and mounted on Kubernetes nodes. - type: object - required: - - gateway - - secretRef - - system - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Default is "xfs". - type: string - gateway: - description: The host address of the ScaleIO API Gateway. - type: string - protectionDomain: - description: The name of the ScaleIO Protection Domain for the configured storage. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef references to the secret for ScaleIO user and other sensitive information. If this is not provided, Login operation will fail. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - sslEnabled: - description: Flag to enable/disable SSL communication with Gateway, default false - type: boolean - storageMode: - description: Indicates whether the storage for a volume should be ThickProvisioned or ThinProvisioned. Default is ThinProvisioned. - type: string - storagePool: - description: The ScaleIO Storage Pool associated with the protection domain. - type: string - system: - description: The name of the storage system as configured in ScaleIO. - type: string - volumeName: - description: The name of a volume already created in the ScaleIO system that is associated with this volume source. - type: string - secret: - description: 'Secret represents a secret that should populate this volume. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: object - properties: - defaultMode: - description: 'Optional: mode bits used to set permissions on created files by default. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. Defaults to 0644. Directories within the path are not affected by this setting. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - items: - description: If unspecified, each key-value pair in the Data field of the referenced Secret will be projected into the volume as a file whose name is the key and content is the value. If specified, the listed keys will be projected into the specified paths, and unlisted keys will not be present. If a key is specified which is not present in the Secret, the volume setup will error unless it is marked optional. Paths must be relative and may not contain the '..' path or start with '..'. - type: array - items: - description: Maps a string key to a path within a volume. - type: object - required: - - key - - path - properties: - key: - description: The key to project. - type: string - mode: - description: 'Optional: mode bits used to set permissions on this file. Must be an octal value between 0000 and 0777 or a decimal value between 0 and 511. YAML accepts both octal and decimal values, JSON requires decimal values for mode bits. If not specified, the volume defaultMode will be used. This might be in conflict with other options that affect the file mode, like fsGroup, and the result can be other mode bits set.' - type: integer - format: int32 - path: - description: The relative path of the file to map the key to. May not be an absolute path. May not contain the path element '..'. May not start with the string '..'. - type: string - optional: - description: Specify whether the Secret or its keys must be defined - type: boolean - secretName: - description: 'Name of the secret in the pod''s namespace to use. More info: https://kubernetes.io/docs/concepts/storage/volumes#secret' - type: string - storageos: - description: StorageOS represents a StorageOS volume attached and mounted on Kubernetes nodes. - type: object - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - readOnly: - description: Defaults to false (read/write). ReadOnly here will force the ReadOnly setting in VolumeMounts. - type: boolean - secretRef: - description: SecretRef specifies the secret to use for obtaining the StorageOS API credentials. If not specified, default values will be attempted. - type: object - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - volumeName: - description: VolumeName is the human-readable name of the StorageOS volume. Volume names are only unique within a namespace. - type: string - volumeNamespace: - description: VolumeNamespace specifies the scope of the volume within StorageOS. If no namespace is specified then the Pod's namespace will be used. This allows the Kubernetes name scoping to be mirrored within StorageOS for tighter integration. Set VolumeName to any name to override the default behaviour. Set to "default" if you are not using namespaces within StorageOS. Namespaces that do not pre-exist within StorageOS will be created. - type: string - vsphereVolume: - description: VsphereVolume represents a vSphere volume attached and mounted on kubelets host machine - type: object - required: - - volumePath - properties: - fsType: - description: Filesystem type to mount. Must be a filesystem type supported by the host operating system. Ex. "ext4", "xfs", "ntfs". Implicitly inferred to be "ext4" if unspecified. - type: string - storagePolicyID: - description: Storage Policy Based Management (SPBM) profile ID associated with the StoragePolicyName. - type: string - storagePolicyName: - description: Storage Policy Based Management (SPBM) profile name. - type: string - volumePath: - description: Path that identifies vSphere volume vmdk - type: string - installPlanApproval: - description: Approval is the user approval policy for an InstallPlan. It must be one of "Automatic" or "Manual". - type: string - name: - type: string - source: - type: string - sourceNamespace: - type: string - startingCSV: - type: string - status: - type: object - required: - - lastUpdated - properties: - catalogHealth: - description: CatalogHealth contains the Subscription's view of its relevant CatalogSources' status. It is used to determine SubscriptionStatusConditions related to CatalogSources. - type: array - items: - description: SubscriptionCatalogHealth describes the health of a CatalogSource the Subscription knows about. - type: object - required: - - catalogSourceRef - - healthy - - lastUpdated - properties: - catalogSourceRef: - description: CatalogSourceRef is a reference to a CatalogSource. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - healthy: - description: Healthy is true if the CatalogSource is healthy; false otherwise. - type: boolean - lastUpdated: - description: LastUpdated represents the last time that the CatalogSourceHealth changed - type: string - format: date-time - conditions: - description: Conditions is a list of the latest available observations about a Subscription's current state. - type: array - items: - description: SubscriptionCondition represents the latest available observations of a Subscription's state. - type: object - required: - - status - - type - properties: - lastHeartbeatTime: - description: LastHeartbeatTime is the last time we got an update on a given condition - type: string - format: date-time - lastTransitionTime: - description: LastTransitionTime is the last time the condition transit from one status to another - type: string - format: date-time - message: - description: Message is a human-readable message indicating details about last transition. - type: string - reason: - description: Reason is a one-word CamelCase reason for the condition's last transition. - type: string - status: - description: Status is the status of the condition, one of True, False, Unknown. - type: string - type: - description: Type is the type of Subscription condition. - type: string - currentCSV: - description: CurrentCSV is the CSV the Subscription is progressing to. - type: string - installPlanGeneration: - description: InstallPlanGeneration is the current generation of the installplan - type: integer - installPlanRef: - description: InstallPlanRef is a reference to the latest InstallPlan that contains the Subscription's current CSV. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. For example, if the object reference is to a container within a pod, this would take on a value like: "spec.containers{name}" (where "name" refers to the name of the container that triggered the event) or if no container name is specified "spec.containers[2]" (container with index 2 in this pod). This syntax is chosen only to have some well-defined way of referencing a part of an object. TODO: this design is not final and this field is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - installedCSV: - description: InstalledCSV is the CSV currently installed by the Subscription. - type: string - installplan: - description: 'Install is a reference to the latest InstallPlan generated for the Subscription. DEPRECATED: InstallPlanRef' - type: object - required: - - apiVersion - - kind - - name - - uuid - properties: - apiVersion: - type: string - kind: - type: string - name: - type: string - uuid: - description: UID is a type that holds unique ID values, including UUIDs. Because we don't ONLY use UUIDs, this is an alias to string. Being a type captures intent and helps make sure that UIDs and names do not get conflated. - type: string - lastUpdated: - description: LastUpdated represents the last time that the Subscription status was updated. - type: string - format: date-time - reason: - description: Reason is the reason the Subscription was transitioned to its current state. - type: string - state: - description: State represents the current state of the Subscription - type: string - served: true - storage: true - subresources: - status: {} - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_01-olm-operator.serviceaccount.yaml deleted file mode 100644 index e21d33d03d..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,33 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: olm ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-olm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_07-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_07-olm-operator.deployment.yaml deleted file mode 100644 index 9d5fe26b9e..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_07-olm-operator.deployment.yaml +++ /dev/null @@ -1,60 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_07-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: olm - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - args: - - --namespace - - $(OPERATOR_NAMESPACE) - - --writeStatusName - - "" - image: quay.io/operator-framework/olm@sha256:e74b2ac57963c7f3ba19122a8c31c9f2a0deb3c0c5cac9e5323ccffd0ca198ed - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - env: - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator - resources: - requests: - cpu: 10m - memory: 160Mi - nodeSelector: - kubernetes.io/os: linux diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_08-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_08-catalog-operator.deployment.yaml deleted file mode 100644 index 169fb6f6a5..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_08-catalog-operator.deployment.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_08-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: olm - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - args: - - '-namespace' - - olm - - -configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest - - -util-image - - quay.io/operator-framework/olm@sha256:e74b2ac57963c7f3ba19122a8c31c9f2a0deb3c0c5cac9e5323ccffd0ca198ed - image: quay.io/operator-framework/olm@sha256:e74b2ac57963c7f3ba19122a8c31c9f2a0deb3c0c5cac9e5323ccffd0ca198ed - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - terminationMessagePolicy: FallbackToLogsOnError - resources: - requests: - cpu: 10m - memory: 80Mi - nodeSelector: - kubernetes.io/os: linux diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_09-aggregated.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_09-aggregated.clusterrole.yaml deleted file mode 100644 index e7aa0af341..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_09-aggregated.clusterrole.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["subscriptions"] - verbs: ["create", "update", "patch", "delete"] -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] - verbs: ["delete"] ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "admin", "edit" and "view" default roles - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "operatorgroups"] - verbs: ["get", "list", "watch"] -- apiGroups: ["packages.operators.coreos.com"] - resources: ["packagemanifests", "packagemanifests/icon"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_13-operatorgroup-default.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_13-operatorgroup-default.yaml deleted file mode 100644 index 56f5bca2bd..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_13-operatorgroup-default.yaml +++ /dev/null @@ -1,17 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: global-operators - namespace: operators ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: olm-operators - namespace: olm -spec: - targetNamespaces: - - olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_15-packageserver.clusterserviceversion.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_15-packageserver.clusterserviceversion.yaml deleted file mode 100644 index ec592b9f38..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_15-packageserver.clusterserviceversion.yaml +++ /dev/null @@ -1,135 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_15-packageserver.clusterserviceversion.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: ClusterServiceVersion -metadata: - name: packageserver - namespace: olm - labels: - olm.version: 0.18.3 -spec: - displayName: Package Server - description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion. - minKubeVersion: 1.11.0 - keywords: ['packagemanifests', 'olm', 'packages'] - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - provider: - name: Red Hat - links: - - name: Package Server - url: https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/package-server - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: true - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - clusterPermissions: - - serviceAccountName: olm-operator-serviceaccount - rules: - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - get - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "operators.coreos.com" - resources: - - catalogsources - verbs: - - get - - list - - watch - - apiGroups: - - "packages.operators.coreos.com" - resources: - - packagemanifests - verbs: - - get - - list - deployments: - - name: packageserver - spec: - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - maxSurge: 1 - replicas: 2 - selector: - matchLabels: - app: packageserver - template: - metadata: - labels: - app: packageserver - spec: - serviceAccountName: olm-operator-serviceaccount - nodeSelector: - kubernetes.io/os: linux - containers: - - name: packageserver - command: - - /bin/package-server - - -v=4 - - --secure-port - - "5443" - - --global-namespace - - olm - image: quay.io/operator-framework/olm@sha256:e74b2ac57963c7f3ba19122a8c31c9f2a0deb3c0c5cac9e5323ccffd0ca198ed - imagePullPolicy: Always - ports: - - containerPort: 5443 - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - terminationMessagePolicy: FallbackToLogsOnError - resources: - requests: - cpu: 10m - memory: 50Mi - securityContext: - runAsUser: 1000 - volumeMounts: - - name: tmpfs - mountPath: /tmp - volumes: - - name: tmpfs - emptyDir: {} - maturity: alpha - version: 0.18.3 - apiservicedefinitions: - owned: - - group: packages.operators.coreos.com - version: v1 - kind: PackageManifest - name: packagemanifests - displayName: PackageManifest - description: A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps - deploymentName: packageserver - containerPort: 5443 diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_17-upstream-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_17-upstream-operators.catalogsource.yaml deleted file mode 100644 index 50da73f93f..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.18.3/0000_50_olm_17-upstream-operators.catalogsource.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_17-upstream-operators.catalogsource.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: operatorhubio-catalog - namespace: olm -spec: - sourceType: grpc - image: quay.io/operatorhubio/catalog:latest - displayName: Community Operators - publisher: OperatorHub.io - updateStrategy: - registryPoll: - interval: 60m diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/01-alm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/01-alm-operator.serviceaccount.yaml deleted file mode 100644 index bdbf631a2b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/01-alm-operator.serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -##--- -# Source: olm/templates/01-alm-operator.serviceaccount.yaml -kind: ServiceAccount -apiVersion: v1 -metadata: - name: alm-operator-serviceaccount - namespace: kube-system - labels: - tectonic-operators.coreos.com/managed-by: tectonic-x-operator -imagePullSecrets: -- name: coreos-pull-secret diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/02-alm-operator.rolebinding.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/02-alm-operator.rolebinding.yaml deleted file mode 100644 index 7aa932df1b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/02-alm-operator.rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -##--- -# Source: olm/templates/02-alm-operator.rolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: alm-operator-binding - labels: - tectonic-operators.coreos.com/managed-by: tectonic-x-operator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: alm-operator-serviceaccount - namespace: kube-system diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/03-clusterserviceversion.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/03-clusterserviceversion.crd.yaml deleted file mode 100644 index 39b3fe5d91..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/03-clusterserviceversion.crd.yaml +++ /dev/null @@ -1,413 +0,0 @@ -##--- -# Source: olm/templates/03-clusterserviceversion.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterserviceversion-v1s.app.coreos.com - annotations: - displayName: Operator Version - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. - labels: - tectonic-operators.coreos.com/managed-by: tectonic-x-operator -spec: - names: - plural: clusterserviceversion-v1s - singular: clusterserviceversion-v1 - kind: ClusterServiceVersion-v1 - listKind: ClusterServiceVersionList-v1 - group: app.coreos.com - version: v1alpha1 - scope: Namespaced - validation: - openAPIV3Schema: - type: object - description: Represents a single version of the operator software - required: - - spec - properties: - spec: - type: object - description: Spec for a ClusterServiceVersion - required: - - displayName - - install - properties: - displayName: - type: string - description: Human readable name of the application that will be displayed in the ALM UI - - description: - type: string - description: Human readable description of what the application does - - keywords: - type: array - description: List of keywords which will be used to discover and categorize app types - items: - type: string - - maintainers: - type: array - description: Those responsible for the creation of this specific app type - items: - type: object - description: Information for a single maintainer - required: - - name - - email - properties: - name: - type: string - description: Maintainer's name - email: - type: string - description: Maintainer's email address - format: email - optionalProperties: - type: string - description: "Any additional key-value metadata you wish to expose about the maintainer, e.g. github: " - - links: - type: array - description: Interesting links to find more information about the project, such as marketing page, documentation, or github page - items: - type: object - description: A single link to describe one aspect of the project - required: - - name - - url - properties: - name: - type: string - description: Name of the link type, e.g. homepage or github url - url: - type: string - description: URL to which the link should point - format: uri - - icon: - type: array - description: Icon which should be rendered with the application information - required: - - base64data - - mediatype - properties: - base64data: - type: string - description: Base64 binary representation of the icon image - pattern: ^(?:[A-Za-z0-9+/]{4}){0,16250}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$ - mediatype: - type: string - description: Mediatype for the binary data specified in the base64data property - enum: - - image/gif - - image/jpeg - - image/png - - image/svg+xml - version: - type: string - description: Version string, recommended that users use semantic versioning - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - replaces: - type: string - description: Name of the ClusterServiceVersion custom resource that this version replaces - - maturity: - type: string - description: What level of maturity the software has achieved at this version - enum: - - planning - - pre-alpha - - alpha - - beta - - stable - - mature - - inactive - - deprecated - labels: - type: object - description: Labels that will be applied to associated resources created by the operator. - selector: - type: object - description: Label selector to find resources associated with or managed by the operator - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - matchExpressions: - type: array - descriptions: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - customresourcedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the CRD - required: - - kind - - version - properties: - name: - type: string - description: If a CRD, the fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this spec is the same for all instances of the CRD and can be found here instead of on the CR. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - - - install: - type: object - description: Information required to install this specific version of the operator software - oneOf: - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['image'] - spec: - type: object - required: - - image - properties: - image: - type: string - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['deployment'] - spec: - type: object - required: - - deployments - properties: - deployments: - type: array - description: List of deployments to create - items: - type: object - description: A name and deployment to create in the cluster - required: - - name - - spec - properties: - name: - type: string - description: the consistent name of the deployment - spec: - type: object - description: The deployment spec to create in the cluster - permissions: - type: array - description: Permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - get - - list - - watch - - create - - update - - patch - - delete - - deletecollection diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/05-catalogsource.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/05-catalogsource.crd.yaml deleted file mode 100644 index fb99f09746..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/05-catalogsource.crd.yaml +++ /dev/null @@ -1,54 +0,0 @@ -##--- -# Source: olm/templates/05-catalogsource.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: catalogsource-v1s.app.coreos.com - annotations: - displayName: CatalogSource - description: A source configured to find packages and updates. - labels: - tectonic-operators.coreos.com/managed-by: tectonic-x-operator -spec: - group: app.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: catalogsource-v1s - singular: catalogsource-v1 - kind: CatalogSource-v1 - listKind: CatalogSourceList-v1 - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Represents a subscription to a source and channel - required: - - spec - type: object - description: Spec for a subscription - required: - - sourceType - - name - properties: - sourceType: - type: string - description: The type of the source. Currently the only supported type is "internal". - enum: - - internal - - configMap: - type: string - string: The name of a ConfigMap that holds the entries for an in-memory catalog. - - name: - type: string - description: Name of this catalog source - - secrets: - type: array - description: A set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. - items: - type: string - description: A name of a secret in the namespace where the CatalogSource is defined. diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/06-installplan.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/06-installplan.crd.yaml deleted file mode 100644 index 8d9e128604..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/06-installplan.crd.yaml +++ /dev/null @@ -1,60 +0,0 @@ -##--- -# Source: olm/templates/06-installplan.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: installplan-v1s.app.coreos.com - annotations: - displayName: Install Plan - description: Represents a plan to install and resolve dependencies for Cluster Services - labels: - tectonic-operators.coreos.com/managed-by: tectonic-x-operator -spec: - group: app.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: installplan-v1s - singular: installplan-v1 - kind: InstallPlan-v1 - listKind: InstallPlanList-v1 - validation: - openAPIV3Schema: - type: object - description: Document which defines the desire and current state of an installation of a Cluster Service - required: - - spec - properties: - spec: - type: object - description: Spec for an InstallPlan - required: - - clusterServiceVersionNames - - approval - properties: - clusterServiceVersionNames: - type: array - description: A list of the names of the Cluster Services - items: - type: string - approval: - type: string - enum: - - Automatic - - Manual - - Update-Only # Will only apply an update if it updates existing packages only and doesn't add any new ones - approved: - type: boolean - anyOf: - - properties: - approval: - enum: - - Manual - required: - - approved - - properties: - approval: - enum: - - Automatic - - Update-Only - required: [] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/07-subscription.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/07-subscription.crd.yaml deleted file mode 100644 index b9952b1cfd..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/07-subscription.crd.yaml +++ /dev/null @@ -1,49 +0,0 @@ -##--- -# Source: olm/templates/07-subscription.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: subscription-v1s.app.coreos.com - annotations: - displayName: Subscription - description: Subcribes service catalog to a source and channel to recieve updates for packages. - labels: - tectonic-operators.coreos.com/managed-by: tectonic-x-operator -spec: - group: app.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: subscription-v1s - singular: subscription-v1 - kind: Subscription-v1 - listKind: SubscriptionList-v1 - validation: - openAPIV3Schema: - type: object - description: Represents a subscription to a source and channel - required: - - spec - properties: - spec: - type: object - description: Spec for a Subscription - required: - - source - - name - properties: - source: - type: string - description: Name of a CatalogSource that defines where and how to find the channel - - name: - type: string - description: Name of the package that defines the application - - channel: - type: string - description: Name of the channel to track - - startingCSV: - type: string - description: Name of the AppType that this subscription tracks diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/08-tectonicocs.configmap.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/08-tectonicocs.configmap.yaml deleted file mode 100644 index 1465dcbb9a..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/08-tectonicocs.configmap.yaml +++ /dev/null @@ -1,1810 +0,0 @@ -##--- -# Source: olm/templates/08-tectonicocs.configmap.yaml - -kind: ConfigMap -apiVersion: v1 -metadata: - name: tectonic-ocs - namespace: kube-system - labels: - tectonic-operators.coreos.com/managed-by: tectonic-x-operator - -data: - customResourceDefinitions: |- - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: alertmanagers.monitoring.coreos.com - spec: - group: monitoring.coreos.com - version: v1 - scope: Namespaced - names: - plural: alertmanagers - singular: alertmanager - kind: Alertmanager - listKind: AlertmanagerList - shortNames: - - alertman - - alrtman - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdbackups.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - kind: EtcdBackup - listKind: EtcdBackupList - plural: etcdbackups - singular: etcdbackup - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdclusters.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - validation: - openAPIv3: - type: object - description: Represents a single instance of etcd - additionalProperties: false - required: - - version - properties: - version: - type: string - description: Version string - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - x-descriptors: - - urn:alm:descriptor:versioning:semver - size: - type: number - description: The size of the etcd cluster - min: 1 - max: 9 - x-descriptors: - - urn:alm:descriptor:pod:count - - urn:alm:descriptor:number:integer - template: - type: object - description: Template for fields of subresources - labels: - type: object - description: Labels to apply to associated resources - names: - plural: etcdclusters - singular: etcdcluster - kind: EtcdCluster - listKind: EtcdClusterList - shortNames: - - etcdclus - - etcd - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdrestores.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - kind: EtcdRestore - listKind: EtcdRestoreList - plural: etcdrestores - singular: etcdrestore - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: prometheuses.monitoring.coreos.com - spec: - group: monitoring.coreos.com - version: v1 - scope: Namespaced - names: - plural: prometheuses - singular: prometheus - kind: Prometheus - listKind: PrometheusList - shortNames: - - prom - - prm - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: servicemonitors.monitoring.coreos.com - spec: - group: monitoring.coreos.com - version: v1 - scope: Namespaced - names: - plural: servicemonitors - singular: servicemonitor - kind: ServiceMonitor - listKind: ServiceMonitorList - shortNames: - - servicemon - - svcmon - - svcmonitor - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: vaultservices.vault.security.coreos.com - spec: - group: vault.security.coreos.com - version: v1alpha1 - scope: Namespaced - validation: - openAPIv3: - type: object - description: Represents a single instance of Vault - additionalProperties: false - required: - - version - properties: - version: - type: string - description: Version string - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - x-descriptors: - - urn:alm:descriptor:versioning:semver - nodes: - type: number - description: The number of nodes in the Vault cluster - min: 1 - max: 9 - x-descriptors: - - urn:alm:descriptor:pod:count - - urn:alm:descriptor:number:integer - template: - type: object - description: Template for fields of subresources - labels: - type: object - description: Labels to apply to associated resources - names: - plural: vaultservices - singular: vaultservice - kind: VaultService - listKind: VaultServiceList - shortNames: - - vault - - vaultserv - - vaultsrv - - clusterServiceVersions: |- - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: app.coreos.com/v1alpha1 - kind: ClusterServiceVersion-v1 - metadata: - name: etcdoperator.v0.6.1 - namespace: placeholder - annotations: - tectonic-visibility: ocs - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - **High availability** - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - **Automated updates** - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - **Backups included** - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.6.1 - maturity: alpha - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-status-descriptors: etcdoperator.v0.6.1 - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - verbs: - - "*" - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:bd944a211eaf8f31da5e6d69e8541e7cada8f16a9f7a5a570b22478997819943 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: service - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: app.coreos.com/v1alpha1 - kind: ClusterServiceVersion-v1 - metadata: - name: etcdoperator.v0.9.0 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdCluster","metadata":{"name":"example","namespace":"default"},"spec":{"size":3,"version":"3.2.13"}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdRestore","metadata":{"name":"example-etcd-cluster"},"spec":{"etcdCluster":{"name":"example-etcd-cluster"},"backupStorageType":"S3","s3":{"path":"","awsSecret":""}}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdBackup","metadata":{"name":"example-etcd-cluster-backup"},"spec":{"etcdEndpoints":[""],"storageType":"S3","s3":{"path":"","awsSecret":""}}}]' - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - - - **Automated updates** - - - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - - - **Backups included** - - - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.9.0 - maturity: alpha - replaces: etcdoperator.v0.6.1 - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - - etcdbackups - - etcdrestores - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-backup-operator - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - command: - - etcd-backup-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-restore-operator - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - command: - - etcd-restore-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: pod.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdbackups.etcd.database.coreos.com - version: v1beta2 - kind: EtcdBackup - displayName: etcd Backup - description: Represents the intent to backup an etcd cluster. - specDescriptors: - - description: Specifies the endpoints of an etcd cluster. - displayName: etcd Endpoint(s) - path: etcdEndpoints - x-descriptors: - - 'urn:alm:descriptor:etcd:endpoint' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the backup was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any backup related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdrestores.etcd.database.coreos.com - version: v1beta2 - kind: EtcdRestore - displayName: etcd Restore - description: Represents the intent to restore an etcd cluster from a backup. - specDescriptors: - - description: References the EtcdCluster which should be restored, - displayName: etcd Cluster - path: etcdCluster.name - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:EtcdCluster' - - 'urn:alm:descriptor:text' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the restore was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any restore related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: app.coreos.com/v1alpha1 - kind: ClusterServiceVersion-v1 - metadata: - name: etcdoperator.v0.9.2 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdCluster","metadata":{"name":"example","namespace":"default"},"spec":{"size":3,"version":"3.2.13"}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdRestore","metadata":{"name":"example-etcd-cluster"},"spec":{"etcdCluster":{"name":"example-etcd-cluster"},"backupStorageType":"S3","s3":{"path":"","awsSecret":""}}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdBackup","metadata":{"name":"example-etcd-cluster-backup"},"spec":{"etcdEndpoints":[""],"storageType":"S3","s3":{"path":"","awsSecret":""}}}]' - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - - - **Automated updates** - - - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - - - **Backups included** - - - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.9.2 - maturity: alpha - replaces: etcdoperator.v0.9.0 - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - - etcdbackups - - etcdrestores - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-backup-operator - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - command: - - etcd-backup-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-restore-operator - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - command: - - etcd-restore-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: pod.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdbackups.etcd.database.coreos.com - version: v1beta2 - kind: EtcdBackup - displayName: etcd Backup - description: Represents the intent to backup an etcd cluster. - specDescriptors: - - description: Specifies the endpoints of an etcd cluster. - displayName: etcd Endpoint(s) - path: etcdEndpoints - x-descriptors: - - 'urn:alm:descriptor:etcd:endpoint' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the backup was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any backup related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdrestores.etcd.database.coreos.com - version: v1beta2 - kind: EtcdRestore - displayName: etcd Restore - description: Represents the intent to restore an etcd cluster from a backup. - specDescriptors: - - description: References the EtcdCluster which should be restored, - displayName: etcd Cluster - path: etcdCluster.name - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:EtcdCluster' - - 'urn:alm:descriptor:text' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the restore was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any restore related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: app.coreos.com/v1alpha1 - kind: ClusterServiceVersion-v1 - metadata: - name: prometheusoperator.0.14.0 - namespace: placeholder - spec: - displayName: Prometheus - description: | - An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. - - _The Prometheus Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Monitoring applications - - Prometheus scrapes your application metrics based on targets maintained in a ServiceMonitor object. When alerts need to be sent, they are processsed by an AlertManager. - - [Read the complete guide to monitoring applications with the Prometheus Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/prometheus-ocs.html) - - ## Supported Features - - **High availability** - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - **Updates via automated operations** - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - **Handles the dynamic nature of containers** - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator Source Code - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.14.0 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-14-0 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: ["get", "list"] - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - servicemonitors - verbs: - - "*" - - apiGroups: - - apps - resources: - - statefulsets - verbs: ["*"] - - apiGroups: [""] - resources: - - configmaps - - secrets - verbs: ["*"] - - apiGroups: [""] - resources: - - pods - verbs: ["list", "delete"] - - apiGroups: [""] - resources: - - services - - endpoints - verbs: ["get", "create", "update"] - - apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] - - apiGroups: [""] - resources: - - namespaces - verbs: ['list'] - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-14-0 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:5037b4e90dbb03ebdefaa547ddf6a1f748c8eeebeedf6b9d9f0913ad662b5731 - command: - - sh - - -c - - > - /bin/operator --namespace=$K8S_NAMESPACE --crd-apigroup monitoring.coreos.com - --labels alm-status-descriptors=prometheusoperator.0.14.0,alm-owner-prometheus=prometheusoperator - --kubelet-service=kube-system/kubelet - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - maturity: alpha - version: 0.14.0 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Define resources requests and limits for single Pods - displayName: Resource Request - path: resources.requests - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The current number of Pods for the cluster - displayName: Cluster Size - path: replicas - - path: prometheusSelector - displayName: Prometheus Service Selector - description: Label selector to find the service that routes to this prometheus - x-descriptors: - - 'urn:alm:descriptor:label:selector' - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Selector to select which namespaces the Endpoints objects are discovered from - displayName: Monitoring Namespaces - path: namespaceSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:namespaceSelector' - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alert Manager - description: Configures an Alert Manager for the namespace - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: app.coreos.com/v1alpha1 - kind: ClusterServiceVersion-v1 - metadata: - name: prometheusoperator.0.15.0 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v1.7.0","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' - spec: - replaces: prometheusoperator.0.14.0 - displayName: Prometheus - description: | - An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. - - _The Prometheus Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Monitoring applications - - Prometheus scrapes your application metrics based on targets maintained in a ServiceMonitor object. When alerts need to be sent, they are processsed by an AlertManager. - - [Read the complete guide to monitoring applications with the Prometheus Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/prometheus-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - - - **Updates via automated operations** - - - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - - - **Handles the dynamic nature of containers** - - - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator Source Code - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.15.0 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-14-0 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: ["get", "list"] - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - servicemonitors - verbs: - - "*" - - apiGroups: - - apps - resources: - - statefulsets - verbs: ["*"] - - apiGroups: [""] - resources: - - configmaps - - secrets - verbs: ["*"] - - apiGroups: [""] - resources: - - pods - verbs: ["list", "delete"] - - apiGroups: [""] - resources: - - services - - endpoints - verbs: ["get", "create", "update"] - - apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] - - apiGroups: [""] - resources: - - namespaces - verbs: ['list'] - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-14-0 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:0e92dd9b5789c4b13d53e1319d0a6375bcca4caaf0d698af61198061222a576d - command: - - sh - - -c - - > - /bin/operator --namespace=$K8S_NAMESPACE --crd-apigroup monitoring.coreos.com - --labels alm-status-descriptors=prometheusoperator.0.15.0,alm-owner-prometheus=prometheusoperator - --kubelet-service=kube-system/kubelet - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - maturity: alpha - version: 0.15.0 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The current number of Pods for the cluster - displayName: Cluster Size - path: replicas - - path: prometheusSelector - displayName: Prometheus Service Selector - description: Label selector to find the service that routes to this prometheus - x-descriptors: - - 'urn:alm:descriptor:label:selector' - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Selector to select which namespaces the Endpoints objects are discovered from - displayName: Monitoring Namespaces - path: namespaceSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:namespaceSelector' - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alert Manager - description: Configures an Alert Manager for the namespace - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: app.coreos.com/v1alpha1 - kind: ClusterServiceVersion-v1 - metadata: - name: vault-operator.0.1.9 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"vault.security.coreos.com/v1alpha1","kind":"VaultService","metadata":{"name":"example"},"spec":{"nodes":2,"version":"0.9.1-0"}}]' - labels: - alm-catalog: tectonic-ocs - spec: - displayName: Vault - description: | - An encrypted, multi-tentant secure secret store. Vault handles the lifecycle of your secrets: leasing, key revocation, key rolling, and auditing. - - _The Vault Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Unsealing and using Vault - - Once a Vault instance is running, it must be initalized and "unsealed". Afterwards, your software can use the automatically created Kubernetes Service and Secret to communicate with it. - - [Read the complete guide to using the Vault Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/vault-ocs.html) - - ### Supported Features - - **Secure by Default** - - - Hands-free automated creation of TLS certificates between all components ensure all best practices are followed for secret security. Further, the API makes unseal operations easy. - - - **Highly available** - - - Multiple instances of Vault are clustered together via an etcd backend and secured. - - - **Safe Upgrades** - - - Rolling out a new Vault version is as easy as updating the Vault Cluster definition. Everything is automatically handled using Vault best practices while pausing for unseal tokens. - - keywords: ['vault', 'secret', 'encryption'] - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - provider: - name: CoreOS, Inc - links: - - name: Vault Project - url: https://www.vaultproject.io/ - labels: - alm-status-descriptors: vault-operator.0.1.9 - alm-owner-vault: vault-operator - operated-by: vault-operator - selector: - matchLabels: - alm-owner-vault: vault-operator - operated-by: vault-operator - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAEAAAAA7CAYAAADLjIzcAAAACXBIWXMAAAsTAAALEwEAmpwYAAAMLGlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjarVd3VFP51t23JKGEmoCAlNARBAHpSO+CgHQYW0gChBJCCip2x0EFxy4WrOjYcNSxADIWRB3rIPbuAx1URsbBgg2V9wcBZ+Z93x9vrfdb6+budbLPPvuce9dd6wA6HnyptJDUBYokCllSVCgvIzOLx2oHCxxogYQ7XyCXhiQmxgHAwP0vhwDe3gQBANec+VJpIf67oycUyQUAkQggWygXFAHEIYA2EUhlCoDRCsB6skKqABhvAHBlGZlZAFMNADe3H5sC4Gb3Y1cAXFlKUhjADAfU2Hy+LBfQTgTAKxXkKgBtKQBXiVAsAbQ3AwgU5PGFgHYbgOFFRcVCQIcNwCH7Lzq5f9PMHtTk83MHcX8vAAC1cLFcWsifiv/1KSpUDtSwAsDOk0UnAeACxM6C4tgkAGyAOCrJjk8AoA8Q58RCQIXv5imjU1X8LoE8LAuAIUBCyA+PBWAKkIbKgtQQFXbny4B+PhkvVsSkqHC2rDhJpU+WSgrj41Q6C/JEMQN4o0gekTzAyRFHxgDQBchDZXkp6f0+ydOl4rR4ANoA2SovSI5V5T4sywuLH+DIlEmpAGwA8k2OLDKpn0MZFckH+qJcBPyIZABGABWsyEuJ7s+lMkTyjLgBD0JReES/B0ookqSqvFEKqSI0SZVbLi1MVPGpjaLCqKT+OVP75aXJA7lXFbIU1cypR/n80Yn9/qm3UkViSr83mkYcwhAOHpTgIRvFyIe4pau+CzzVP5HgQ4ZciOCsigxkpIMPGSTgIxll+AMSiCAfzAsFHzKIUAoJPg9G+3+dkQM+ZCiFCHIU4AlkKKJN6EDan46jA+lgOpB2p31o34E8ns5AVWYEM5wZzYxkDhv0IUAxClEMGcT/RywWhRBBCRlEkAz08FWP8YRxhfGIcYPRxriDNPwGGcQDrIniubJ/OOdhDNqgVE1FhGxI0DnAoe1od9qTDqUD6EDaFzzakDaBM+1B+9AhdBDtT3vSvn9zqBz09nWW/6wnguRv/aji2o7anioX2YNPJmyQ9U+VsL/MSIhixP6TSS2gDlJnqZPUeeooVQ8edYJqoC5Rx6j6v7wJv0GG3MFqSRBBggIUQjzAca117XT99B/V+SoHMoggBxSiKQoACCuWTpWJc/MUvBCptFDEi5EIXIbz3F3dvIGMzCxe/+fjtSEIAIThha+xkibAtwIgcr/G+NbAkScA5+3XmPUrgL0UONYqUMpK+2M0ADCgAR1wYQxzWMMBznCHF/wRjAiMRgJSkIkJECAPRZBhMqZjDspRiaVYhXXYhK3YiR9xAPU4ipP4BRfRihu4hzZ04Dm68Ra9BEGwCC2CQxgTFoQt4US4Ez5EIBFBxBFJRCYxicglJISSmE58S1QSy4l1xBZiF/ETcYQ4SZwnrhB3iHaik3hFfCQpkk1ySTPSjhxB+pAhZCyZQo4nc8kSsoycRy4m15A15B6yjjxJXiRvkG3kc7KHAqVJGVKWlDPlQ4VRCVQWlUPJqJlUBVVF1VB7qUbqLHWNaqO6qA80k+bQPNqZ9qej6VRaQJfQM+lF9Dp6J11Hn6av0e10N/2FocUwZTgx/BgxjAxGLmMyo5xRxdjOOMw4w7jB6GC8ZTKZhkx7pjczmpnJzGdOYy5ibmDuYzYxrzAfM3tYLJYxy4kVwEpg8VkKVjlrLWsP6wTrKquD9V5NU81CzV0tUi1LTaI2V61KbbfacbWrak/VetV11W3V/dQT1IXqU9WXqG9Tb1S/rN6h3quhp2GvEaCRopGvMUdjjcZejTMa9zVea2pqWmn6ao7VFGvO1lyjuV/znGa75ge2PtuRHcYex1ayF7N3sJvYd9ivtbS07LSCtbK0FFqLtXZpndJ6qPVem6Ptoh2jLdSepV2tXad9VfuFjrqOrU6IzgSdMp0qnYM6l3W6dNV17XTDdPm6M3WrdY/o3tLt0ePouekl6BXpLdLbrXde75k+S99OP0JfqD9Pf6v+Kf3HHIpjzQnjCDjfcrZxznA6uEyuPTeGm8+t5P7IbeF2G+gbeBikGUwxqDY4ZtBmSBnaGcYYFhouMTxgeNPw4xCzISFDREMWDtk75OqQd0ZDjYKNREYVRvuMbhh9NOYZRxgXGC8zrjd+YEKbOJqMNZlsstHkjEnXUO5Q/6GCoRVDDwy9a0qaOpommU4z3Wp6ybTHzNwsykxqttbslFmXuaF5sHm++Urz4+adFhyLQAuxxUqLExa/8wx4IbxC3hreaV63palltKXScotli2Wvlb1VqtVcq31WD6w1rH2sc6xXWjdbd9tY2IyxmW5Ta3PXVt3WxzbPdrXtWdt3dvZ26Xbz7ertntkb2cfYl9nX2t930HIIcihxqHG4Pow5zGdYwbANw1odSUdPxzzHasfLTqSTl5PYaYPTleGM4b7DJcNrht9yZjuHOJc61zq3uxi6xLnMdal3eTHCZkTWiGUjzo744urpWui6zfWem77baLe5bo1ur9wd3QXu1e7XR2qNjBw5a2TDyJceTh4ij40etz05nmM853s2e3728vaSee316vS28Z7kvd77lg/XJ9Fnkc85X4ZvqO8s36O+H/y8/BR+B/z+9Hf2L/Df7f9slP0o0ahtox4HWAXwA7YEtAXyAicFbg5sC7IM4gfVBD0Ktg4WBm8PfhoyLCQ/ZE/Ii1DXUFno4dB3YX5hM8KawqnwqPCK8JYI/YjUiHURDyOtInMjayO7ozyjpkU1RTOiY6OXRd+KMYsRxOyK6R7tPXrG6NOx7Njk2HWxj+Ic42RxjWPIMaPHrBhzP942XhJfn4CEmIQVCQ8S7RNLEn8eyxybOLZ67JMkt6TpSWeTOckTk3cnv00JTVmSci/VIVWZ2pymkzYubVfau/Tw9OXpbRkjMmZkXMw0yRRnNmSxstKytmf1fBPxzapvOsZ5jisfd3O8/fgp489PMJlQOOHYRJ2J/IkHJzEmpU/aPekTP4Ffw+/Jjslen90tCBOsFjwXBgtXCjtFAaLloqc5ATnLc57lBuSuyO3MC8qryusSh4nXiV/mR+dvyn9XkFCwo6CvML1wX5Fa0aSiIxJ9SYHkdLF58ZTiK1Inabm0rcSvZFVJtyxWtl1OyMfLGxRchVRxSemg/E7ZXhpYWl36fnLa5INT9KZIplya6jh14dSnZZFlP0yjpwmmNU+3nD5nevuMkBlbZhIzs2c2z7KeNW9Wx+yo2TvnaMwpmPPrXNe5y+e++Tb928Z5ZvNmz3v8XdR3teXa5bLyW/P9529aQC8QL2hZOHLh2oVfKoQVFypdK6sqPy0SLLrwvdv3a77vW5yzuGWJ15KNS5lLJUtvLgtatnO53vKy5Y9XjFlRt5K3smLlm1UTV52v8qjatFpjtXJ125q4NQ1rbdYuXftpXd66G9Wh1fvWm65fuP7dBuGGqxuDN+7dZLapctPHzeLNt7dEbamrsaup2srcWrr1yba0bWd/8Plh13aT7ZXbP++Q7GjbmbTz9C7vXbt2m+5eUkvWKms794zb0/pj+I8Ne533btlnuK9yP/Yr9//+06Sfbh6IPdB80Ofg3kO2h9Yf5hyuqCPqptZ11+fVtzVkNlw5MvpIc6N/4+GfXX7ecdTyaPUxg2NLjmscn3e870TZiZ4maVPXydyTj5snNt87lXHq+umxp1vOxJ4590vkL6fOhpw9cS7g3NHzfuePXPC5UH/R62LdJc9Lh3/1/PVwi1dL3WXvyw2tvq2NV0ZdOX416OrJa+HXfrkec/3ijfgbV26m3rx9a9ytttvC28/uFN55ebf0bu+92fcZ9yse6D6oemj6sOZfw/61r82r7Vh7ePulR8mP7j0WPH7+m/y3Tx3znmg9qXpq8XTXM/dnRzsjO1t//+b3jufS571d5X/o/bH+hcOLQ38G/3mpO6O746XsZd+rRa+NX+944/GmuSex5+Hbore97yreG7/f+cHnw9mP6R+f9k7+xPq05vOwz41fYr/c7yvq65PyZXwAAAWAzMkBXu0AtDIBTiugod2/f6n2RuLrBvn/4f4dDQDgBewIBlJnA3FNwMYmwHY2wG4CEgGkBIMcOXLwUh15zkj3fi22DGC87+t7bQawGoHPsr6+3g19fZ+3AdQdoKmkf+8DAKYusJkHAL9az/+P/evfXvpsNqq3M8UAADowaVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8P3hwYWNrZXQgYmVnaW49Iu+7vyIgaWQ9Ilc1TTBNcENlaGlIenJlU3pOVGN6a2M5ZCI/Pgo8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJBZG9iZSBYTVAgQ29yZSA1LjYtYzExMSA3OS4xNTgzMjUsIDIwMTUvMDkvMTAtMDE6MTA6MjAgICAgICAgICI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOnhtcD0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLyIKICAgICAgICAgICAgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iCiAgICAgICAgICAgIHhtbG5zOnN0RXZ0PSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VFdmVudCMiCiAgICAgICAgICAgIHhtbG5zOmRjPSJodHRwOi8vcHVybC5vcmcvZGMvZWxlbWVudHMvMS4xLyIKICAgICAgICAgICAgeG1sbnM6cGhvdG9zaG9wPSJodHRwOi8vbnMuYWRvYmUuY29tL3Bob3Rvc2hvcC8xLjAvIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyIKICAgICAgICAgICAgeG1sbnM6ZXhpZj0iaHR0cDovL25zLmFkb2JlLmNvbS9leGlmLzEuMC8iPgogICAgICAgICA8eG1wOkNyZWF0b3JUb29sPkFkb2JlIFBob3Rvc2hvcCBDQyAyMDE1IChNYWNpbnRvc2gpPC94bXA6Q3JlYXRvclRvb2w+CiAgICAgICAgIDx4bXA6Q3JlYXRlRGF0ZT4yMDE3LTA5LTA2VDE1OjMxOjU2LTA0OjAwPC94bXA6Q3JlYXRlRGF0ZT4KICAgICAgICAgPHhtcDpNZXRhZGF0YURhdGU+MjAxNy0wOS0wNlQxNTozMTo1Ni0wNDowMDwveG1wOk1ldGFkYXRhRGF0ZT4KICAgICAgICAgPHhtcDpNb2RpZnlEYXRlPjIwMTctMDktMDZUMTU6MzE6NTYtMDQ6MDA8L3htcDpNb2RpZnlEYXRlPgogICAgICAgICA8eG1wTU06SW5zdGFuY2VJRD54bXAuaWlkOjFlMjY4MTE5LWU2NmYtNGJjNC1hZTI0LThiMTViNTg3MzE2MjwveG1wTU06SW5zdGFuY2VJRD4KICAgICAgICAgPHhtcE1NOkRvY3VtZW50SUQ+YWRvYmU6ZG9jaWQ6cGhvdG9zaG9wOjczODM4YzJiLWQzYzgtMTE3YS1iNTYyLTllNjU3MTBkNzc5YzwveG1wTU06RG9jdW1lbnRJRD4KICAgICAgICAgPHhtcE1NOk9yaWdpbmFsRG9jdW1lbnRJRD54bXAuZGlkOjQ1MjdmNDhmLTc2MGMtNGRhYi04NTJkLTNkNGZiOTA4ZmEzNjwveG1wTU06T3JpZ2luYWxEb2N1bWVudElEPgogICAgICAgICA8eG1wTU06SGlzdG9yeT4KICAgICAgICAgICAgPHJkZjpTZXE+CiAgICAgICAgICAgICAgIDxyZGY6bGkgcmRmOnBhcnNlVHlwZT0iUmVzb3VyY2UiPgogICAgICAgICAgICAgICAgICA8c3RFdnQ6YWN0aW9uPmNyZWF0ZWQ8L3N0RXZ0OmFjdGlvbj4KICAgICAgICAgICAgICAgICAgPHN0RXZ0Omluc3RhbmNlSUQ+eG1wLmlpZDo0NTI3ZjQ4Zi03NjBjLTRkYWItODUyZC0zZDRmYjkwOGZhMzY8L3N0RXZ0Omluc3RhbmNlSUQ+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDp3aGVuPjIwMTctMDktMDZUMTU6MzE6NTYtMDQ6MDA8L3N0RXZ0OndoZW4+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDpzb2Z0d2FyZUFnZW50PkFkb2JlIFBob3Rvc2hvcCBDQyAyMDE1IChNYWNpbnRvc2gpPC9zdEV2dDpzb2Z0d2FyZUFnZW50PgogICAgICAgICAgICAgICA8L3JkZjpsaT4KICAgICAgICAgICAgICAgPHJkZjpsaSByZGY6cGFyc2VUeXBlPSJSZXNvdXJjZSI+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDphY3Rpb24+c2F2ZWQ8L3N0RXZ0OmFjdGlvbj4KICAgICAgICAgICAgICAgICAgPHN0RXZ0Omluc3RhbmNlSUQ+eG1wLmlpZDoxZTI2ODExOS1lNjZmLTRiYzQtYWUyNC04YjE1YjU4NzMxNjI8L3N0RXZ0Omluc3RhbmNlSUQ+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDp3aGVuPjIwMTctMDktMDZUMTU6MzE6NTYtMDQ6MDA8L3N0RXZ0OndoZW4+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDpzb2Z0d2FyZUFnZW50PkFkb2JlIFBob3Rvc2hvcCBDQyAyMDE1IChNYWNpbnRvc2gpPC9zdEV2dDpzb2Z0d2FyZUFnZW50PgogICAgICAgICAgICAgICAgICA8c3RFdnQ6Y2hhbmdlZD4vPC9zdEV2dDpjaGFuZ2VkPgogICAgICAgICAgICAgICA8L3JkZjpsaT4KICAgICAgICAgICAgPC9yZGY6U2VxPgogICAgICAgICA8L3htcE1NOkhpc3Rvcnk+CiAgICAgICAgIDxkYzpmb3JtYXQ+aW1hZ2UvcG5nPC9kYzpmb3JtYXQ+CiAgICAgICAgIDxwaG90b3Nob3A6Q29sb3JNb2RlPjM8L3Bob3Rvc2hvcDpDb2xvck1vZGU+CiAgICAgICAgIDxwaG90b3Nob3A6SUNDUHJvZmlsZT5EaXNwbGF5PC9waG90b3Nob3A6SUNDUHJvZmlsZT4KICAgICAgICAgPHRpZmY6T3JpZW50YXRpb24+MTwvdGlmZjpPcmllbnRhdGlvbj4KICAgICAgICAgPHRpZmY6WFJlc29sdXRpb24+NzIwMDAwLzEwMDAwPC90aWZmOlhSZXNvbHV0aW9uPgogICAgICAgICA8dGlmZjpZUmVzb2x1dGlvbj43MjAwMDAvMTAwMDA8L3RpZmY6WVJlc29sdXRpb24+CiAgICAgICAgIDx0aWZmOlJlc29sdXRpb25Vbml0PjI8L3RpZmY6UmVzb2x1dGlvblVuaXQ+CiAgICAgICAgIDxleGlmOkNvbG9yU3BhY2U+NjU1MzU8L2V4aWY6Q29sb3JTcGFjZT4KICAgICAgICAgPGV4aWY6UGl4ZWxYRGltZW5zaW9uPjY0PC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6UGl4ZWxZRGltZW5zaW9uPjU5PC9leGlmOlBpeGVsWURpbWVuc2lvbj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAgIDwvcmRmOlJERj4KPC94OnhtcG1ldGE+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgCjw/eHBhY2tldCBlbmQ9InciPz6RZ44uAAAAIGNIUk0AAG11AABzoAAA/N0AAINkAABw6AAA7GgAADA+AAAQkOTsmeoAAAreSURBVHja7Jt5VFN3Fse/7yUkgQSyQBAiJWwTglKZqKBVFgURsVFgpAO2TRUonU7n0MWpVqnL6a7jtAdoz+lAsS61damHTnXascLUojMHLVUcpaesjUAVlFUWY7b35g+KhUBCEhJ71Pmd8/sDeO/edz+/e+/v3t97EDRN434eJO7zcd8DYJr+Ijc396kbN26EMxgM7b1kKE3TBEmSRHJy8m6VSlVrFkBLS4u2vLw8715cbS6X+/WcOXN6LYbAM888szckJOSre814giC0y5YtW93c3HzFIgA+n48nnnhi/b0GICIi4j2ZTHZdp9NZToJarRYpKSmXIiIiyu6ZRMdk9sfHx7/OZrMhEoksAxCJRBCLxdi0adOLDAaDuhcAxMbGFoSHh/exWCwIhULLAJhMJrq6uhAVFaWWyWQf3O3Gs9nsrrS0tB1MJhN8Ph8CgcDyNlhSUgKCIMBmszFz5sxX6urqsmmadrlbASiVyu0KheJma2vruNWf0AM0Gg2GhobQ19cHuVzePmvWrPfvVuN5PF772rVrCwBAIBDcnhY9YPr06SOFAzgcDhISEl6tra3NMRqN3LsNQE5Oztbly5cb6+vrxyU/swBM3UShUHRHR0cXVVZWbrqbjOdwOPXu7u6lhw8fRnd3NwiCuP23sLCwX+oD026wtLR0dPkIDw8PdHV1ua9bt+6yTqcT3S0AYmJifi+VSj9ta2sDkzl2nSsqKsx7AJ/PHycsMjJyQKlU7iwrK3trSp1XkBxU+xVAMzDK5cRAb+fYqi0wGLS62W49AoHgYlRU1KcajQZyudy2bnB0shAIBLeBZGdnv+3m5tZh93ak+gNEF/8L/jdnQU7zGTY0Mg4M1fMgl6QNX8TiwHX7R3D/5wWwcvMBEHbpSkxMzPf19YWHhwdEItG4aRFAQEDAmBkYGAihUIiHH35Yn5ubu81eAK6bXwfJZYEdFQaX5BXDyhXRIIwGEDMjAZIE6RcIVvrjII08sLNeBNhsm/X4+vp+m5iY+AVBEBCJRBAKheOmxSRYVVU1USuJhoYGeHt7l7DZ7Be1Wu1vbH0wTdE7YBa9CUN9O/TffD0s9/tqYE4s6LoLAEWBuqKG7ou/w0WZCt2uEkCvsxlARkbGBh8fH9A0PSbxmW2STJNgSkrKhBcaDAb4+fmhsbEx8+TJkwfs6sgkwaCvmsQ2wQHoW2PdMlAOSl1ns/zg4OCvS0tLE/r6+mAwGMxel56ebt4DgoKCLDUVWLBgwcELFy683NvbG26T8dOmw/VPT8PY8CO0e4drK8Zv54Hz5JPQHfsS+q8+G77O1x+02AdEXyfo3m5b2l0899xzGyQSCSiKsmr1JwRgWimZhoK3tzeSkpJePnjw4Oc2VWV7joCzbD5oAFRrM/QnT4Bb/AVc5nrCJe1J9C8IBtWiBql8HOCLgMAwGD8tASijVfIDAgIOL1my5JxWq4W7u7v9R2KWAIxASEpKOlpZWflde3v7XKs16XQgAIwOONqgBU0CtB6A8WdDKSNAkqAp2xpRmUy2tbi4GHq9HtQk90ZGRtpWB5gCkEgkyMjI2FhQUFBh7QMO5mSAynsBhvom6E+eAAAMZS8Fe7UK+q+Og/qpBQBg/Gw34O0H/NRk9eqHhIR8FBoaWt/a2mqT+0+YBMvKJj8HGWkts7KyKtVqdaz1h3KewJBJXIv9gc7WURmQAWZEJAw1Z6yNfX1WVlaoj4+PemBgwCrjCwsLzdcBE+2bppPH40EikSAvL2+DtbYzlq+G66H/gF30GQjPacN1T95r4H15EZw3dgNMFxBcLtzLqyE8XwW39z8BSOakchUKxW6FQqFmMpm3C7fJpk3NkLlhNBqhVCrPFhUVlV2+fPl3k3pNfCoIigIjfC6I4DDQ3dfgEp8C9PWCEZ0McHggJF5gxyuGmxnVatx8/ilAO2i+jCXJmytXrnyFw+HAw8PDJtc3C2Dfvn1WbztsNhthYWFbrQFgOFIC4tk3QJ2rBP39d8PnjwffB3vNs9Af+wQY6gOlHoRm31FwViyFZmeBReMBIC4u7m/z58+/euXKFasXbtIcsGrVKqtupGkaJEnC398fR48ePdDc3Jw5qTLPaaD7ugHjqCLF3RMYGJsXiIBQ0JfrJ8tDN4qLi4P8/f17enp6bFr9Rx55xLwHSKVSmwi6u7tj0aJFW5qbm9MnkjcGWve1MT+zkpRwfeGPuHX4OLQfvvvLdZMY//NRV+HChQt7WlpaJt25HFoHTBQKc+fObTp//vy+mpqabOu7I3dw9xyDiw/ATFoOQ/VpGC9dsG4z4XLb8/PzdwiFQhiNRrti32EAaJqGm5sbUlNTt9XU1DwKgGNdFtWD+rEZ8AkGdY0GPTRotc7w8PC3BgcHb549e9ZizW9ujD4RmjKAES+Ijo7+KTY29oNTp05Z915RdwsDmQnQr82G9vi/QP3YZJ3juLq2hYeHF+/atQs6nc6u1U9LSzMPwNzh4WRe4Orqiuzs7FdOnz6dTdO0VQeoVFsLbr5m2xHDwoULX5NKpbrOzs4pub5ZAA888IB92wlBYNWqVd3l5eXvfPzxx1uccc7H5/MbExISSimKgqenp0NkjgPQ1NRklyCapjE4OAi5XP4mg8F42mg0ih0NQKlUbgsMDKTb29sdsvoTAtizZ4/dwiiKgpeX161Zs2Ztr6mpeduRxnt7e19KS0s7oNfr7QpTqwGIxVNbOBaLhXnz5r1XV1e3TqPRTHfUg6pUqvygoCC0trbCzc3NeQC8vLymJJCmaYjFYl1MTMzrJ06ccMhrteDg4G8fe+yxf+h0OrtLXqsBOEIBg8HA0qVLS86cObO+v78/aKrycnJy/qxQKNDQ0ACSJJ0LYCpl5eghkUiolStXbtu/f/9HU4z9E0NDQ//euXMnNBqNQ55t69atzvWAkVBIT0/ff/z48Y1dXV0z7ZUTExOT39PTg4sXL457xeUUD7CnEjQHQCqVIicnJ3/Hjh2f2xn7n0dGRp7r7u6e9BWXwwD4+fk5TDiHw0FWVtbRvXv3nu7o6Iix9f4VK1Zs5PP5U254bAJw6NAhhwknSRIcDgcymezljo6OU7bcGxERcSAuLq6uo6PD4ZnfIoDq6mqHCacoCkwmE2FhYafr6upOXr9+fbG1t6pUqk1cLhc8Hs9pqz8hgJCQEIcqoGkaAoEAsbGxLx05cuRbKxueDxMTE1va2toclpPu+DZo2ig99NBD1efOnftSrVYvn6SSHNq8eXO+p6cndDqdw/f9O7YLmIYCn89HSkrKSwUFBRYBhIaGFnh5eXU2NjZCr9fD2WMcAA8PD6coMhqNWLRoUW1FRcWR2tra9AkfhsnsnzFjxl8KCwth+kmrI0diYuKdDYGRXMDj8bBmzZoN69evnxDA7NmzdwYGBvZ3dHQ4pej51UJgZOj1eiQnJ6vLysr2VFVVrTWpGToXL178VxaLBbFY7NTMbxGAr6+v05TRNA0vLy9s2bJlY0pKSqZer799gBofH/9maGjorfb2dnA4HNypMQ7AwMCAUxWq1Wr4+/tfk8vlhZcuXXoJALhcbltqauq7JElCKBTesdWfEMDo7wSdNVgsFh588MHtP/zwQ57BYHBLT09/dcaMGcbW1law7fgwyqEAnO1+Ix8vyWSyvqCgoEMtLS2PqlSqUoqinFry/urboCkErVaL2bNnv5OZmXlMKpXi6tWr4HLv/OfIxP//cfI+H/8bANeS5YFpLrRuAAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: vault-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - verbs: - - "*" - - apiGroups: - - vault.security.coreos.com - resources: - - vaultservices - verbs: - - "*" - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - deployments: - - name: vault-operator - spec: - replicas: 1 - selector: - matchLabels: - name: vault-operator - template: - metadata: - labels: - name: vault-operator - spec: - serviceAccountName: vault-operator - containers: - - name: vault-operator - image: quay.io/coreos/vault-operator@sha256:945a0a6d88cf6fa2bce9a83019a2a64f74d89fc8281301a4259f3302eabc79e6 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - version: 0.1.9 - replaces: vault-operator.0.1.5 - maturity: alpha - customresourcedefinitions: - owned: - - name: vaultservices.vault.security.coreos.com - version: v1alpha1 - kind: VaultService - displayName: Vault Service - description: A running Vault instance, backed by an Etcd Cluster - resources: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - - kind: Service - version: v1 - - kind: ConfigMap - version: v1 - - kind: Secret - version: v1 - - kind: Deployment - version: v1beta2 - - kind: ReplicaSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of Pods for the cluster - displayName: Size - path: nodes - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - statusDescriptors: - - description: The service at which the running Vault cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The port at which the Vault cluster is running under the service. - displayName: Client Port - path: clientPort - required: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - - name: etcdbackups.etcd.database.coreos.com - version: v1beta2 - kind: EtcdBackup - displayName: etcd Backup - description: Represents a backup for an etcd cluster - - name: etcdrestores.etcd.database.coreos.com - version: v1beta2 - kind: EtcdRestore - displayName: etcd Restore - description: Represents one try of restoring etcd cluster from previous backup - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: app.coreos.com/v1alpha1 - kind: ClusterServiceVersion-v1 - metadata: - namespace: placeholder - name: vault-operator.0.1.5 - annotations: - tectonic-visibility: ocs - spec: - displayName: Vault - description: | - An encrypted, multi-tentant secure secret store. Vault handles the lifecycle of your secrets: leasing, key revocation, key rolling, and auditing. - - _The Vault Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Unsealing and using Vault - - Once a Vault instance is running, it must be initalized and "unsealed". Afterwards, your software can use the automatically created Kubernetes Service and Secret to communicate with it. - - [Read the complete guide to using the Vault Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/vault-ocs.html) - - ### Supported Features - - **Secure by Default** - Hands-free automated creation of TLS certificates between all components ensure all best practices are followed for secret security. Further, the API makes unseal operations easy. - **Highly available** - Multiple instances of Vault are clustered together via an etcd backend and secured. - **Safe Upgrades** - Rolling out a new Vault version is as easy as updating the Vault Cluster definition. Everything is automatically handled using Vault best practices while pausing for unseal tokens. - - keywords: ['vault', 'secret', 'encryption'] - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - provider: - name: CoreOS, Inc - links: - - name: Vault Project - url: https://www.vaultproject.io/ - labels: - alm-status-descriptors: vault-operator.0.1.5 - alm-owner-vault: vault-operator - operated-by: vault-operator - selector: - matchLabels: - alm-owner-vault: vault-operator - operated-by: vault-operator - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAEAAAAA7CAYAAADLjIzcAAAACXBIWXMAAAsTAAALEwEAmpwYAAAMLGlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjarVd3VFP51t23JKGEmoCAlNARBAHpSO+CgHQYW0gChBJCCip2x0EFxy4WrOjYcNSxADIWRB3rIPbuAx1URsbBgg2V9wcBZ+Z93x9vrfdb6+budbLPPvuce9dd6wA6HnyptJDUBYokCllSVCgvIzOLx2oHCxxogYQ7XyCXhiQmxgHAwP0vhwDe3gQBANec+VJpIf67oycUyQUAkQggWygXFAHEIYA2EUhlCoDRCsB6skKqABhvAHBlGZlZAFMNADe3H5sC4Gb3Y1cAXFlKUhjADAfU2Hy+LBfQTgTAKxXkKgBtKQBXiVAsAbQ3AwgU5PGFgHYbgOFFRcVCQIcNwCH7Lzq5f9PMHtTk83MHcX8vAAC1cLFcWsifiv/1KSpUDtSwAsDOk0UnAeACxM6C4tgkAGyAOCrJjk8AoA8Q58RCQIXv5imjU1X8LoE8LAuAIUBCyA+PBWAKkIbKgtQQFXbny4B+PhkvVsSkqHC2rDhJpU+WSgrj41Q6C/JEMQN4o0gekTzAyRFHxgDQBchDZXkp6f0+ydOl4rR4ANoA2SovSI5V5T4sywuLH+DIlEmpAGwA8k2OLDKpn0MZFckH+qJcBPyIZABGABWsyEuJ7s+lMkTyjLgBD0JReES/B0ookqSqvFEKqSI0SZVbLi1MVPGpjaLCqKT+OVP75aXJA7lXFbIU1cypR/n80Yn9/qm3UkViSr83mkYcwhAOHpTgIRvFyIe4pau+CzzVP5HgQ4ZciOCsigxkpIMPGSTgIxll+AMSiCAfzAsFHzKIUAoJPg9G+3+dkQM+ZCiFCHIU4AlkKKJN6EDan46jA+lgOpB2p31o34E8ns5AVWYEM5wZzYxkDhv0IUAxClEMGcT/RywWhRBBCRlEkAz08FWP8YRxhfGIcYPRxriDNPwGGcQDrIniubJ/OOdhDNqgVE1FhGxI0DnAoe1od9qTDqUD6EDaFzzakDaBM+1B+9AhdBDtT3vSvn9zqBz09nWW/6wnguRv/aji2o7anioX2YNPJmyQ9U+VsL/MSIhixP6TSS2gDlJnqZPUeeooVQ8edYJqoC5Rx6j6v7wJv0GG3MFqSRBBggIUQjzAca117XT99B/V+SoHMoggBxSiKQoACCuWTpWJc/MUvBCptFDEi5EIXIbz3F3dvIGMzCxe/+fjtSEIAIThha+xkibAtwIgcr/G+NbAkScA5+3XmPUrgL0UONYqUMpK+2M0ADCgAR1wYQxzWMMBznCHF/wRjAiMRgJSkIkJECAPRZBhMqZjDspRiaVYhXXYhK3YiR9xAPU4ipP4BRfRihu4hzZ04Dm68Ra9BEGwCC2CQxgTFoQt4US4Ez5EIBFBxBFJRCYxicglJISSmE58S1QSy4l1xBZiF/ETcYQ4SZwnrhB3iHaik3hFfCQpkk1ySTPSjhxB+pAhZCyZQo4nc8kSsoycRy4m15A15B6yjjxJXiRvkG3kc7KHAqVJGVKWlDPlQ4VRCVQWlUPJqJlUBVVF1VB7qUbqLHWNaqO6qA80k+bQPNqZ9qej6VRaQJfQM+lF9Dp6J11Hn6av0e10N/2FocUwZTgx/BgxjAxGLmMyo5xRxdjOOMw4w7jB6GC8ZTKZhkx7pjczmpnJzGdOYy5ibmDuYzYxrzAfM3tYLJYxy4kVwEpg8VkKVjlrLWsP6wTrKquD9V5NU81CzV0tUi1LTaI2V61KbbfacbWrak/VetV11W3V/dQT1IXqU9WXqG9Tb1S/rN6h3quhp2GvEaCRopGvMUdjjcZejTMa9zVea2pqWmn6ao7VFGvO1lyjuV/znGa75ge2PtuRHcYex1ayF7N3sJvYd9ivtbS07LSCtbK0FFqLtXZpndJ6qPVem6Ptoh2jLdSepV2tXad9VfuFjrqOrU6IzgSdMp0qnYM6l3W6dNV17XTDdPm6M3WrdY/o3tLt0ePouekl6BXpLdLbrXde75k+S99OP0JfqD9Pf6v+Kf3HHIpjzQnjCDjfcrZxznA6uEyuPTeGm8+t5P7IbeF2G+gbeBikGUwxqDY4ZtBmSBnaGcYYFhouMTxgeNPw4xCzISFDREMWDtk75OqQd0ZDjYKNREYVRvuMbhh9NOYZRxgXGC8zrjd+YEKbOJqMNZlsstHkjEnXUO5Q/6GCoRVDDwy9a0qaOpommU4z3Wp6ybTHzNwsykxqttbslFmXuaF5sHm++Urz4+adFhyLQAuxxUqLExa/8wx4IbxC3hreaV63palltKXScotli2Wvlb1VqtVcq31WD6w1rH2sc6xXWjdbd9tY2IyxmW5Ta3PXVt3WxzbPdrXtWdt3dvZ26Xbz7ertntkb2cfYl9nX2t930HIIcihxqHG4Pow5zGdYwbANw1odSUdPxzzHasfLTqSTl5PYaYPTleGM4b7DJcNrht9yZjuHOJc61zq3uxi6xLnMdal3eTHCZkTWiGUjzo744urpWui6zfWem77baLe5bo1ur9wd3QXu1e7XR2qNjBw5a2TDyJceTh4ij40etz05nmM853s2e3728vaSee316vS28Z7kvd77lg/XJ9Fnkc85X4ZvqO8s36O+H/y8/BR+B/z+9Hf2L/Df7f9slP0o0ahtox4HWAXwA7YEtAXyAicFbg5sC7IM4gfVBD0Ktg4WBm8PfhoyLCQ/ZE/Ii1DXUFno4dB3YX5hM8KawqnwqPCK8JYI/YjUiHURDyOtInMjayO7ozyjpkU1RTOiY6OXRd+KMYsRxOyK6R7tPXrG6NOx7Njk2HWxj+Ic42RxjWPIMaPHrBhzP942XhJfn4CEmIQVCQ8S7RNLEn8eyxybOLZ67JMkt6TpSWeTOckTk3cnv00JTVmSci/VIVWZ2pymkzYubVfau/Tw9OXpbRkjMmZkXMw0yRRnNmSxstKytmf1fBPxzapvOsZ5jisfd3O8/fgp489PMJlQOOHYRJ2J/IkHJzEmpU/aPekTP4Ffw+/Jjslen90tCBOsFjwXBgtXCjtFAaLloqc5ATnLc57lBuSuyO3MC8qryusSh4nXiV/mR+dvyn9XkFCwo6CvML1wX5Fa0aSiIxJ9SYHkdLF58ZTiK1Inabm0rcSvZFVJtyxWtl1OyMfLGxRchVRxSemg/E7ZXhpYWl36fnLa5INT9KZIplya6jh14dSnZZFlP0yjpwmmNU+3nD5nevuMkBlbZhIzs2c2z7KeNW9Wx+yo2TvnaMwpmPPrXNe5y+e++Tb928Z5ZvNmz3v8XdR3teXa5bLyW/P9529aQC8QL2hZOHLh2oVfKoQVFypdK6sqPy0SLLrwvdv3a77vW5yzuGWJ15KNS5lLJUtvLgtatnO53vKy5Y9XjFlRt5K3smLlm1UTV52v8qjatFpjtXJ125q4NQ1rbdYuXftpXd66G9Wh1fvWm65fuP7dBuGGqxuDN+7dZLapctPHzeLNt7dEbamrsaup2srcWrr1yba0bWd/8Plh13aT7ZXbP++Q7GjbmbTz9C7vXbt2m+5eUkvWKms794zb0/pj+I8Ne533btlnuK9yP/Yr9//+06Sfbh6IPdB80Ofg3kO2h9Yf5hyuqCPqptZ11+fVtzVkNlw5MvpIc6N/4+GfXX7ecdTyaPUxg2NLjmscn3e870TZiZ4maVPXydyTj5snNt87lXHq+umxp1vOxJ4590vkL6fOhpw9cS7g3NHzfuePXPC5UH/R62LdJc9Lh3/1/PVwi1dL3WXvyw2tvq2NV0ZdOX416OrJa+HXfrkec/3ijfgbV26m3rx9a9ytttvC28/uFN55ebf0bu+92fcZ9yse6D6oemj6sOZfw/61r82r7Vh7ePulR8mP7j0WPH7+m/y3Tx3znmg9qXpq8XTXM/dnRzsjO1t//+b3jufS571d5X/o/bH+hcOLQ38G/3mpO6O746XsZd+rRa+NX+944/GmuSex5+Hbore97yreG7/f+cHnw9mP6R+f9k7+xPq05vOwz41fYr/c7yvq65PyZXwAAAWAzMkBXu0AtDIBTiugod2/f6n2RuLrBvn/4f4dDQDgBewIBlJnA3FNwMYmwHY2wG4CEgGkBIMcOXLwUh15zkj3fi22DGC87+t7bQawGoHPsr6+3g19fZ+3AdQdoKmkf+8DAKYusJkHAL9az/+P/evfXvpsNqq3M8UAADowaVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8P3hwYWNrZXQgYmVnaW49Iu+7vyIgaWQ9Ilc1TTBNcENlaGlIenJlU3pOVGN6a2M5ZCI/Pgo8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJBZG9iZSBYTVAgQ29yZSA1LjYtYzExMSA3OS4xNTgzMjUsIDIwMTUvMDkvMTAtMDE6MTA6MjAgICAgICAgICI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOnhtcD0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLyIKICAgICAgICAgICAgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iCiAgICAgICAgICAgIHhtbG5zOnN0RXZ0PSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VFdmVudCMiCiAgICAgICAgICAgIHhtbG5zOmRjPSJodHRwOi8vcHVybC5vcmcvZGMvZWxlbWVudHMvMS4xLyIKICAgICAgICAgICAgeG1sbnM6cGhvdG9zaG9wPSJodHRwOi8vbnMuYWRvYmUuY29tL3Bob3Rvc2hvcC8xLjAvIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyIKICAgICAgICAgICAgeG1sbnM6ZXhpZj0iaHR0cDovL25zLmFkb2JlLmNvbS9leGlmLzEuMC8iPgogICAgICAgICA8eG1wOkNyZWF0b3JUb29sPkFkb2JlIFBob3Rvc2hvcCBDQyAyMDE1IChNYWNpbnRvc2gpPC94bXA6Q3JlYXRvclRvb2w+CiAgICAgICAgIDx4bXA6Q3JlYXRlRGF0ZT4yMDE3LTA5LTA2VDE1OjMxOjU2LTA0OjAwPC94bXA6Q3JlYXRlRGF0ZT4KICAgICAgICAgPHhtcDpNZXRhZGF0YURhdGU+MjAxNy0wOS0wNlQxNTozMTo1Ni0wNDowMDwveG1wOk1ldGFkYXRhRGF0ZT4KICAgICAgICAgPHhtcDpNb2RpZnlEYXRlPjIwMTctMDktMDZUMTU6MzE6NTYtMDQ6MDA8L3htcDpNb2RpZnlEYXRlPgogICAgICAgICA8eG1wTU06SW5zdGFuY2VJRD54bXAuaWlkOjFlMjY4MTE5LWU2NmYtNGJjNC1hZTI0LThiMTViNTg3MzE2MjwveG1wTU06SW5zdGFuY2VJRD4KICAgICAgICAgPHhtcE1NOkRvY3VtZW50SUQ+YWRvYmU6ZG9jaWQ6cGhvdG9zaG9wOjczODM4YzJiLWQzYzgtMTE3YS1iNTYyLTllNjU3MTBkNzc5YzwveG1wTU06RG9jdW1lbnRJRD4KICAgICAgICAgPHhtcE1NOk9yaWdpbmFsRG9jdW1lbnRJRD54bXAuZGlkOjQ1MjdmNDhmLTc2MGMtNGRhYi04NTJkLTNkNGZiOTA4ZmEzNjwveG1wTU06T3JpZ2luYWxEb2N1bWVudElEPgogICAgICAgICA8eG1wTU06SGlzdG9yeT4KICAgICAgICAgICAgPHJkZjpTZXE+CiAgICAgICAgICAgICAgIDxyZGY6bGkgcmRmOnBhcnNlVHlwZT0iUmVzb3VyY2UiPgogICAgICAgICAgICAgICAgICA8c3RFdnQ6YWN0aW9uPmNyZWF0ZWQ8L3N0RXZ0OmFjdGlvbj4KICAgICAgICAgICAgICAgICAgPHN0RXZ0Omluc3RhbmNlSUQ+eG1wLmlpZDo0NTI3ZjQ4Zi03NjBjLTRkYWItODUyZC0zZDRmYjkwOGZhMzY8L3N0RXZ0Omluc3RhbmNlSUQ+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDp3aGVuPjIwMTctMDktMDZUMTU6MzE6NTYtMDQ6MDA8L3N0RXZ0OndoZW4+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDpzb2Z0d2FyZUFnZW50PkFkb2JlIFBob3Rvc2hvcCBDQyAyMDE1IChNYWNpbnRvc2gpPC9zdEV2dDpzb2Z0d2FyZUFnZW50PgogICAgICAgICAgICAgICA8L3JkZjpsaT4KICAgICAgICAgICAgICAgPHJkZjpsaSByZGY6cGFyc2VUeXBlPSJSZXNvdXJjZSI+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDphY3Rpb24+c2F2ZWQ8L3N0RXZ0OmFjdGlvbj4KICAgICAgICAgICAgICAgICAgPHN0RXZ0Omluc3RhbmNlSUQ+eG1wLmlpZDoxZTI2ODExOS1lNjZmLTRiYzQtYWUyNC04YjE1YjU4NzMxNjI8L3N0RXZ0Omluc3RhbmNlSUQ+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDp3aGVuPjIwMTctMDktMDZUMTU6MzE6NTYtMDQ6MDA8L3N0RXZ0OndoZW4+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDpzb2Z0d2FyZUFnZW50PkFkb2JlIFBob3Rvc2hvcCBDQyAyMDE1IChNYWNpbnRvc2gpPC9zdEV2dDpzb2Z0d2FyZUFnZW50PgogICAgICAgICAgICAgICAgICA8c3RFdnQ6Y2hhbmdlZD4vPC9zdEV2dDpjaGFuZ2VkPgogICAgICAgICAgICAgICA8L3JkZjpsaT4KICAgICAgICAgICAgPC9yZGY6U2VxPgogICAgICAgICA8L3htcE1NOkhpc3Rvcnk+CiAgICAgICAgIDxkYzpmb3JtYXQ+aW1hZ2UvcG5nPC9kYzpmb3JtYXQ+CiAgICAgICAgIDxwaG90b3Nob3A6Q29sb3JNb2RlPjM8L3Bob3Rvc2hvcDpDb2xvck1vZGU+CiAgICAgICAgIDxwaG90b3Nob3A6SUNDUHJvZmlsZT5EaXNwbGF5PC9waG90b3Nob3A6SUNDUHJvZmlsZT4KICAgICAgICAgPHRpZmY6T3JpZW50YXRpb24+MTwvdGlmZjpPcmllbnRhdGlvbj4KICAgICAgICAgPHRpZmY6WFJlc29sdXRpb24+NzIwMDAwLzEwMDAwPC90aWZmOlhSZXNvbHV0aW9uPgogICAgICAgICA8dGlmZjpZUmVzb2x1dGlvbj43MjAwMDAvMTAwMDA8L3RpZmY6WVJlc29sdXRpb24+CiAgICAgICAgIDx0aWZmOlJlc29sdXRpb25Vbml0PjI8L3RpZmY6UmVzb2x1dGlvblVuaXQ+CiAgICAgICAgIDxleGlmOkNvbG9yU3BhY2U+NjU1MzU8L2V4aWY6Q29sb3JTcGFjZT4KICAgICAgICAgPGV4aWY6UGl4ZWxYRGltZW5zaW9uPjY0PC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6UGl4ZWxZRGltZW5zaW9uPjU5PC9leGlmOlBpeGVsWURpbWVuc2lvbj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAgIDwvcmRmOlJERj4KPC94OnhtcG1ldGE+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgCjw/eHBhY2tldCBlbmQ9InciPz6RZ44uAAAAIGNIUk0AAG11AABzoAAA/N0AAINkAABw6AAA7GgAADA+AAAQkOTsmeoAAAreSURBVHja7Jt5VFN3Fse/7yUkgQSyQBAiJWwTglKZqKBVFgURsVFgpAO2TRUonU7n0MWpVqnL6a7jtAdoz+lAsS61damHTnXascLUojMHLVUcpaesjUAVlFUWY7b35g+KhUBCEhJ71Pmd8/sDeO/edz+/e+/v3t97EDRN434eJO7zcd8DYJr+Ijc396kbN26EMxgM7b1kKE3TBEmSRHJy8m6VSlVrFkBLS4u2vLw8715cbS6X+/WcOXN6LYbAM888szckJOSre814giC0y5YtW93c3HzFIgA+n48nnnhi/b0GICIi4j2ZTHZdp9NZToJarRYpKSmXIiIiyu6ZRMdk9sfHx7/OZrMhEoksAxCJRBCLxdi0adOLDAaDuhcAxMbGFoSHh/exWCwIhULLAJhMJrq6uhAVFaWWyWQf3O3Gs9nsrrS0tB1MJhN8Ph8CgcDyNlhSUgKCIMBmszFz5sxX6urqsmmadrlbASiVyu0KheJma2vruNWf0AM0Gg2GhobQ19cHuVzePmvWrPfvVuN5PF772rVrCwBAIBDcnhY9YPr06SOFAzgcDhISEl6tra3NMRqN3LsNQE5Oztbly5cb6+vrxyU/swBM3UShUHRHR0cXVVZWbrqbjOdwOPXu7u6lhw8fRnd3NwiCuP23sLCwX+oD026wtLR0dPkIDw8PdHV1ua9bt+6yTqcT3S0AYmJifi+VSj9ta2sDkzl2nSsqKsx7AJ/PHycsMjJyQKlU7iwrK3trSp1XkBxU+xVAMzDK5cRAb+fYqi0wGLS62W49AoHgYlRU1KcajQZyudy2bnB0shAIBLeBZGdnv+3m5tZh93ak+gNEF/8L/jdnQU7zGTY0Mg4M1fMgl6QNX8TiwHX7R3D/5wWwcvMBEHbpSkxMzPf19YWHhwdEItG4aRFAQEDAmBkYGAihUIiHH35Yn5ubu81eAK6bXwfJZYEdFQaX5BXDyhXRIIwGEDMjAZIE6RcIVvrjII08sLNeBNhsm/X4+vp+m5iY+AVBEBCJRBAKheOmxSRYVVU1USuJhoYGeHt7l7DZ7Be1Wu1vbH0wTdE7YBa9CUN9O/TffD0s9/tqYE4s6LoLAEWBuqKG7ou/w0WZCt2uEkCvsxlARkbGBh8fH9A0PSbxmW2STJNgSkrKhBcaDAb4+fmhsbEx8+TJkwfs6sgkwaCvmsQ2wQHoW2PdMlAOSl1ns/zg4OCvS0tLE/r6+mAwGMxel56ebt4DgoKCLDUVWLBgwcELFy683NvbG26T8dOmw/VPT8PY8CO0e4drK8Zv54Hz5JPQHfsS+q8+G77O1x+02AdEXyfo3m5b2l0899xzGyQSCSiKsmr1JwRgWimZhoK3tzeSkpJePnjw4Oc2VWV7joCzbD5oAFRrM/QnT4Bb/AVc5nrCJe1J9C8IBtWiBql8HOCLgMAwGD8tASijVfIDAgIOL1my5JxWq4W7u7v9R2KWAIxASEpKOlpZWflde3v7XKs16XQgAIwOONqgBU0CtB6A8WdDKSNAkqAp2xpRmUy2tbi4GHq9HtQk90ZGRtpWB5gCkEgkyMjI2FhQUFBh7QMO5mSAynsBhvom6E+eAAAMZS8Fe7UK+q+Og/qpBQBg/Gw34O0H/NRk9eqHhIR8FBoaWt/a2mqT+0+YBMvKJj8HGWkts7KyKtVqdaz1h3KewJBJXIv9gc7WURmQAWZEJAw1Z6yNfX1WVlaoj4+PemBgwCrjCwsLzdcBE+2bppPH40EikSAvL2+DtbYzlq+G66H/gF30GQjPacN1T95r4H15EZw3dgNMFxBcLtzLqyE8XwW39z8BSOakchUKxW6FQqFmMpm3C7fJpk3NkLlhNBqhVCrPFhUVlV2+fPl3k3pNfCoIigIjfC6I4DDQ3dfgEp8C9PWCEZ0McHggJF5gxyuGmxnVatx8/ilAO2i+jCXJmytXrnyFw+HAw8PDJtc3C2Dfvn1WbztsNhthYWFbrQFgOFIC4tk3QJ2rBP39d8PnjwffB3vNs9Af+wQY6gOlHoRm31FwViyFZmeBReMBIC4u7m/z58+/euXKFasXbtIcsGrVKqtupGkaJEnC398fR48ePdDc3Jw5qTLPaaD7ugHjqCLF3RMYGJsXiIBQ0JfrJ8tDN4qLi4P8/f17enp6bFr9Rx55xLwHSKVSmwi6u7tj0aJFW5qbm9MnkjcGWve1MT+zkpRwfeGPuHX4OLQfvvvLdZMY//NRV+HChQt7WlpaJt25HFoHTBQKc+fObTp//vy+mpqabOu7I3dw9xyDiw/ATFoOQ/VpGC9dsG4z4XLb8/PzdwiFQhiNRrti32EAaJqGm5sbUlNTt9XU1DwKgGNdFtWD+rEZ8AkGdY0GPTRotc7w8PC3BgcHb549e9ZizW9ujD4RmjKAES+Ijo7+KTY29oNTp05Z915RdwsDmQnQr82G9vi/QP3YZJ3juLq2hYeHF+/atQs6nc6u1U9LSzMPwNzh4WRe4Orqiuzs7FdOnz6dTdO0VQeoVFsLbr5m2xHDwoULX5NKpbrOzs4pub5ZAA888IB92wlBYNWqVd3l5eXvfPzxx1uccc7H5/MbExISSimKgqenp0NkjgPQ1NRklyCapjE4OAi5XP4mg8F42mg0ih0NQKlUbgsMDKTb29sdsvoTAtizZ4/dwiiKgpeX161Zs2Ztr6mpeduRxnt7e19KS0s7oNfr7QpTqwGIxVNbOBaLhXnz5r1XV1e3TqPRTHfUg6pUqvygoCC0trbCzc3NeQC8vLymJJCmaYjFYl1MTMzrJ06ccMhrteDg4G8fe+yxf+h0OrtLXqsBOEIBg8HA0qVLS86cObO+v78/aKrycnJy/qxQKNDQ0ACSJJ0LYCpl5eghkUiolStXbtu/f/9HU4z9E0NDQ//euXMnNBqNQ55t69atzvWAkVBIT0/ff/z48Y1dXV0z7ZUTExOT39PTg4sXL457xeUUD7CnEjQHQCqVIicnJ3/Hjh2f2xn7n0dGRp7r7u6e9BWXwwD4+fk5TDiHw0FWVtbRvXv3nu7o6Iix9f4VK1Zs5PP5U254bAJw6NAhhwknSRIcDgcymezljo6OU7bcGxERcSAuLq6uo6PD4ZnfIoDq6mqHCacoCkwmE2FhYafr6upOXr9+fbG1t6pUqk1cLhc8Hs9pqz8hgJCQEIcqoGkaAoEAsbGxLx05cuRbKxueDxMTE1va2toclpPu+DZo2ig99NBD1efOnftSrVYvn6SSHNq8eXO+p6cndDqdw/f9O7YLmIYCn89HSkrKSwUFBRYBhIaGFnh5eXU2NjZCr9fD2WMcAA8PD6coMhqNWLRoUW1FRcWR2tra9AkfhsnsnzFjxl8KCwth+kmrI0diYuKdDYGRXMDj8bBmzZoN69evnxDA7NmzdwYGBvZ3dHQ4pej51UJgZOj1eiQnJ6vLysr2VFVVrTWpGToXL178VxaLBbFY7NTMbxGAr6+v05TRNA0vLy9s2bJlY0pKSqZer799gBofH/9maGjorfb2dnA4HNypMQ7AwMCAUxWq1Wr4+/tfk8vlhZcuXXoJALhcbltqauq7JElCKBTesdWfEMDo7wSdNVgsFh588MHtP/zwQ57BYHBLT09/dcaMGcbW1law7fgwyqEAnO1+Ix8vyWSyvqCgoEMtLS2PqlSqUoqinFry/urboCkErVaL2bNnv5OZmXlMKpXi6tWr4HLv/OfIxP//cfI+H/8bANeS5YFpLrRuAAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: vault-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - verbs: - - "*" - - apiGroups: - - vault.security.coreos.com - resources: - - vaultservices - verbs: - - "*" - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - deployments: - - name: vault-operator - spec: - replicas: 1 - selector: - matchLabels: - name: vault-operator - template: - metadata: - labels: - name: vault-operator - spec: - serviceAccountName: vault-operator - containers: - - name: vault-operator - image: quay.io/coreos/vault-operator@sha256:74036811bc5d6cc1a136d8cc6d5577db67f29ba95eba02fbf0c3a8d2357dc8fe - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - version: 0.1.5 - maturity: alpha - customresourcedefinitions: - owned: - - name: vaultservices.vault.security.coreos.com - version: v1alpha1 - kind: VaultService - displayName: Vault Service - description: A running Vault instance, backed by an Etcd Cluster - resources: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - - kind: Service - version: v1 - - kind: ConfigMap - version: v1 - - kind: Secret - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of Pods for the cluster - displayName: Size - path: nodes - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - statusDescriptors: - - description: The status of each of the node Pods for the Vault cluster. - displayName: Node Status - path: nodes - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running Vault cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The port at which the Vault cluster is running under the service. - displayName: Client Port - path: clientPort - required: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - - packages: |- - - #! package-manifest: ./deploy/chart/catalog_resources/ocs/etcdoperator.v0.9.2.clusterserviceversion.yaml - packageName: etcd - channels: - - name: alpha - currentCSV: etcdoperator.v0.9.2 - - - #! package-manifest: ./deploy/chart/catalog_resources/ocs/prometheusoperator.0.15.0.clusterserviceversion.yaml - packageName: prometheus - channels: - - name: alpha - currentCSV: prometheusoperator.0.15.0 - - - #! package-manifest: ./deploy/chart/catalog_resources/ocs/vaultoperator.0.1.9.clusterserviceversion.yaml - packageName: vault - channels: - - name: alpha - currentCSV: vault-operator.0.1.9 - - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/09-tectoniccomponents.configmap.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/09-tectoniccomponents.configmap.yaml deleted file mode 100644 index 953c48342c..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/09-tectoniccomponents.configmap.yaml +++ /dev/null @@ -1,444 +0,0 @@ -##--- -# Source: olm/templates/09-tectoniccomponents.configmap.yaml - -kind: ConfigMap -apiVersion: v1 -metadata: - name: tectonic-components - namespace: kube-system - labels: - tectonic-operators.coreos.com/managed-by: tectonic-x-operator - -data: - customResourceDefinitions: |- - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: chargebacks.chargeback.coreos.com - annotations: - catalog.app.coreos.com/description: An instance of Chargeback - catalog.app.coreos.com/displayName: Chargeback - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: chargebacks - singular: chargeback - kind: Chargeback - listKind: ChargebackList - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: prestotables.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback Presto Table" - catalog.app.coreos.com/description: "A table within PrestoDB" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: prestotables - singular: prestotable - kind: PrestoTable - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reports.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback Report" - catalog.app.coreos.com/description: "A chargeback report for a specific time interval" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: reports - kind: Report - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reportdatasources.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback data source" - catalog.app.coreos.com/description: "A resource describing a source of data for usage by Report Generation Queries" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: reportdatasources - singular: reportdatasource - kind: ReportDataSource - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reportgenerationqueries.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback generation query" - catalog.app.coreos.com/description: "A SQL query used by Chargeback to generate reports" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: reportgenerationqueries - singular: reportgenerationquery - kind: ReportGenerationQuery - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reportprometheusqueries.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback prometheus query" - catalog.app.coreos.com/description: "A Prometheus query by Chargeback to do metering" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: reportprometheusqueries - singular: reportprometheusquery - kind: ReportPrometheusQuery - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: scheduledreports.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback Scheduled Report" - catalog.app.coreos.com/description: "A chargeback report that runs on a scheduled interval" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: scheduledreports - kind: ScheduledReport - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: storagelocations.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback storage location" - catalog.app.coreos.com/description: "Represents a configurable storage location for Chargeback to store metering and report data" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: storagelocations - kind: StorageLocation - - clusterServiceVersions: |- - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: app.coreos.com/v1alpha1 - kind: ClusterServiceVersion-v1 - metadata: - name: chargeback-helm-operator.v0.5.1 - namespace: placeholder - annotations: - tectonic-visibility: tectonic-feature - spec: - displayName: Chargeback - description: Chargeback can generate reports based on historical usage data from a cluster, providing accountability for how resources have been used. - keywords: [chargeback metrics reporting coreos] - version: 0.5.1 - maturity: alpha - maintainers: - - email: support@coreos.com - name: CoreOS, Inc - provider: - name: CoreOS, Inc - labels: - alm-owner-chargeback: chargeback-helm-operator - alm-status-descriptors: chargeback-helm-operator.v0.5.1 - selector: - matchLabels: - alm-owner-chargeback: chargeback-helm-operator - install: - strategy: deployment - spec: - permissions: - - rules: - - apiGroups: - - chargeback.coreos.com - resources: - - '*' - verbs: - - '*' - - apiGroups: - - "" - resources: - - pods - - pods/attach - - pods/exec - - pods/portforward - - pods/proxy - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - persistentvolumeclaims - - replicationcontrollers - - replicationcontrollers/scale - - secrets - - serviceaccounts - - services - - services/proxy - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - bindings - - events - - limitranges - - namespaces/status - - pods/log - - pods/status - - replicationcontrollers/status - - resourcequotas - - resourcequotas/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - deployments - - deployments/rollback - - deployments/scale - - statefulsets - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - deployments/rollback - - deployments/scale - - replicasets - - replicasets/scale - - replicationcontrollers/scale - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - - roles - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - serviceAccountName: chargeback-helm-operator - deployments: - - name: chargeback-helm-operator - spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app: chargeback-helm-operator - template: - metadata: - labels: - app: chargeback-helm-operator - spec: - containers: - - env: - - name: HELM_RELEASE_CRD_NAME - value: Chargeback - - name: HELM_RELEASE_CRD_API_GROUP - value: chargeback.coreos.com - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: HELM_HOST - value: 127.0.0.1:44134 - - name: SET_OWNER_REFERENCE_VALUE - value: "true" - - name: HELM_WAIT - value: "false" - - name: HELM_RECONCILE_INTERVAL_SECONDS - value: "120" - - name: RELEASE_HISTORY_LIMIT - value: "3" - image: quay.io/coreos/chargeback-helm-operator:0.5.1 - imagePullPolicy: Always - name: chargeback-helm-operator - resources: - limits: - cpu: 50m - memory: 25Mi - requests: - cpu: 50m - memory: 25Mi - - env: - - name: TILLER_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: TILLER_HISTORY_MAX - value: "3" - image: gcr.io/kubernetes-helm/tiller:v2.6.2 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 3 - httpGet: - path: /liveness - port: 44135 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: tiller - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readiness - port: 44135 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 50m - memory: 100Mi - requests: - cpu: 50m - memory: 50Mi - restartPolicy: Always - serviceAccount: chargeback-helm-operator - terminationGracePeriodSeconds: 30 - customresourcedefinitions: - owned: - - description: An instance of Chargeback - displayName: Chargeback - kind: Chargeback - name: chargebacks.chargeback.coreos.com - version: v1alpha1 - - description: A table within PrestoDB - displayName: Chargeback Presto Table - kind: PrestoTable - name: prestotables.chargeback.coreos.com - version: v1alpha1 - - description: A chargeback report for a specific time interval - displayName: Chargeback Report - kind: Report - name: reports.chargeback.coreos.com - version: v1alpha1 - - description: A resource describing a source of data for usage by Report Generation - Queries - displayName: Chargeback data source - kind: ReportDataSource - name: reportdatasources.chargeback.coreos.com - version: v1alpha1 - - description: A SQL query used by Chargeback to generate reports - displayName: Chargeback generation query - kind: ReportGenerationQuery - name: reportgenerationqueries.chargeback.coreos.com - version: v1alpha1 - - description: A Prometheus query by Chargeback to do metering - displayName: Chargeback prometheus query - kind: ReportPrometheusQuery - name: reportprometheusqueries.chargeback.coreos.com - version: v1alpha1 - - description: A chargeback report that runs on a scheduled interval - displayName: Chargeback Scheduled Report - kind: ScheduledReport - name: scheduledreports.chargeback.coreos.com - version: v1alpha1 - - description: Represents a configurable storage location for Chargeback to store - metering and report data - displayName: Chargeback storage location - kind: StorageLocation - name: storagelocations.chargeback.coreos.com - version: v1alpha1 - - packages: |- - - #! package-manifest: ./deploy/chart/catalog_resources/components/chargeback.v0.5.1.clusterserviceversion.yaml - packageName: chargeback - channels: - - name: alpha - currentCSV: chargeback-helm-operator.v0.5.1 - - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/10-tectonicocs.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/10-tectonicocs.catalogsource.yaml deleted file mode 100644 index d70321b309..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/10-tectonicocs.catalogsource.yaml +++ /dev/null @@ -1,19 +0,0 @@ -##--- -# Source: olm/templates/10-tectonicocs.catalogsource.yaml - -#! validate-crd: ./deploy/chart/templates/05-catalogsource.crd.yaml -#! parse-kind: CatalogSource -apiVersion: app.coreos.com/v1alpha1 -kind: CatalogSource-v1 -metadata: - name: tectonic-ocs - namespace: kube-system - annotations: - tectonic-operators.coreos.com/upgrade-strategy: 'DeleteAndRecreate' -spec: - name: tectonic-ocs - sourceType: internal - configMap: tectonic-ocs - displayName: Tectonic Open Cloud Services - publisher: CoreOS, Inc. - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/11-tectoniccomponents.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/11-tectoniccomponents.catalogsource.yaml deleted file mode 100644 index f99221ca13..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/11-tectoniccomponents.catalogsource.yaml +++ /dev/null @@ -1,19 +0,0 @@ -##--- -# Source: olm/templates/11-tectoniccomponents.catalogsource.yaml - -#! validate-crd: ./deploy/chart/templates/05-catalogsource.crd.yaml -#! parse-kind: CatalogSource -apiVersion: app.coreos.com/v1alpha1 -kind: CatalogSource-v1 -metadata: - name: tectonic-components - namespace: kube-system - annotations: - tectonic-operators.coreos.com/upgrade-strategy: 'DeleteAndRecreate' -spec: - name: tectonic-components - sourceType: internal - configMap: tectonic-components - displayName: Tectonic Cluster Components - publisher: CoreOS, Inc. - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/12-alm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/12-alm-operator.deployment.yaml deleted file mode 100644 index 2c3868053f..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/12-alm-operator.deployment.yaml +++ /dev/null @@ -1,48 +0,0 @@ -##--- -# Source: olm/templates/12-alm-operator.deployment.yaml -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: alm-operator - namespace: kube-system - labels: - app: alm-operator - tectonic-operators.coreos.com/managed-by: tectonic-x-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: alm-operator - template: - metadata: - labels: - app: alm-operator - spec: - serviceAccountName: alm-operator-serviceaccount - containers: - - name: alm-operator - command: - - /bin/alm - image: quay.io/coreos/olm@sha256:351f0c4973a88a4ea606721555829776429b0ecb53d5a2bfee6bce459d109e5b - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - env: - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: alm-operator - imagePullSecrets: - - name: coreos-pull-secret diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/13-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/13-catalog-operator.deployment.yaml deleted file mode 100644 index 06ccc2e557..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/13-catalog-operator.deployment.yaml +++ /dev/null @@ -1,44 +0,0 @@ -##--- -# Source: olm/templates/13-catalog-operator.deployment.yaml -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: catalog-operator - namespace: kube-system - labels: - app: catalog-operator - tectonic-operators.coreos.com/managed-by: tectonic-x-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: alm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - - '-namespace' - - kube-system - - '-debug' - image: quay.io/coreos/catalog@sha256:54571e25474a9a063a144922e7321203e5aa5e63d03f748682d559341359a916 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - imagePullSecrets: - - name: coreos-pull-secret diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/18-upstreamcomponents.configmap.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/18-upstreamcomponents.configmap.yaml deleted file mode 100644 index 955525fef2..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/18-upstreamcomponents.configmap.yaml +++ /dev/null @@ -1,462 +0,0 @@ -##--- -# Source: olm/templates/18-upstreamcomponents.configmap.yaml - -kind: ConfigMap -apiVersion: v1 -metadata: - name: upstream-components - namespace: kube-system - labels: - tectonic-operators.coreos.com/managed-by: tectonic-x-operator - -data: - customResourceDefinitions: |- - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: meterings.chargeback.coreos.com - annotations: - catalog.app.coreos.com/description: An instance of Chargeback - catalog.app.coreos.com/displayName: Chargeback - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: meterings - singular: metering - kind: Metering - listKind: MeteringList - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: prestotables.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback Presto Table" - catalog.app.coreos.com/description: "A table within PrestoDB" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: prestotables - singular: prestotable - kind: PrestoTable - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reports.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback Report" - catalog.app.coreos.com/description: "A chargeback report for a specific time interval" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: reports - kind: Report - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reportdatasources.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback data source" - catalog.app.coreos.com/description: "A resource describing a source of data for usage by Report Generation Queries" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: reportdatasources - singular: reportdatasource - kind: ReportDataSource - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reportgenerationqueries.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback generation query" - catalog.app.coreos.com/description: "A SQL query used by Chargeback to generate reports" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: reportgenerationqueries - singular: reportgenerationquery - kind: ReportGenerationQuery - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reportprometheusqueries.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback prometheus query" - catalog.app.coreos.com/description: "A Prometheus query by Chargeback to do metering" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: reportprometheusqueries - singular: reportprometheusquery - kind: ReportPrometheusQuery - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: scheduledreports.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback Scheduled Report" - catalog.app.coreos.com/description: "A chargeback report that runs on a scheduled interval" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: scheduledreports - kind: ScheduledReport - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: storagelocations.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback storage location" - catalog.app.coreos.com/description: "Represents a configurable storage location for Chargeback to store metering and report data" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: storagelocations - kind: StorageLocation - - clusterServiceVersions: |- - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: app.coreos.com/v1alpha1 - kind: ClusterServiceVersion-v1 - metadata: - name: metering-helm-operator.v0.6.0 - namespace: placeholder - annotations: - tectonic-visibility: tectonic-feature - labels: - alm-catalog: tectonic-feature - operator-metering: "true" - spec: - displayName: Metering - description: Metering can generate reports based on historical usage data from a cluster, providing accountability for how resources have been used. - keywords: [metering metrics reporting coreos] - version: 0.6.0 - maturity: alpha - maintainers: - - email: support@coreos.com - name: CoreOS, Inc - provider: - name: CoreOS, Inc - labels: - alm-owner-metering: metering-helm-operator - alm-status-descriptors: metering-helm-operator.v0.6.0 - selector: - matchLabels: - alm-owner-metering: metering-helm-operator - install: - strategy: deployment - spec: - permissions: - - rules: - - apiGroups: - - chargeback.coreos.com - resources: - - '*' - verbs: - - '*' - - apiGroups: - - "" - resources: - - pods - - pods/attach - - pods/exec - - pods/portforward - - pods/proxy - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - persistentvolumeclaims - - replicationcontrollers - - replicationcontrollers/scale - - secrets - - serviceaccounts - - services - - services/proxy - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - bindings - - events - - limitranges - - namespaces/status - - pods/log - - pods/status - - replicationcontrollers/status - - resourcequotas - - resourcequotas/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - deployments - - deployments/rollback - - deployments/scale - - statefulsets - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - deployments/rollback - - deployments/scale - - replicasets - - replicasets/scale - - replicationcontrollers/scale - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - - roles - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - serviceAccountName: metering-helm-operator - deployments: - - name: metering-helm-operator - spec: - replicas: 1 - selector: - matchLabels: - app: metering-helm-operator - strategy: - type: Recreate - template: - metadata: - labels: - app: metering-helm-operator - spec: - containers: - - args: - - run-operator.sh - env: - - name: HELM_RELEASE_CRD_NAME - value: Metering - - name: HELM_RELEASE_CRD_API_GROUP - value: chargeback.coreos.com - - name: HELM_CHART_PATH - value: /operator-metering-0.1.0.tgz - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: HELM_HOST - value: 127.0.0.1:44134 - - name: HELM_WAIT - value: "false" - - name: HELM_RECONCILE_INTERVAL_SECONDS - value: "30" - - name: RELEASE_HISTORY_LIMIT - value: "3" - image: quay.io/coreos/chargeback-helm-operator:0.6.0 - imagePullPolicy: Always - name: metering-helm-operator - resources: - limits: - cpu: 50m - memory: 25Mi - requests: - cpu: 50m - memory: 25Mi - - args: - - /tiller - env: - - name: TILLER_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: TILLER_HISTORY_MAX - value: "3" - image: quay.io/coreos/chargeback-helm-operator:0.6.0 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 3 - httpGet: - path: /liveness - port: 44135 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: tiller - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readiness - port: 44135 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 50m - memory: 100Mi - requests: - cpu: 50m - memory: 50Mi - imagePullSecrets: [] - restartPolicy: Always - securityContext: - runAsNonRoot: true - serviceAccount: metering-helm-operator - terminationGracePeriodSeconds: 30 - customresourcedefinitions: - owned: - - description: An instance of Metering - displayName: Metering - kind: Metering - name: meterings.chargeback.coreos.com - version: v1alpha1 - - description: A table within PrestoDB - displayName: Chargeback Presto Table - kind: PrestoTable - name: prestotables.chargeback.coreos.com - version: v1alpha1 - - description: A resource describing a source of data for usage by Report Generation - Queries - displayName: Chargeback data source - kind: ReportDataSource - name: reportdatasources.chargeback.coreos.com - version: v1alpha1 - - description: A SQL query used by Chargeback to generate reports - displayName: Chargeback generation query - kind: ReportGenerationQuery - name: reportgenerationqueries.chargeback.coreos.com - version: v1alpha1 - - description: A Prometheus query by Chargeback to do metering - displayName: Chargeback prometheus query - kind: ReportPrometheusQuery - name: reportprometheusqueries.chargeback.coreos.com - version: v1alpha1 - - description: A chargeback report for a specific time interval - displayName: Chargeback Report - kind: Report - name: reports.chargeback.coreos.com - version: v1alpha1 - - description: A chargeback report that runs on a scheduled interval - displayName: Chargeback Scheduled Report - kind: ScheduledReport - name: scheduledreports.chargeback.coreos.com - version: v1alpha1 - - description: Represents a configurable storage location for Chargeback to store - metering and report data - displayName: Chargeback storage location - kind: StorageLocation - name: storagelocations.chargeback.coreos.com - version: v1alpha1 - - packages: |- - - #! package-manifest: ./deploy/chart/catalog_resources/upstream/metering.0.6.0.clusterserviceversion.yaml - packageName: metering - channels: - - currentCSV: metering-helm-operator.v0.6.0 - name: alpha - - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/19-upstreamcomponents.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/19-upstreamcomponents.catalogsource.yaml deleted file mode 100644 index 8b25e74bfa..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.4.0/19-upstreamcomponents.catalogsource.yaml +++ /dev/null @@ -1,19 +0,0 @@ -##--- -# Source: olm/templates/19-upstreamcomponents.catalogsource.yaml - -#! validate-crd: ./deploy/chart/templates/05-catalogsource.crd.yaml -#! parse-kind: CatalogSource -apiVersion: app.coreos.com/v1alpha1 -kind: CatalogSource-v1 -metadata: - name: upstream-components - namespace: kube-system - annotations: - tectonic-operators.coreos.com/upgrade-strategy: 'DeleteAndRecreate' -spec: - name: upstream-components - sourceType: internal - configMap: upstream-components - displayName: OLM Upstream Components - publisher: CoreOS, Inc. - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/01-alm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/01-alm-operator.serviceaccount.yaml deleted file mode 100644 index bdbf631a2b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/01-alm-operator.serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -##--- -# Source: olm/templates/01-alm-operator.serviceaccount.yaml -kind: ServiceAccount -apiVersion: v1 -metadata: - name: alm-operator-serviceaccount - namespace: kube-system - labels: - tectonic-operators.coreos.com/managed-by: tectonic-x-operator -imagePullSecrets: -- name: coreos-pull-secret diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/02-alm-operator.rolebinding.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/02-alm-operator.rolebinding.yaml deleted file mode 100644 index 7aa932df1b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/02-alm-operator.rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -##--- -# Source: olm/templates/02-alm-operator.rolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: alm-operator-binding - labels: - tectonic-operators.coreos.com/managed-by: tectonic-x-operator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: alm-operator-serviceaccount - namespace: kube-system diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/03-clusterserviceversion.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/03-clusterserviceversion.crd.yaml deleted file mode 100644 index 39b3fe5d91..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/03-clusterserviceversion.crd.yaml +++ /dev/null @@ -1,413 +0,0 @@ -##--- -# Source: olm/templates/03-clusterserviceversion.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterserviceversion-v1s.app.coreos.com - annotations: - displayName: Operator Version - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. - labels: - tectonic-operators.coreos.com/managed-by: tectonic-x-operator -spec: - names: - plural: clusterserviceversion-v1s - singular: clusterserviceversion-v1 - kind: ClusterServiceVersion-v1 - listKind: ClusterServiceVersionList-v1 - group: app.coreos.com - version: v1alpha1 - scope: Namespaced - validation: - openAPIV3Schema: - type: object - description: Represents a single version of the operator software - required: - - spec - properties: - spec: - type: object - description: Spec for a ClusterServiceVersion - required: - - displayName - - install - properties: - displayName: - type: string - description: Human readable name of the application that will be displayed in the ALM UI - - description: - type: string - description: Human readable description of what the application does - - keywords: - type: array - description: List of keywords which will be used to discover and categorize app types - items: - type: string - - maintainers: - type: array - description: Those responsible for the creation of this specific app type - items: - type: object - description: Information for a single maintainer - required: - - name - - email - properties: - name: - type: string - description: Maintainer's name - email: - type: string - description: Maintainer's email address - format: email - optionalProperties: - type: string - description: "Any additional key-value metadata you wish to expose about the maintainer, e.g. github: " - - links: - type: array - description: Interesting links to find more information about the project, such as marketing page, documentation, or github page - items: - type: object - description: A single link to describe one aspect of the project - required: - - name - - url - properties: - name: - type: string - description: Name of the link type, e.g. homepage or github url - url: - type: string - description: URL to which the link should point - format: uri - - icon: - type: array - description: Icon which should be rendered with the application information - required: - - base64data - - mediatype - properties: - base64data: - type: string - description: Base64 binary representation of the icon image - pattern: ^(?:[A-Za-z0-9+/]{4}){0,16250}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$ - mediatype: - type: string - description: Mediatype for the binary data specified in the base64data property - enum: - - image/gif - - image/jpeg - - image/png - - image/svg+xml - version: - type: string - description: Version string, recommended that users use semantic versioning - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - replaces: - type: string - description: Name of the ClusterServiceVersion custom resource that this version replaces - - maturity: - type: string - description: What level of maturity the software has achieved at this version - enum: - - planning - - pre-alpha - - alpha - - beta - - stable - - mature - - inactive - - deprecated - labels: - type: object - description: Labels that will be applied to associated resources created by the operator. - selector: - type: object - description: Label selector to find resources associated with or managed by the operator - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - matchExpressions: - type: array - descriptions: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - customresourcedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the CRD - required: - - kind - - version - properties: - name: - type: string - description: If a CRD, the fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this spec is the same for all instances of the CRD and can be found here instead of on the CR. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - - - install: - type: object - description: Information required to install this specific version of the operator software - oneOf: - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['image'] - spec: - type: object - required: - - image - properties: - image: - type: string - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['deployment'] - spec: - type: object - required: - - deployments - properties: - deployments: - type: array - description: List of deployments to create - items: - type: object - description: A name and deployment to create in the cluster - required: - - name - - spec - properties: - name: - type: string - description: the consistent name of the deployment - spec: - type: object - description: The deployment spec to create in the cluster - permissions: - type: array - description: Permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - get - - list - - watch - - create - - update - - patch - - delete - - deletecollection diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/05-catalogsource.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/05-catalogsource.crd.yaml deleted file mode 100644 index fb99f09746..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/05-catalogsource.crd.yaml +++ /dev/null @@ -1,54 +0,0 @@ -##--- -# Source: olm/templates/05-catalogsource.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: catalogsource-v1s.app.coreos.com - annotations: - displayName: CatalogSource - description: A source configured to find packages and updates. - labels: - tectonic-operators.coreos.com/managed-by: tectonic-x-operator -spec: - group: app.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: catalogsource-v1s - singular: catalogsource-v1 - kind: CatalogSource-v1 - listKind: CatalogSourceList-v1 - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Represents a subscription to a source and channel - required: - - spec - type: object - description: Spec for a subscription - required: - - sourceType - - name - properties: - sourceType: - type: string - description: The type of the source. Currently the only supported type is "internal". - enum: - - internal - - configMap: - type: string - string: The name of a ConfigMap that holds the entries for an in-memory catalog. - - name: - type: string - description: Name of this catalog source - - secrets: - type: array - description: A set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. - items: - type: string - description: A name of a secret in the namespace where the CatalogSource is defined. diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/06-installplan.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/06-installplan.crd.yaml deleted file mode 100644 index 8d9e128604..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/06-installplan.crd.yaml +++ /dev/null @@ -1,60 +0,0 @@ -##--- -# Source: olm/templates/06-installplan.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: installplan-v1s.app.coreos.com - annotations: - displayName: Install Plan - description: Represents a plan to install and resolve dependencies for Cluster Services - labels: - tectonic-operators.coreos.com/managed-by: tectonic-x-operator -spec: - group: app.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: installplan-v1s - singular: installplan-v1 - kind: InstallPlan-v1 - listKind: InstallPlanList-v1 - validation: - openAPIV3Schema: - type: object - description: Document which defines the desire and current state of an installation of a Cluster Service - required: - - spec - properties: - spec: - type: object - description: Spec for an InstallPlan - required: - - clusterServiceVersionNames - - approval - properties: - clusterServiceVersionNames: - type: array - description: A list of the names of the Cluster Services - items: - type: string - approval: - type: string - enum: - - Automatic - - Manual - - Update-Only # Will only apply an update if it updates existing packages only and doesn't add any new ones - approved: - type: boolean - anyOf: - - properties: - approval: - enum: - - Manual - required: - - approved - - properties: - approval: - enum: - - Automatic - - Update-Only - required: [] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/07-subscription.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/07-subscription.crd.yaml deleted file mode 100644 index b9952b1cfd..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/07-subscription.crd.yaml +++ /dev/null @@ -1,49 +0,0 @@ -##--- -# Source: olm/templates/07-subscription.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: subscription-v1s.app.coreos.com - annotations: - displayName: Subscription - description: Subcribes service catalog to a source and channel to recieve updates for packages. - labels: - tectonic-operators.coreos.com/managed-by: tectonic-x-operator -spec: - group: app.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: subscription-v1s - singular: subscription-v1 - kind: Subscription-v1 - listKind: SubscriptionList-v1 - validation: - openAPIV3Schema: - type: object - description: Represents a subscription to a source and channel - required: - - spec - properties: - spec: - type: object - description: Spec for a Subscription - required: - - source - - name - properties: - source: - type: string - description: Name of a CatalogSource that defines where and how to find the channel - - name: - type: string - description: Name of the package that defines the application - - channel: - type: string - description: Name of the channel to track - - startingCSV: - type: string - description: Name of the AppType that this subscription tracks diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/08-tectonicocs.configmap.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/08-tectonicocs.configmap.yaml deleted file mode 100644 index 1465dcbb9a..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/08-tectonicocs.configmap.yaml +++ /dev/null @@ -1,1810 +0,0 @@ -##--- -# Source: olm/templates/08-tectonicocs.configmap.yaml - -kind: ConfigMap -apiVersion: v1 -metadata: - name: tectonic-ocs - namespace: kube-system - labels: - tectonic-operators.coreos.com/managed-by: tectonic-x-operator - -data: - customResourceDefinitions: |- - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: alertmanagers.monitoring.coreos.com - spec: - group: monitoring.coreos.com - version: v1 - scope: Namespaced - names: - plural: alertmanagers - singular: alertmanager - kind: Alertmanager - listKind: AlertmanagerList - shortNames: - - alertman - - alrtman - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdbackups.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - kind: EtcdBackup - listKind: EtcdBackupList - plural: etcdbackups - singular: etcdbackup - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdclusters.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - validation: - openAPIv3: - type: object - description: Represents a single instance of etcd - additionalProperties: false - required: - - version - properties: - version: - type: string - description: Version string - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - x-descriptors: - - urn:alm:descriptor:versioning:semver - size: - type: number - description: The size of the etcd cluster - min: 1 - max: 9 - x-descriptors: - - urn:alm:descriptor:pod:count - - urn:alm:descriptor:number:integer - template: - type: object - description: Template for fields of subresources - labels: - type: object - description: Labels to apply to associated resources - names: - plural: etcdclusters - singular: etcdcluster - kind: EtcdCluster - listKind: EtcdClusterList - shortNames: - - etcdclus - - etcd - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdrestores.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - kind: EtcdRestore - listKind: EtcdRestoreList - plural: etcdrestores - singular: etcdrestore - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: prometheuses.monitoring.coreos.com - spec: - group: monitoring.coreos.com - version: v1 - scope: Namespaced - names: - plural: prometheuses - singular: prometheus - kind: Prometheus - listKind: PrometheusList - shortNames: - - prom - - prm - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: servicemonitors.monitoring.coreos.com - spec: - group: monitoring.coreos.com - version: v1 - scope: Namespaced - names: - plural: servicemonitors - singular: servicemonitor - kind: ServiceMonitor - listKind: ServiceMonitorList - shortNames: - - servicemon - - svcmon - - svcmonitor - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: vaultservices.vault.security.coreos.com - spec: - group: vault.security.coreos.com - version: v1alpha1 - scope: Namespaced - validation: - openAPIv3: - type: object - description: Represents a single instance of Vault - additionalProperties: false - required: - - version - properties: - version: - type: string - description: Version string - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - x-descriptors: - - urn:alm:descriptor:versioning:semver - nodes: - type: number - description: The number of nodes in the Vault cluster - min: 1 - max: 9 - x-descriptors: - - urn:alm:descriptor:pod:count - - urn:alm:descriptor:number:integer - template: - type: object - description: Template for fields of subresources - labels: - type: object - description: Labels to apply to associated resources - names: - plural: vaultservices - singular: vaultservice - kind: VaultService - listKind: VaultServiceList - shortNames: - - vault - - vaultserv - - vaultsrv - - clusterServiceVersions: |- - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: app.coreos.com/v1alpha1 - kind: ClusterServiceVersion-v1 - metadata: - name: etcdoperator.v0.6.1 - namespace: placeholder - annotations: - tectonic-visibility: ocs - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - **High availability** - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - **Automated updates** - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - **Backups included** - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.6.1 - maturity: alpha - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-status-descriptors: etcdoperator.v0.6.1 - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - verbs: - - "*" - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:bd944a211eaf8f31da5e6d69e8541e7cada8f16a9f7a5a570b22478997819943 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: service - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: app.coreos.com/v1alpha1 - kind: ClusterServiceVersion-v1 - metadata: - name: etcdoperator.v0.9.0 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdCluster","metadata":{"name":"example","namespace":"default"},"spec":{"size":3,"version":"3.2.13"}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdRestore","metadata":{"name":"example-etcd-cluster"},"spec":{"etcdCluster":{"name":"example-etcd-cluster"},"backupStorageType":"S3","s3":{"path":"","awsSecret":""}}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdBackup","metadata":{"name":"example-etcd-cluster-backup"},"spec":{"etcdEndpoints":[""],"storageType":"S3","s3":{"path":"","awsSecret":""}}}]' - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - - - **Automated updates** - - - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - - - **Backups included** - - - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.9.0 - maturity: alpha - replaces: etcdoperator.v0.6.1 - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - - etcdbackups - - etcdrestores - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-backup-operator - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - command: - - etcd-backup-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-restore-operator - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - command: - - etcd-restore-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: pod.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdbackups.etcd.database.coreos.com - version: v1beta2 - kind: EtcdBackup - displayName: etcd Backup - description: Represents the intent to backup an etcd cluster. - specDescriptors: - - description: Specifies the endpoints of an etcd cluster. - displayName: etcd Endpoint(s) - path: etcdEndpoints - x-descriptors: - - 'urn:alm:descriptor:etcd:endpoint' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the backup was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any backup related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdrestores.etcd.database.coreos.com - version: v1beta2 - kind: EtcdRestore - displayName: etcd Restore - description: Represents the intent to restore an etcd cluster from a backup. - specDescriptors: - - description: References the EtcdCluster which should be restored, - displayName: etcd Cluster - path: etcdCluster.name - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:EtcdCluster' - - 'urn:alm:descriptor:text' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the restore was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any restore related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: app.coreos.com/v1alpha1 - kind: ClusterServiceVersion-v1 - metadata: - name: etcdoperator.v0.9.2 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdCluster","metadata":{"name":"example","namespace":"default"},"spec":{"size":3,"version":"3.2.13"}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdRestore","metadata":{"name":"example-etcd-cluster"},"spec":{"etcdCluster":{"name":"example-etcd-cluster"},"backupStorageType":"S3","s3":{"path":"","awsSecret":""}}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdBackup","metadata":{"name":"example-etcd-cluster-backup"},"spec":{"etcdEndpoints":[""],"storageType":"S3","s3":{"path":"","awsSecret":""}}}]' - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - - - **Automated updates** - - - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - - - **Backups included** - - - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.9.2 - maturity: alpha - replaces: etcdoperator.v0.9.0 - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - - etcdbackups - - etcdrestores - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-backup-operator - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - command: - - etcd-backup-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-restore-operator - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - command: - - etcd-restore-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: pod.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdbackups.etcd.database.coreos.com - version: v1beta2 - kind: EtcdBackup - displayName: etcd Backup - description: Represents the intent to backup an etcd cluster. - specDescriptors: - - description: Specifies the endpoints of an etcd cluster. - displayName: etcd Endpoint(s) - path: etcdEndpoints - x-descriptors: - - 'urn:alm:descriptor:etcd:endpoint' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the backup was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any backup related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdrestores.etcd.database.coreos.com - version: v1beta2 - kind: EtcdRestore - displayName: etcd Restore - description: Represents the intent to restore an etcd cluster from a backup. - specDescriptors: - - description: References the EtcdCluster which should be restored, - displayName: etcd Cluster - path: etcdCluster.name - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:EtcdCluster' - - 'urn:alm:descriptor:text' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the restore was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any restore related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: app.coreos.com/v1alpha1 - kind: ClusterServiceVersion-v1 - metadata: - name: prometheusoperator.0.14.0 - namespace: placeholder - spec: - displayName: Prometheus - description: | - An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. - - _The Prometheus Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Monitoring applications - - Prometheus scrapes your application metrics based on targets maintained in a ServiceMonitor object. When alerts need to be sent, they are processsed by an AlertManager. - - [Read the complete guide to monitoring applications with the Prometheus Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/prometheus-ocs.html) - - ## Supported Features - - **High availability** - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - **Updates via automated operations** - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - **Handles the dynamic nature of containers** - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator Source Code - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.14.0 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-14-0 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: ["get", "list"] - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - servicemonitors - verbs: - - "*" - - apiGroups: - - apps - resources: - - statefulsets - verbs: ["*"] - - apiGroups: [""] - resources: - - configmaps - - secrets - verbs: ["*"] - - apiGroups: [""] - resources: - - pods - verbs: ["list", "delete"] - - apiGroups: [""] - resources: - - services - - endpoints - verbs: ["get", "create", "update"] - - apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] - - apiGroups: [""] - resources: - - namespaces - verbs: ['list'] - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-14-0 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:5037b4e90dbb03ebdefaa547ddf6a1f748c8eeebeedf6b9d9f0913ad662b5731 - command: - - sh - - -c - - > - /bin/operator --namespace=$K8S_NAMESPACE --crd-apigroup monitoring.coreos.com - --labels alm-status-descriptors=prometheusoperator.0.14.0,alm-owner-prometheus=prometheusoperator - --kubelet-service=kube-system/kubelet - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - maturity: alpha - version: 0.14.0 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Define resources requests and limits for single Pods - displayName: Resource Request - path: resources.requests - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The current number of Pods for the cluster - displayName: Cluster Size - path: replicas - - path: prometheusSelector - displayName: Prometheus Service Selector - description: Label selector to find the service that routes to this prometheus - x-descriptors: - - 'urn:alm:descriptor:label:selector' - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Selector to select which namespaces the Endpoints objects are discovered from - displayName: Monitoring Namespaces - path: namespaceSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:namespaceSelector' - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alert Manager - description: Configures an Alert Manager for the namespace - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: app.coreos.com/v1alpha1 - kind: ClusterServiceVersion-v1 - metadata: - name: prometheusoperator.0.15.0 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v1.7.0","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' - spec: - replaces: prometheusoperator.0.14.0 - displayName: Prometheus - description: | - An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. - - _The Prometheus Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Monitoring applications - - Prometheus scrapes your application metrics based on targets maintained in a ServiceMonitor object. When alerts need to be sent, they are processsed by an AlertManager. - - [Read the complete guide to monitoring applications with the Prometheus Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/prometheus-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - - - **Updates via automated operations** - - - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - - - **Handles the dynamic nature of containers** - - - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator Source Code - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.15.0 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-14-0 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: ["get", "list"] - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - servicemonitors - verbs: - - "*" - - apiGroups: - - apps - resources: - - statefulsets - verbs: ["*"] - - apiGroups: [""] - resources: - - configmaps - - secrets - verbs: ["*"] - - apiGroups: [""] - resources: - - pods - verbs: ["list", "delete"] - - apiGroups: [""] - resources: - - services - - endpoints - verbs: ["get", "create", "update"] - - apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] - - apiGroups: [""] - resources: - - namespaces - verbs: ['list'] - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-14-0 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:0e92dd9b5789c4b13d53e1319d0a6375bcca4caaf0d698af61198061222a576d - command: - - sh - - -c - - > - /bin/operator --namespace=$K8S_NAMESPACE --crd-apigroup monitoring.coreos.com - --labels alm-status-descriptors=prometheusoperator.0.15.0,alm-owner-prometheus=prometheusoperator - --kubelet-service=kube-system/kubelet - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - maturity: alpha - version: 0.15.0 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The current number of Pods for the cluster - displayName: Cluster Size - path: replicas - - path: prometheusSelector - displayName: Prometheus Service Selector - description: Label selector to find the service that routes to this prometheus - x-descriptors: - - 'urn:alm:descriptor:label:selector' - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Selector to select which namespaces the Endpoints objects are discovered from - displayName: Monitoring Namespaces - path: namespaceSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:namespaceSelector' - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alert Manager - description: Configures an Alert Manager for the namespace - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: app.coreos.com/v1alpha1 - kind: ClusterServiceVersion-v1 - metadata: - name: vault-operator.0.1.9 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"vault.security.coreos.com/v1alpha1","kind":"VaultService","metadata":{"name":"example"},"spec":{"nodes":2,"version":"0.9.1-0"}}]' - labels: - alm-catalog: tectonic-ocs - spec: - displayName: Vault - description: | - An encrypted, multi-tentant secure secret store. Vault handles the lifecycle of your secrets: leasing, key revocation, key rolling, and auditing. - - _The Vault Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Unsealing and using Vault - - Once a Vault instance is running, it must be initalized and "unsealed". Afterwards, your software can use the automatically created Kubernetes Service and Secret to communicate with it. - - [Read the complete guide to using the Vault Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/vault-ocs.html) - - ### Supported Features - - **Secure by Default** - - - Hands-free automated creation of TLS certificates between all components ensure all best practices are followed for secret security. Further, the API makes unseal operations easy. - - - **Highly available** - - - Multiple instances of Vault are clustered together via an etcd backend and secured. - - - **Safe Upgrades** - - - Rolling out a new Vault version is as easy as updating the Vault Cluster definition. Everything is automatically handled using Vault best practices while pausing for unseal tokens. - - keywords: ['vault', 'secret', 'encryption'] - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - provider: - name: CoreOS, Inc - links: - - name: Vault Project - url: https://www.vaultproject.io/ - labels: - alm-status-descriptors: vault-operator.0.1.9 - alm-owner-vault: vault-operator - operated-by: vault-operator - selector: - matchLabels: - alm-owner-vault: vault-operator - operated-by: vault-operator - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAEAAAAA7CAYAAADLjIzcAAAACXBIWXMAAAsTAAALEwEAmpwYAAAMLGlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjarVd3VFP51t23JKGEmoCAlNARBAHpSO+CgHQYW0gChBJCCip2x0EFxy4WrOjYcNSxADIWRB3rIPbuAx1URsbBgg2V9wcBZ+Z93x9vrfdb6+budbLPPvuce9dd6wA6HnyptJDUBYokCllSVCgvIzOLx2oHCxxogYQ7XyCXhiQmxgHAwP0vhwDe3gQBANec+VJpIf67oycUyQUAkQggWygXFAHEIYA2EUhlCoDRCsB6skKqABhvAHBlGZlZAFMNADe3H5sC4Gb3Y1cAXFlKUhjADAfU2Hy+LBfQTgTAKxXkKgBtKQBXiVAsAbQ3AwgU5PGFgHYbgOFFRcVCQIcNwCH7Lzq5f9PMHtTk83MHcX8vAAC1cLFcWsifiv/1KSpUDtSwAsDOk0UnAeACxM6C4tgkAGyAOCrJjk8AoA8Q58RCQIXv5imjU1X8LoE8LAuAIUBCyA+PBWAKkIbKgtQQFXbny4B+PhkvVsSkqHC2rDhJpU+WSgrj41Q6C/JEMQN4o0gekTzAyRFHxgDQBchDZXkp6f0+ydOl4rR4ANoA2SovSI5V5T4sywuLH+DIlEmpAGwA8k2OLDKpn0MZFckH+qJcBPyIZABGABWsyEuJ7s+lMkTyjLgBD0JReES/B0ookqSqvFEKqSI0SZVbLi1MVPGpjaLCqKT+OVP75aXJA7lXFbIU1cypR/n80Yn9/qm3UkViSr83mkYcwhAOHpTgIRvFyIe4pau+CzzVP5HgQ4ZciOCsigxkpIMPGSTgIxll+AMSiCAfzAsFHzKIUAoJPg9G+3+dkQM+ZCiFCHIU4AlkKKJN6EDan46jA+lgOpB2p31o34E8ns5AVWYEM5wZzYxkDhv0IUAxClEMGcT/RywWhRBBCRlEkAz08FWP8YRxhfGIcYPRxriDNPwGGcQDrIniubJ/OOdhDNqgVE1FhGxI0DnAoe1od9qTDqUD6EDaFzzakDaBM+1B+9AhdBDtT3vSvn9zqBz09nWW/6wnguRv/aji2o7anioX2YNPJmyQ9U+VsL/MSIhixP6TSS2gDlJnqZPUeeooVQ8edYJqoC5Rx6j6v7wJv0GG3MFqSRBBggIUQjzAca117XT99B/V+SoHMoggBxSiKQoACCuWTpWJc/MUvBCptFDEi5EIXIbz3F3dvIGMzCxe/+fjtSEIAIThha+xkibAtwIgcr/G+NbAkScA5+3XmPUrgL0UONYqUMpK+2M0ADCgAR1wYQxzWMMBznCHF/wRjAiMRgJSkIkJECAPRZBhMqZjDspRiaVYhXXYhK3YiR9xAPU4ipP4BRfRihu4hzZ04Dm68Ra9BEGwCC2CQxgTFoQt4US4Ez5EIBFBxBFJRCYxicglJISSmE58S1QSy4l1xBZiF/ETcYQ4SZwnrhB3iHaik3hFfCQpkk1ySTPSjhxB+pAhZCyZQo4nc8kSsoycRy4m15A15B6yjjxJXiRvkG3kc7KHAqVJGVKWlDPlQ4VRCVQWlUPJqJlUBVVF1VB7qUbqLHWNaqO6qA80k+bQPNqZ9qej6VRaQJfQM+lF9Dp6J11Hn6av0e10N/2FocUwZTgx/BgxjAxGLmMyo5xRxdjOOMw4w7jB6GC8ZTKZhkx7pjczmpnJzGdOYy5ibmDuYzYxrzAfM3tYLJYxy4kVwEpg8VkKVjlrLWsP6wTrKquD9V5NU81CzV0tUi1LTaI2V61KbbfacbWrak/VetV11W3V/dQT1IXqU9WXqG9Tb1S/rN6h3quhp2GvEaCRopGvMUdjjcZejTMa9zVea2pqWmn6ao7VFGvO1lyjuV/znGa75ge2PtuRHcYex1ayF7N3sJvYd9ivtbS07LSCtbK0FFqLtXZpndJ6qPVem6Ptoh2jLdSepV2tXad9VfuFjrqOrU6IzgSdMp0qnYM6l3W6dNV17XTDdPm6M3WrdY/o3tLt0ePouekl6BXpLdLbrXde75k+S99OP0JfqD9Pf6v+Kf3HHIpjzQnjCDjfcrZxznA6uEyuPTeGm8+t5P7IbeF2G+gbeBikGUwxqDY4ZtBmSBnaGcYYFhouMTxgeNPw4xCzISFDREMWDtk75OqQd0ZDjYKNREYVRvuMbhh9NOYZRxgXGC8zrjd+YEKbOJqMNZlsstHkjEnXUO5Q/6GCoRVDDwy9a0qaOpommU4z3Wp6ybTHzNwsykxqttbslFmXuaF5sHm++Urz4+adFhyLQAuxxUqLExa/8wx4IbxC3hreaV63palltKXScotli2Wvlb1VqtVcq31WD6w1rH2sc6xXWjdbd9tY2IyxmW5Ta3PXVt3WxzbPdrXtWdt3dvZ26Xbz7ertntkb2cfYl9nX2t930HIIcihxqHG4Pow5zGdYwbANw1odSUdPxzzHasfLTqSTl5PYaYPTleGM4b7DJcNrht9yZjuHOJc61zq3uxi6xLnMdal3eTHCZkTWiGUjzo744urpWui6zfWem77baLe5bo1ur9wd3QXu1e7XR2qNjBw5a2TDyJceTh4ij40etz05nmM853s2e3728vaSee316vS28Z7kvd77lg/XJ9Fnkc85X4ZvqO8s36O+H/y8/BR+B/z+9Hf2L/Df7f9slP0o0ahtox4HWAXwA7YEtAXyAicFbg5sC7IM4gfVBD0Ktg4WBm8PfhoyLCQ/ZE/Ii1DXUFno4dB3YX5hM8KawqnwqPCK8JYI/YjUiHURDyOtInMjayO7ozyjpkU1RTOiY6OXRd+KMYsRxOyK6R7tPXrG6NOx7Njk2HWxj+Ic42RxjWPIMaPHrBhzP942XhJfn4CEmIQVCQ8S7RNLEn8eyxybOLZ67JMkt6TpSWeTOckTk3cnv00JTVmSci/VIVWZ2pymkzYubVfau/Tw9OXpbRkjMmZkXMw0yRRnNmSxstKytmf1fBPxzapvOsZ5jisfd3O8/fgp489PMJlQOOHYRJ2J/IkHJzEmpU/aPekTP4Ffw+/Jjslen90tCBOsFjwXBgtXCjtFAaLloqc5ATnLc57lBuSuyO3MC8qryusSh4nXiV/mR+dvyn9XkFCwo6CvML1wX5Fa0aSiIxJ9SYHkdLF58ZTiK1Inabm0rcSvZFVJtyxWtl1OyMfLGxRchVRxSemg/E7ZXhpYWl36fnLa5INT9KZIplya6jh14dSnZZFlP0yjpwmmNU+3nD5nevuMkBlbZhIzs2c2z7KeNW9Wx+yo2TvnaMwpmPPrXNe5y+e++Tb928Z5ZvNmz3v8XdR3teXa5bLyW/P9529aQC8QL2hZOHLh2oVfKoQVFypdK6sqPy0SLLrwvdv3a77vW5yzuGWJ15KNS5lLJUtvLgtatnO53vKy5Y9XjFlRt5K3smLlm1UTV52v8qjatFpjtXJ125q4NQ1rbdYuXftpXd66G9Wh1fvWm65fuP7dBuGGqxuDN+7dZLapctPHzeLNt7dEbamrsaup2srcWrr1yba0bWd/8Plh13aT7ZXbP++Q7GjbmbTz9C7vXbt2m+5eUkvWKms794zb0/pj+I8Ne533btlnuK9yP/Yr9//+06Sfbh6IPdB80Ofg3kO2h9Yf5hyuqCPqptZ11+fVtzVkNlw5MvpIc6N/4+GfXX7ecdTyaPUxg2NLjmscn3e870TZiZ4maVPXydyTj5snNt87lXHq+umxp1vOxJ4590vkL6fOhpw9cS7g3NHzfuePXPC5UH/R62LdJc9Lh3/1/PVwi1dL3WXvyw2tvq2NV0ZdOX416OrJa+HXfrkec/3ijfgbV26m3rx9a9ytttvC28/uFN55ebf0bu+92fcZ9yse6D6oemj6sOZfw/61r82r7Vh7ePulR8mP7j0WPH7+m/y3Tx3znmg9qXpq8XTXM/dnRzsjO1t//+b3jufS571d5X/o/bH+hcOLQ38G/3mpO6O746XsZd+rRa+NX+944/GmuSex5+Hbore97yreG7/f+cHnw9mP6R+f9k7+xPq05vOwz41fYr/c7yvq65PyZXwAAAWAzMkBXu0AtDIBTiugod2/f6n2RuLrBvn/4f4dDQDgBewIBlJnA3FNwMYmwHY2wG4CEgGkBIMcOXLwUh15zkj3fi22DGC87+t7bQawGoHPsr6+3g19fZ+3AdQdoKmkf+8DAKYusJkHAL9az/+P/evfXvpsNqq3M8UAADowaVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8P3hwYWNrZXQgYmVnaW49Iu+7vyIgaWQ9Ilc1TTBNcENlaGlIenJlU3pOVGN6a2M5ZCI/Pgo8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJBZG9iZSBYTVAgQ29yZSA1LjYtYzExMSA3OS4xNTgzMjUsIDIwMTUvMDkvMTAtMDE6MTA6MjAgICAgICAgICI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOnhtcD0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLyIKICAgICAgICAgICAgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iCiAgICAgICAgICAgIHhtbG5zOnN0RXZ0PSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VFdmVudCMiCiAgICAgICAgICAgIHhtbG5zOmRjPSJodHRwOi8vcHVybC5vcmcvZGMvZWxlbWVudHMvMS4xLyIKICAgICAgICAgICAgeG1sbnM6cGhvdG9zaG9wPSJodHRwOi8vbnMuYWRvYmUuY29tL3Bob3Rvc2hvcC8xLjAvIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyIKICAgICAgICAgICAgeG1sbnM6ZXhpZj0iaHR0cDovL25zLmFkb2JlLmNvbS9leGlmLzEuMC8iPgogICAgICAgICA8eG1wOkNyZWF0b3JUb29sPkFkb2JlIFBob3Rvc2hvcCBDQyAyMDE1IChNYWNpbnRvc2gpPC94bXA6Q3JlYXRvclRvb2w+CiAgICAgICAgIDx4bXA6Q3JlYXRlRGF0ZT4yMDE3LTA5LTA2VDE1OjMxOjU2LTA0OjAwPC94bXA6Q3JlYXRlRGF0ZT4KICAgICAgICAgPHhtcDpNZXRhZGF0YURhdGU+MjAxNy0wOS0wNlQxNTozMTo1Ni0wNDowMDwveG1wOk1ldGFkYXRhRGF0ZT4KICAgICAgICAgPHhtcDpNb2RpZnlEYXRlPjIwMTctMDktMDZUMTU6MzE6NTYtMDQ6MDA8L3htcDpNb2RpZnlEYXRlPgogICAgICAgICA8eG1wTU06SW5zdGFuY2VJRD54bXAuaWlkOjFlMjY4MTE5LWU2NmYtNGJjNC1hZTI0LThiMTViNTg3MzE2MjwveG1wTU06SW5zdGFuY2VJRD4KICAgICAgICAgPHhtcE1NOkRvY3VtZW50SUQ+YWRvYmU6ZG9jaWQ6cGhvdG9zaG9wOjczODM4YzJiLWQzYzgtMTE3YS1iNTYyLTllNjU3MTBkNzc5YzwveG1wTU06RG9jdW1lbnRJRD4KICAgICAgICAgPHhtcE1NOk9yaWdpbmFsRG9jdW1lbnRJRD54bXAuZGlkOjQ1MjdmNDhmLTc2MGMtNGRhYi04NTJkLTNkNGZiOTA4ZmEzNjwveG1wTU06T3JpZ2luYWxEb2N1bWVudElEPgogICAgICAgICA8eG1wTU06SGlzdG9yeT4KICAgICAgICAgICAgPHJkZjpTZXE+CiAgICAgICAgICAgICAgIDxyZGY6bGkgcmRmOnBhcnNlVHlwZT0iUmVzb3VyY2UiPgogICAgICAgICAgICAgICAgICA8c3RFdnQ6YWN0aW9uPmNyZWF0ZWQ8L3N0RXZ0OmFjdGlvbj4KICAgICAgICAgICAgICAgICAgPHN0RXZ0Omluc3RhbmNlSUQ+eG1wLmlpZDo0NTI3ZjQ4Zi03NjBjLTRkYWItODUyZC0zZDRmYjkwOGZhMzY8L3N0RXZ0Omluc3RhbmNlSUQ+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDp3aGVuPjIwMTctMDktMDZUMTU6MzE6NTYtMDQ6MDA8L3N0RXZ0OndoZW4+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDpzb2Z0d2FyZUFnZW50PkFkb2JlIFBob3Rvc2hvcCBDQyAyMDE1IChNYWNpbnRvc2gpPC9zdEV2dDpzb2Z0d2FyZUFnZW50PgogICAgICAgICAgICAgICA8L3JkZjpsaT4KICAgICAgICAgICAgICAgPHJkZjpsaSByZGY6cGFyc2VUeXBlPSJSZXNvdXJjZSI+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDphY3Rpb24+c2F2ZWQ8L3N0RXZ0OmFjdGlvbj4KICAgICAgICAgICAgICAgICAgPHN0RXZ0Omluc3RhbmNlSUQ+eG1wLmlpZDoxZTI2ODExOS1lNjZmLTRiYzQtYWUyNC04YjE1YjU4NzMxNjI8L3N0RXZ0Omluc3RhbmNlSUQ+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDp3aGVuPjIwMTctMDktMDZUMTU6MzE6NTYtMDQ6MDA8L3N0RXZ0OndoZW4+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDpzb2Z0d2FyZUFnZW50PkFkb2JlIFBob3Rvc2hvcCBDQyAyMDE1IChNYWNpbnRvc2gpPC9zdEV2dDpzb2Z0d2FyZUFnZW50PgogICAgICAgICAgICAgICAgICA8c3RFdnQ6Y2hhbmdlZD4vPC9zdEV2dDpjaGFuZ2VkPgogICAgICAgICAgICAgICA8L3JkZjpsaT4KICAgICAgICAgICAgPC9yZGY6U2VxPgogICAgICAgICA8L3htcE1NOkhpc3Rvcnk+CiAgICAgICAgIDxkYzpmb3JtYXQ+aW1hZ2UvcG5nPC9kYzpmb3JtYXQ+CiAgICAgICAgIDxwaG90b3Nob3A6Q29sb3JNb2RlPjM8L3Bob3Rvc2hvcDpDb2xvck1vZGU+CiAgICAgICAgIDxwaG90b3Nob3A6SUNDUHJvZmlsZT5EaXNwbGF5PC9waG90b3Nob3A6SUNDUHJvZmlsZT4KICAgICAgICAgPHRpZmY6T3JpZW50YXRpb24+MTwvdGlmZjpPcmllbnRhdGlvbj4KICAgICAgICAgPHRpZmY6WFJlc29sdXRpb24+NzIwMDAwLzEwMDAwPC90aWZmOlhSZXNvbHV0aW9uPgogICAgICAgICA8dGlmZjpZUmVzb2x1dGlvbj43MjAwMDAvMTAwMDA8L3RpZmY6WVJlc29sdXRpb24+CiAgICAgICAgIDx0aWZmOlJlc29sdXRpb25Vbml0PjI8L3RpZmY6UmVzb2x1dGlvblVuaXQ+CiAgICAgICAgIDxleGlmOkNvbG9yU3BhY2U+NjU1MzU8L2V4aWY6Q29sb3JTcGFjZT4KICAgICAgICAgPGV4aWY6UGl4ZWxYRGltZW5zaW9uPjY0PC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6UGl4ZWxZRGltZW5zaW9uPjU5PC9leGlmOlBpeGVsWURpbWVuc2lvbj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAgIDwvcmRmOlJERj4KPC94OnhtcG1ldGE+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgCjw/eHBhY2tldCBlbmQ9InciPz6RZ44uAAAAIGNIUk0AAG11AABzoAAA/N0AAINkAABw6AAA7GgAADA+AAAQkOTsmeoAAAreSURBVHja7Jt5VFN3Fse/7yUkgQSyQBAiJWwTglKZqKBVFgURsVFgpAO2TRUonU7n0MWpVqnL6a7jtAdoz+lAsS61damHTnXascLUojMHLVUcpaesjUAVlFUWY7b35g+KhUBCEhJ71Pmd8/sDeO/edz+/e+/v3t97EDRN434eJO7zcd8DYJr+Ijc396kbN26EMxgM7b1kKE3TBEmSRHJy8m6VSlVrFkBLS4u2vLw8715cbS6X+/WcOXN6LYbAM888szckJOSre814giC0y5YtW93c3HzFIgA+n48nnnhi/b0GICIi4j2ZTHZdp9NZToJarRYpKSmXIiIiyu6ZRMdk9sfHx7/OZrMhEoksAxCJRBCLxdi0adOLDAaDuhcAxMbGFoSHh/exWCwIhULLAJhMJrq6uhAVFaWWyWQf3O3Gs9nsrrS0tB1MJhN8Ph8CgcDyNlhSUgKCIMBmszFz5sxX6urqsmmadrlbASiVyu0KheJma2vruNWf0AM0Gg2GhobQ19cHuVzePmvWrPfvVuN5PF772rVrCwBAIBDcnhY9YPr06SOFAzgcDhISEl6tra3NMRqN3LsNQE5Oztbly5cb6+vrxyU/swBM3UShUHRHR0cXVVZWbrqbjOdwOPXu7u6lhw8fRnd3NwiCuP23sLCwX+oD026wtLR0dPkIDw8PdHV1ua9bt+6yTqcT3S0AYmJifi+VSj9ta2sDkzl2nSsqKsx7AJ/PHycsMjJyQKlU7iwrK3trSp1XkBxU+xVAMzDK5cRAb+fYqi0wGLS62W49AoHgYlRU1KcajQZyudy2bnB0shAIBLeBZGdnv+3m5tZh93ak+gNEF/8L/jdnQU7zGTY0Mg4M1fMgl6QNX8TiwHX7R3D/5wWwcvMBEHbpSkxMzPf19YWHhwdEItG4aRFAQEDAmBkYGAihUIiHH35Yn5ubu81eAK6bXwfJZYEdFQaX5BXDyhXRIIwGEDMjAZIE6RcIVvrjII08sLNeBNhsm/X4+vp+m5iY+AVBEBCJRBAKheOmxSRYVVU1USuJhoYGeHt7l7DZ7Be1Wu1vbH0wTdE7YBa9CUN9O/TffD0s9/tqYE4s6LoLAEWBuqKG7ou/w0WZCt2uEkCvsxlARkbGBh8fH9A0PSbxmW2STJNgSkrKhBcaDAb4+fmhsbEx8+TJkwfs6sgkwaCvmsQ2wQHoW2PdMlAOSl1ns/zg4OCvS0tLE/r6+mAwGMxel56ebt4DgoKCLDUVWLBgwcELFy683NvbG26T8dOmw/VPT8PY8CO0e4drK8Zv54Hz5JPQHfsS+q8+G77O1x+02AdEXyfo3m5b2l0899xzGyQSCSiKsmr1JwRgWimZhoK3tzeSkpJePnjw4Oc2VWV7joCzbD5oAFRrM/QnT4Bb/AVc5nrCJe1J9C8IBtWiBql8HOCLgMAwGD8tASijVfIDAgIOL1my5JxWq4W7u7v9R2KWAIxASEpKOlpZWflde3v7XKs16XQgAIwOONqgBU0CtB6A8WdDKSNAkqAp2xpRmUy2tbi4GHq9HtQk90ZGRtpWB5gCkEgkyMjI2FhQUFBh7QMO5mSAynsBhvom6E+eAAAMZS8Fe7UK+q+Og/qpBQBg/Gw34O0H/NRk9eqHhIR8FBoaWt/a2mqT+0+YBMvKJj8HGWkts7KyKtVqdaz1h3KewJBJXIv9gc7WURmQAWZEJAw1Z6yNfX1WVlaoj4+PemBgwCrjCwsLzdcBE+2bppPH40EikSAvL2+DtbYzlq+G66H/gF30GQjPacN1T95r4H15EZw3dgNMFxBcLtzLqyE8XwW39z8BSOakchUKxW6FQqFmMpm3C7fJpk3NkLlhNBqhVCrPFhUVlV2+fPl3k3pNfCoIigIjfC6I4DDQ3dfgEp8C9PWCEZ0McHggJF5gxyuGmxnVatx8/ilAO2i+jCXJmytXrnyFw+HAw8PDJtc3C2Dfvn1WbztsNhthYWFbrQFgOFIC4tk3QJ2rBP39d8PnjwffB3vNs9Af+wQY6gOlHoRm31FwViyFZmeBReMBIC4u7m/z58+/euXKFasXbtIcsGrVKqtupGkaJEnC398fR48ePdDc3Jw5qTLPaaD7ugHjqCLF3RMYGJsXiIBQ0JfrJ8tDN4qLi4P8/f17enp6bFr9Rx55xLwHSKVSmwi6u7tj0aJFW5qbm9MnkjcGWve1MT+zkpRwfeGPuHX4OLQfvvvLdZMY//NRV+HChQt7WlpaJt25HFoHTBQKc+fObTp//vy+mpqabOu7I3dw9xyDiw/ATFoOQ/VpGC9dsG4z4XLb8/PzdwiFQhiNRrti32EAaJqGm5sbUlNTt9XU1DwKgGNdFtWD+rEZ8AkGdY0GPTRotc7w8PC3BgcHb549e9ZizW9ujD4RmjKAES+Ijo7+KTY29oNTp05Z915RdwsDmQnQr82G9vi/QP3YZJ3juLq2hYeHF+/atQs6nc6u1U9LSzMPwNzh4WRe4Orqiuzs7FdOnz6dTdO0VQeoVFsLbr5m2xHDwoULX5NKpbrOzs4pub5ZAA888IB92wlBYNWqVd3l5eXvfPzxx1uccc7H5/MbExISSimKgqenp0NkjgPQ1NRklyCapjE4OAi5XP4mg8F42mg0ih0NQKlUbgsMDKTb29sdsvoTAtizZ4/dwiiKgpeX161Zs2Ztr6mpeduRxnt7e19KS0s7oNfr7QpTqwGIxVNbOBaLhXnz5r1XV1e3TqPRTHfUg6pUqvygoCC0trbCzc3NeQC8vLymJJCmaYjFYl1MTMzrJ06ccMhrteDg4G8fe+yxf+h0OrtLXqsBOEIBg8HA0qVLS86cObO+v78/aKrycnJy/qxQKNDQ0ACSJJ0LYCpl5eghkUiolStXbtu/f/9HU4z9E0NDQ//euXMnNBqNQ55t69atzvWAkVBIT0/ff/z48Y1dXV0z7ZUTExOT39PTg4sXL457xeUUD7CnEjQHQCqVIicnJ3/Hjh2f2xn7n0dGRp7r7u6e9BWXwwD4+fk5TDiHw0FWVtbRvXv3nu7o6Iix9f4VK1Zs5PP5U254bAJw6NAhhwknSRIcDgcymezljo6OU7bcGxERcSAuLq6uo6PD4ZnfIoDq6mqHCacoCkwmE2FhYafr6upOXr9+fbG1t6pUqk1cLhc8Hs9pqz8hgJCQEIcqoGkaAoEAsbGxLx05cuRbKxueDxMTE1va2toclpPu+DZo2ig99NBD1efOnftSrVYvn6SSHNq8eXO+p6cndDqdw/f9O7YLmIYCn89HSkrKSwUFBRYBhIaGFnh5eXU2NjZCr9fD2WMcAA8PD6coMhqNWLRoUW1FRcWR2tra9AkfhsnsnzFjxl8KCwth+kmrI0diYuKdDYGRXMDj8bBmzZoN69evnxDA7NmzdwYGBvZ3dHQ4pej51UJgZOj1eiQnJ6vLysr2VFVVrTWpGToXL178VxaLBbFY7NTMbxGAr6+v05TRNA0vLy9s2bJlY0pKSqZer799gBofH/9maGjorfb2dnA4HNypMQ7AwMCAUxWq1Wr4+/tfk8vlhZcuXXoJALhcbltqauq7JElCKBTesdWfEMDo7wSdNVgsFh588MHtP/zwQ57BYHBLT09/dcaMGcbW1law7fgwyqEAnO1+Ix8vyWSyvqCgoEMtLS2PqlSqUoqinFry/urboCkErVaL2bNnv5OZmXlMKpXi6tWr4HLv/OfIxP//cfI+H/8bANeS5YFpLrRuAAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: vault-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - verbs: - - "*" - - apiGroups: - - vault.security.coreos.com - resources: - - vaultservices - verbs: - - "*" - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - deployments: - - name: vault-operator - spec: - replicas: 1 - selector: - matchLabels: - name: vault-operator - template: - metadata: - labels: - name: vault-operator - spec: - serviceAccountName: vault-operator - containers: - - name: vault-operator - image: quay.io/coreos/vault-operator@sha256:945a0a6d88cf6fa2bce9a83019a2a64f74d89fc8281301a4259f3302eabc79e6 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - version: 0.1.9 - replaces: vault-operator.0.1.5 - maturity: alpha - customresourcedefinitions: - owned: - - name: vaultservices.vault.security.coreos.com - version: v1alpha1 - kind: VaultService - displayName: Vault Service - description: A running Vault instance, backed by an Etcd Cluster - resources: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - - kind: Service - version: v1 - - kind: ConfigMap - version: v1 - - kind: Secret - version: v1 - - kind: Deployment - version: v1beta2 - - kind: ReplicaSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of Pods for the cluster - displayName: Size - path: nodes - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - statusDescriptors: - - description: The service at which the running Vault cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The port at which the Vault cluster is running under the service. - displayName: Client Port - path: clientPort - required: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - - name: etcdbackups.etcd.database.coreos.com - version: v1beta2 - kind: EtcdBackup - displayName: etcd Backup - description: Represents a backup for an etcd cluster - - name: etcdrestores.etcd.database.coreos.com - version: v1beta2 - kind: EtcdRestore - displayName: etcd Restore - description: Represents one try of restoring etcd cluster from previous backup - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: app.coreos.com/v1alpha1 - kind: ClusterServiceVersion-v1 - metadata: - namespace: placeholder - name: vault-operator.0.1.5 - annotations: - tectonic-visibility: ocs - spec: - displayName: Vault - description: | - An encrypted, multi-tentant secure secret store. Vault handles the lifecycle of your secrets: leasing, key revocation, key rolling, and auditing. - - _The Vault Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Unsealing and using Vault - - Once a Vault instance is running, it must be initalized and "unsealed". Afterwards, your software can use the automatically created Kubernetes Service and Secret to communicate with it. - - [Read the complete guide to using the Vault Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/vault-ocs.html) - - ### Supported Features - - **Secure by Default** - Hands-free automated creation of TLS certificates between all components ensure all best practices are followed for secret security. Further, the API makes unseal operations easy. - **Highly available** - Multiple instances of Vault are clustered together via an etcd backend and secured. - **Safe Upgrades** - Rolling out a new Vault version is as easy as updating the Vault Cluster definition. Everything is automatically handled using Vault best practices while pausing for unseal tokens. - - keywords: ['vault', 'secret', 'encryption'] - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - provider: - name: CoreOS, Inc - links: - - name: Vault Project - url: https://www.vaultproject.io/ - labels: - alm-status-descriptors: vault-operator.0.1.5 - alm-owner-vault: vault-operator - operated-by: vault-operator - selector: - matchLabels: - alm-owner-vault: vault-operator - operated-by: vault-operator - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAEAAAAA7CAYAAADLjIzcAAAACXBIWXMAAAsTAAALEwEAmpwYAAAMLGlDQ1BQaG90b3Nob3AgSUNDIHByb2ZpbGUAAHjarVd3VFP51t23JKGEmoCAlNARBAHpSO+CgHQYW0gChBJCCip2x0EFxy4WrOjYcNSxADIWRB3rIPbuAx1URsbBgg2V9wcBZ+Z93x9vrfdb6+budbLPPvuce9dd6wA6HnyptJDUBYokCllSVCgvIzOLx2oHCxxogYQ7XyCXhiQmxgHAwP0vhwDe3gQBANec+VJpIf67oycUyQUAkQggWygXFAHEIYA2EUhlCoDRCsB6skKqABhvAHBlGZlZAFMNADe3H5sC4Gb3Y1cAXFlKUhjADAfU2Hy+LBfQTgTAKxXkKgBtKQBXiVAsAbQ3AwgU5PGFgHYbgOFFRcVCQIcNwCH7Lzq5f9PMHtTk83MHcX8vAAC1cLFcWsifiv/1KSpUDtSwAsDOk0UnAeACxM6C4tgkAGyAOCrJjk8AoA8Q58RCQIXv5imjU1X8LoE8LAuAIUBCyA+PBWAKkIbKgtQQFXbny4B+PhkvVsSkqHC2rDhJpU+WSgrj41Q6C/JEMQN4o0gekTzAyRFHxgDQBchDZXkp6f0+ydOl4rR4ANoA2SovSI5V5T4sywuLH+DIlEmpAGwA8k2OLDKpn0MZFckH+qJcBPyIZABGABWsyEuJ7s+lMkTyjLgBD0JReES/B0ookqSqvFEKqSI0SZVbLi1MVPGpjaLCqKT+OVP75aXJA7lXFbIU1cypR/n80Yn9/qm3UkViSr83mkYcwhAOHpTgIRvFyIe4pau+CzzVP5HgQ4ZciOCsigxkpIMPGSTgIxll+AMSiCAfzAsFHzKIUAoJPg9G+3+dkQM+ZCiFCHIU4AlkKKJN6EDan46jA+lgOpB2p31o34E8ns5AVWYEM5wZzYxkDhv0IUAxClEMGcT/RywWhRBBCRlEkAz08FWP8YRxhfGIcYPRxriDNPwGGcQDrIniubJ/OOdhDNqgVE1FhGxI0DnAoe1od9qTDqUD6EDaFzzakDaBM+1B+9AhdBDtT3vSvn9zqBz09nWW/6wnguRv/aji2o7anioX2YNPJmyQ9U+VsL/MSIhixP6TSS2gDlJnqZPUeeooVQ8edYJqoC5Rx6j6v7wJv0GG3MFqSRBBggIUQjzAca117XT99B/V+SoHMoggBxSiKQoACCuWTpWJc/MUvBCptFDEi5EIXIbz3F3dvIGMzCxe/+fjtSEIAIThha+xkibAtwIgcr/G+NbAkScA5+3XmPUrgL0UONYqUMpK+2M0ADCgAR1wYQxzWMMBznCHF/wRjAiMRgJSkIkJECAPRZBhMqZjDspRiaVYhXXYhK3YiR9xAPU4ipP4BRfRihu4hzZ04Dm68Ra9BEGwCC2CQxgTFoQt4US4Ez5EIBFBxBFJRCYxicglJISSmE58S1QSy4l1xBZiF/ETcYQ4SZwnrhB3iHaik3hFfCQpkk1ySTPSjhxB+pAhZCyZQo4nc8kSsoycRy4m15A15B6yjjxJXiRvkG3kc7KHAqVJGVKWlDPlQ4VRCVQWlUPJqJlUBVVF1VB7qUbqLHWNaqO6qA80k+bQPNqZ9qej6VRaQJfQM+lF9Dp6J11Hn6av0e10N/2FocUwZTgx/BgxjAxGLmMyo5xRxdjOOMw4w7jB6GC8ZTKZhkx7pjczmpnJzGdOYy5ibmDuYzYxrzAfM3tYLJYxy4kVwEpg8VkKVjlrLWsP6wTrKquD9V5NU81CzV0tUi1LTaI2V61KbbfacbWrak/VetV11W3V/dQT1IXqU9WXqG9Tb1S/rN6h3quhp2GvEaCRopGvMUdjjcZejTMa9zVea2pqWmn6ao7VFGvO1lyjuV/znGa75ge2PtuRHcYex1ayF7N3sJvYd9ivtbS07LSCtbK0FFqLtXZpndJ6qPVem6Ptoh2jLdSepV2tXad9VfuFjrqOrU6IzgSdMp0qnYM6l3W6dNV17XTDdPm6M3WrdY/o3tLt0ePouekl6BXpLdLbrXde75k+S99OP0JfqD9Pf6v+Kf3HHIpjzQnjCDjfcrZxznA6uEyuPTeGm8+t5P7IbeF2G+gbeBikGUwxqDY4ZtBmSBnaGcYYFhouMTxgeNPw4xCzISFDREMWDtk75OqQd0ZDjYKNREYVRvuMbhh9NOYZRxgXGC8zrjd+YEKbOJqMNZlsstHkjEnXUO5Q/6GCoRVDDwy9a0qaOpommU4z3Wp6ybTHzNwsykxqttbslFmXuaF5sHm++Urz4+adFhyLQAuxxUqLExa/8wx4IbxC3hreaV63palltKXScotli2Wvlb1VqtVcq31WD6w1rH2sc6xXWjdbd9tY2IyxmW5Ta3PXVt3WxzbPdrXtWdt3dvZ26Xbz7ertntkb2cfYl9nX2t930HIIcihxqHG4Pow5zGdYwbANw1odSUdPxzzHasfLTqSTl5PYaYPTleGM4b7DJcNrht9yZjuHOJc61zq3uxi6xLnMdal3eTHCZkTWiGUjzo744urpWui6zfWem77baLe5bo1ur9wd3QXu1e7XR2qNjBw5a2TDyJceTh4ij40etz05nmM853s2e3728vaSee316vS28Z7kvd77lg/XJ9Fnkc85X4ZvqO8s36O+H/y8/BR+B/z+9Hf2L/Df7f9slP0o0ahtox4HWAXwA7YEtAXyAicFbg5sC7IM4gfVBD0Ktg4WBm8PfhoyLCQ/ZE/Ii1DXUFno4dB3YX5hM8KawqnwqPCK8JYI/YjUiHURDyOtInMjayO7ozyjpkU1RTOiY6OXRd+KMYsRxOyK6R7tPXrG6NOx7Njk2HWxj+Ic42RxjWPIMaPHrBhzP942XhJfn4CEmIQVCQ8S7RNLEn8eyxybOLZ67JMkt6TpSWeTOckTk3cnv00JTVmSci/VIVWZ2pymkzYubVfau/Tw9OXpbRkjMmZkXMw0yRRnNmSxstKytmf1fBPxzapvOsZ5jisfd3O8/fgp489PMJlQOOHYRJ2J/IkHJzEmpU/aPekTP4Ffw+/Jjslen90tCBOsFjwXBgtXCjtFAaLloqc5ATnLc57lBuSuyO3MC8qryusSh4nXiV/mR+dvyn9XkFCwo6CvML1wX5Fa0aSiIxJ9SYHkdLF58ZTiK1Inabm0rcSvZFVJtyxWtl1OyMfLGxRchVRxSemg/E7ZXhpYWl36fnLa5INT9KZIplya6jh14dSnZZFlP0yjpwmmNU+3nD5nevuMkBlbZhIzs2c2z7KeNW9Wx+yo2TvnaMwpmPPrXNe5y+e++Tb928Z5ZvNmz3v8XdR3teXa5bLyW/P9529aQC8QL2hZOHLh2oVfKoQVFypdK6sqPy0SLLrwvdv3a77vW5yzuGWJ15KNS5lLJUtvLgtatnO53vKy5Y9XjFlRt5K3smLlm1UTV52v8qjatFpjtXJ125q4NQ1rbdYuXftpXd66G9Wh1fvWm65fuP7dBuGGqxuDN+7dZLapctPHzeLNt7dEbamrsaup2srcWrr1yba0bWd/8Plh13aT7ZXbP++Q7GjbmbTz9C7vXbt2m+5eUkvWKms794zb0/pj+I8Ne533btlnuK9yP/Yr9//+06Sfbh6IPdB80Ofg3kO2h9Yf5hyuqCPqptZ11+fVtzVkNlw5MvpIc6N/4+GfXX7ecdTyaPUxg2NLjmscn3e870TZiZ4maVPXydyTj5snNt87lXHq+umxp1vOxJ4590vkL6fOhpw9cS7g3NHzfuePXPC5UH/R62LdJc9Lh3/1/PVwi1dL3WXvyw2tvq2NV0ZdOX416OrJa+HXfrkec/3ijfgbV26m3rx9a9ytttvC28/uFN55ebf0bu+92fcZ9yse6D6oemj6sOZfw/61r82r7Vh7ePulR8mP7j0WPH7+m/y3Tx3znmg9qXpq8XTXM/dnRzsjO1t//+b3jufS571d5X/o/bH+hcOLQ38G/3mpO6O746XsZd+rRa+NX+944/GmuSex5+Hbore97yreG7/f+cHnw9mP6R+f9k7+xPq05vOwz41fYr/c7yvq65PyZXwAAAWAzMkBXu0AtDIBTiugod2/f6n2RuLrBvn/4f4dDQDgBewIBlJnA3FNwMYmwHY2wG4CEgGkBIMcOXLwUh15zkj3fi22DGC87+t7bQawGoHPsr6+3g19fZ+3AdQdoKmkf+8DAKYusJkHAL9az/+P/evfXvpsNqq3M8UAADowaVRYdFhNTDpjb20uYWRvYmUueG1wAAAAAAA8P3hwYWNrZXQgYmVnaW49Iu+7vyIgaWQ9Ilc1TTBNcENlaGlIenJlU3pOVGN6a2M5ZCI/Pgo8eDp4bXBtZXRhIHhtbG5zOng9ImFkb2JlOm5zOm1ldGEvIiB4OnhtcHRrPSJBZG9iZSBYTVAgQ29yZSA1LjYtYzExMSA3OS4xNTgzMjUsIDIwMTUvMDkvMTAtMDE6MTA6MjAgICAgICAgICI+CiAgIDxyZGY6UkRGIHhtbG5zOnJkZj0iaHR0cDovL3d3dy53My5vcmcvMTk5OS8wMi8yMi1yZGYtc3ludGF4LW5zIyI+CiAgICAgIDxyZGY6RGVzY3JpcHRpb24gcmRmOmFib3V0PSIiCiAgICAgICAgICAgIHhtbG5zOnhtcD0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLyIKICAgICAgICAgICAgeG1sbnM6eG1wTU09Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9tbS8iCiAgICAgICAgICAgIHhtbG5zOnN0RXZ0PSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvc1R5cGUvUmVzb3VyY2VFdmVudCMiCiAgICAgICAgICAgIHhtbG5zOmRjPSJodHRwOi8vcHVybC5vcmcvZGMvZWxlbWVudHMvMS4xLyIKICAgICAgICAgICAgeG1sbnM6cGhvdG9zaG9wPSJodHRwOi8vbnMuYWRvYmUuY29tL3Bob3Rvc2hvcC8xLjAvIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyIKICAgICAgICAgICAgeG1sbnM6ZXhpZj0iaHR0cDovL25zLmFkb2JlLmNvbS9leGlmLzEuMC8iPgogICAgICAgICA8eG1wOkNyZWF0b3JUb29sPkFkb2JlIFBob3Rvc2hvcCBDQyAyMDE1IChNYWNpbnRvc2gpPC94bXA6Q3JlYXRvclRvb2w+CiAgICAgICAgIDx4bXA6Q3JlYXRlRGF0ZT4yMDE3LTA5LTA2VDE1OjMxOjU2LTA0OjAwPC94bXA6Q3JlYXRlRGF0ZT4KICAgICAgICAgPHhtcDpNZXRhZGF0YURhdGU+MjAxNy0wOS0wNlQxNTozMTo1Ni0wNDowMDwveG1wOk1ldGFkYXRhRGF0ZT4KICAgICAgICAgPHhtcDpNb2RpZnlEYXRlPjIwMTctMDktMDZUMTU6MzE6NTYtMDQ6MDA8L3htcDpNb2RpZnlEYXRlPgogICAgICAgICA8eG1wTU06SW5zdGFuY2VJRD54bXAuaWlkOjFlMjY4MTE5LWU2NmYtNGJjNC1hZTI0LThiMTViNTg3MzE2MjwveG1wTU06SW5zdGFuY2VJRD4KICAgICAgICAgPHhtcE1NOkRvY3VtZW50SUQ+YWRvYmU6ZG9jaWQ6cGhvdG9zaG9wOjczODM4YzJiLWQzYzgtMTE3YS1iNTYyLTllNjU3MTBkNzc5YzwveG1wTU06RG9jdW1lbnRJRD4KICAgICAgICAgPHhtcE1NOk9yaWdpbmFsRG9jdW1lbnRJRD54bXAuZGlkOjQ1MjdmNDhmLTc2MGMtNGRhYi04NTJkLTNkNGZiOTA4ZmEzNjwveG1wTU06T3JpZ2luYWxEb2N1bWVudElEPgogICAgICAgICA8eG1wTU06SGlzdG9yeT4KICAgICAgICAgICAgPHJkZjpTZXE+CiAgICAgICAgICAgICAgIDxyZGY6bGkgcmRmOnBhcnNlVHlwZT0iUmVzb3VyY2UiPgogICAgICAgICAgICAgICAgICA8c3RFdnQ6YWN0aW9uPmNyZWF0ZWQ8L3N0RXZ0OmFjdGlvbj4KICAgICAgICAgICAgICAgICAgPHN0RXZ0Omluc3RhbmNlSUQ+eG1wLmlpZDo0NTI3ZjQ4Zi03NjBjLTRkYWItODUyZC0zZDRmYjkwOGZhMzY8L3N0RXZ0Omluc3RhbmNlSUQ+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDp3aGVuPjIwMTctMDktMDZUMTU6MzE6NTYtMDQ6MDA8L3N0RXZ0OndoZW4+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDpzb2Z0d2FyZUFnZW50PkFkb2JlIFBob3Rvc2hvcCBDQyAyMDE1IChNYWNpbnRvc2gpPC9zdEV2dDpzb2Z0d2FyZUFnZW50PgogICAgICAgICAgICAgICA8L3JkZjpsaT4KICAgICAgICAgICAgICAgPHJkZjpsaSByZGY6cGFyc2VUeXBlPSJSZXNvdXJjZSI+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDphY3Rpb24+c2F2ZWQ8L3N0RXZ0OmFjdGlvbj4KICAgICAgICAgICAgICAgICAgPHN0RXZ0Omluc3RhbmNlSUQ+eG1wLmlpZDoxZTI2ODExOS1lNjZmLTRiYzQtYWUyNC04YjE1YjU4NzMxNjI8L3N0RXZ0Omluc3RhbmNlSUQ+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDp3aGVuPjIwMTctMDktMDZUMTU6MzE6NTYtMDQ6MDA8L3N0RXZ0OndoZW4+CiAgICAgICAgICAgICAgICAgIDxzdEV2dDpzb2Z0d2FyZUFnZW50PkFkb2JlIFBob3Rvc2hvcCBDQyAyMDE1IChNYWNpbnRvc2gpPC9zdEV2dDpzb2Z0d2FyZUFnZW50PgogICAgICAgICAgICAgICAgICA8c3RFdnQ6Y2hhbmdlZD4vPC9zdEV2dDpjaGFuZ2VkPgogICAgICAgICAgICAgICA8L3JkZjpsaT4KICAgICAgICAgICAgPC9yZGY6U2VxPgogICAgICAgICA8L3htcE1NOkhpc3Rvcnk+CiAgICAgICAgIDxkYzpmb3JtYXQ+aW1hZ2UvcG5nPC9kYzpmb3JtYXQ+CiAgICAgICAgIDxwaG90b3Nob3A6Q29sb3JNb2RlPjM8L3Bob3Rvc2hvcDpDb2xvck1vZGU+CiAgICAgICAgIDxwaG90b3Nob3A6SUNDUHJvZmlsZT5EaXNwbGF5PC9waG90b3Nob3A6SUNDUHJvZmlsZT4KICAgICAgICAgPHRpZmY6T3JpZW50YXRpb24+MTwvdGlmZjpPcmllbnRhdGlvbj4KICAgICAgICAgPHRpZmY6WFJlc29sdXRpb24+NzIwMDAwLzEwMDAwPC90aWZmOlhSZXNvbHV0aW9uPgogICAgICAgICA8dGlmZjpZUmVzb2x1dGlvbj43MjAwMDAvMTAwMDA8L3RpZmY6WVJlc29sdXRpb24+CiAgICAgICAgIDx0aWZmOlJlc29sdXRpb25Vbml0PjI8L3RpZmY6UmVzb2x1dGlvblVuaXQ+CiAgICAgICAgIDxleGlmOkNvbG9yU3BhY2U+NjU1MzU8L2V4aWY6Q29sb3JTcGFjZT4KICAgICAgICAgPGV4aWY6UGl4ZWxYRGltZW5zaW9uPjY0PC9leGlmOlBpeGVsWERpbWVuc2lvbj4KICAgICAgICAgPGV4aWY6UGl4ZWxZRGltZW5zaW9uPjU5PC9leGlmOlBpeGVsWURpbWVuc2lvbj4KICAgICAgPC9yZGY6RGVzY3JpcHRpb24+CiAgIDwvcmRmOlJERj4KPC94OnhtcG1ldGE+CiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAKICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgCjw/eHBhY2tldCBlbmQ9InciPz6RZ44uAAAAIGNIUk0AAG11AABzoAAA/N0AAINkAABw6AAA7GgAADA+AAAQkOTsmeoAAAreSURBVHja7Jt5VFN3Fse/7yUkgQSyQBAiJWwTglKZqKBVFgURsVFgpAO2TRUonU7n0MWpVqnL6a7jtAdoz+lAsS61damHTnXascLUojMHLVUcpaesjUAVlFUWY7b35g+KhUBCEhJ71Pmd8/sDeO/edz+/e+/v3t97EDRN434eJO7zcd8DYJr+Ijc396kbN26EMxgM7b1kKE3TBEmSRHJy8m6VSlVrFkBLS4u2vLw8715cbS6X+/WcOXN6LYbAM888szckJOSre814giC0y5YtW93c3HzFIgA+n48nnnhi/b0GICIi4j2ZTHZdp9NZToJarRYpKSmXIiIiyu6ZRMdk9sfHx7/OZrMhEoksAxCJRBCLxdi0adOLDAaDuhcAxMbGFoSHh/exWCwIhULLAJhMJrq6uhAVFaWWyWQf3O3Gs9nsrrS0tB1MJhN8Ph8CgcDyNlhSUgKCIMBmszFz5sxX6urqsmmadrlbASiVyu0KheJma2vruNWf0AM0Gg2GhobQ19cHuVzePmvWrPfvVuN5PF772rVrCwBAIBDcnhY9YPr06SOFAzgcDhISEl6tra3NMRqN3LsNQE5Oztbly5cb6+vrxyU/swBM3UShUHRHR0cXVVZWbrqbjOdwOPXu7u6lhw8fRnd3NwiCuP23sLCwX+oD026wtLR0dPkIDw8PdHV1ua9bt+6yTqcT3S0AYmJifi+VSj9ta2sDkzl2nSsqKsx7AJ/PHycsMjJyQKlU7iwrK3trSp1XkBxU+xVAMzDK5cRAb+fYqi0wGLS62W49AoHgYlRU1KcajQZyudy2bnB0shAIBLeBZGdnv+3m5tZh93ak+gNEF/8L/jdnQU7zGTY0Mg4M1fMgl6QNX8TiwHX7R3D/5wWwcvMBEHbpSkxMzPf19YWHhwdEItG4aRFAQEDAmBkYGAihUIiHH35Yn5ubu81eAK6bXwfJZYEdFQaX5BXDyhXRIIwGEDMjAZIE6RcIVvrjII08sLNeBNhsm/X4+vp+m5iY+AVBEBCJRBAKheOmxSRYVVU1USuJhoYGeHt7l7DZ7Be1Wu1vbH0wTdE7YBa9CUN9O/TffD0s9/tqYE4s6LoLAEWBuqKG7ou/w0WZCt2uEkCvsxlARkbGBh8fH9A0PSbxmW2STJNgSkrKhBcaDAb4+fmhsbEx8+TJkwfs6sgkwaCvmsQ2wQHoW2PdMlAOSl1ns/zg4OCvS0tLE/r6+mAwGMxel56ebt4DgoKCLDUVWLBgwcELFy683NvbG26T8dOmw/VPT8PY8CO0e4drK8Zv54Hz5JPQHfsS+q8+G77O1x+02AdEXyfo3m5b2l0899xzGyQSCSiKsmr1JwRgWimZhoK3tzeSkpJePnjw4Oc2VWV7joCzbD5oAFRrM/QnT4Bb/AVc5nrCJe1J9C8IBtWiBql8HOCLgMAwGD8tASijVfIDAgIOL1my5JxWq4W7u7v9R2KWAIxASEpKOlpZWflde3v7XKs16XQgAIwOONqgBU0CtB6A8WdDKSNAkqAp2xpRmUy2tbi4GHq9HtQk90ZGRtpWB5gCkEgkyMjI2FhQUFBh7QMO5mSAynsBhvom6E+eAAAMZS8Fe7UK+q+Og/qpBQBg/Gw34O0H/NRk9eqHhIR8FBoaWt/a2mqT+0+YBMvKJj8HGWkts7KyKtVqdaz1h3KewJBJXIv9gc7WURmQAWZEJAw1Z6yNfX1WVlaoj4+PemBgwCrjCwsLzdcBE+2bppPH40EikSAvL2+DtbYzlq+G66H/gF30GQjPacN1T95r4H15EZw3dgNMFxBcLtzLqyE8XwW39z8BSOakchUKxW6FQqFmMpm3C7fJpk3NkLlhNBqhVCrPFhUVlV2+fPl3k3pNfCoIigIjfC6I4DDQ3dfgEp8C9PWCEZ0McHggJF5gxyuGmxnVatx8/ilAO2i+jCXJmytXrnyFw+HAw8PDJtc3C2Dfvn1WbztsNhthYWFbrQFgOFIC4tk3QJ2rBP39d8PnjwffB3vNs9Af+wQY6gOlHoRm31FwViyFZmeBReMBIC4u7m/z58+/euXKFasXbtIcsGrVKqtupGkaJEnC398fR48ePdDc3Jw5qTLPaaD7ugHjqCLF3RMYGJsXiIBQ0JfrJ8tDN4qLi4P8/f17enp6bFr9Rx55xLwHSKVSmwi6u7tj0aJFW5qbm9MnkjcGWve1MT+zkpRwfeGPuHX4OLQfvvvLdZMY//NRV+HChQt7WlpaJt25HFoHTBQKc+fObTp//vy+mpqabOu7I3dw9xyDiw/ATFoOQ/VpGC9dsG4z4XLb8/PzdwiFQhiNRrti32EAaJqGm5sbUlNTt9XU1DwKgGNdFtWD+rEZ8AkGdY0GPTRotc7w8PC3BgcHb549e9ZizW9ujD4RmjKAES+Ijo7+KTY29oNTp05Z915RdwsDmQnQr82G9vi/QP3YZJ3juLq2hYeHF+/atQs6nc6u1U9LSzMPwNzh4WRe4Orqiuzs7FdOnz6dTdO0VQeoVFsLbr5m2xHDwoULX5NKpbrOzs4pub5ZAA888IB92wlBYNWqVd3l5eXvfPzxx1uccc7H5/MbExISSimKgqenp0NkjgPQ1NRklyCapjE4OAi5XP4mg8F42mg0ih0NQKlUbgsMDKTb29sdsvoTAtizZ4/dwiiKgpeX161Zs2Ztr6mpeduRxnt7e19KS0s7oNfr7QpTqwGIxVNbOBaLhXnz5r1XV1e3TqPRTHfUg6pUqvygoCC0trbCzc3NeQC8vLymJJCmaYjFYl1MTMzrJ06ccMhrteDg4G8fe+yxf+h0OrtLXqsBOEIBg8HA0qVLS86cObO+v78/aKrycnJy/qxQKNDQ0ACSJJ0LYCpl5eghkUiolStXbtu/f/9HU4z9E0NDQ//euXMnNBqNQ55t69atzvWAkVBIT0/ff/z48Y1dXV0z7ZUTExOT39PTg4sXL457xeUUD7CnEjQHQCqVIicnJ3/Hjh2f2xn7n0dGRp7r7u6e9BWXwwD4+fk5TDiHw0FWVtbRvXv3nu7o6Iix9f4VK1Zs5PP5U254bAJw6NAhhwknSRIcDgcymezljo6OU7bcGxERcSAuLq6uo6PD4ZnfIoDq6mqHCacoCkwmE2FhYafr6upOXr9+fbG1t6pUqk1cLhc8Hs9pqz8hgJCQEIcqoGkaAoEAsbGxLx05cuRbKxueDxMTE1va2toclpPu+DZo2ig99NBD1efOnftSrVYvn6SSHNq8eXO+p6cndDqdw/f9O7YLmIYCn89HSkrKSwUFBRYBhIaGFnh5eXU2NjZCr9fD2WMcAA8PD6coMhqNWLRoUW1FRcWR2tra9AkfhsnsnzFjxl8KCwth+kmrI0diYuKdDYGRXMDj8bBmzZoN69evnxDA7NmzdwYGBvZ3dHQ4pej51UJgZOj1eiQnJ6vLysr2VFVVrTWpGToXL178VxaLBbFY7NTMbxGAr6+v05TRNA0vLy9s2bJlY0pKSqZer799gBofH/9maGjorfb2dnA4HNypMQ7AwMCAUxWq1Wr4+/tfk8vlhZcuXXoJALhcbltqauq7JElCKBTesdWfEMDo7wSdNVgsFh588MHtP/zwQ57BYHBLT09/dcaMGcbW1law7fgwyqEAnO1+Ix8vyWSyvqCgoEMtLS2PqlSqUoqinFry/urboCkErVaL2bNnv5OZmXlMKpXi6tWr4HLv/OfIxP//cfI+H/8bANeS5YFpLrRuAAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: vault-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - verbs: - - "*" - - apiGroups: - - vault.security.coreos.com - resources: - - vaultservices - verbs: - - "*" - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - deployments: - - name: vault-operator - spec: - replicas: 1 - selector: - matchLabels: - name: vault-operator - template: - metadata: - labels: - name: vault-operator - spec: - serviceAccountName: vault-operator - containers: - - name: vault-operator - image: quay.io/coreos/vault-operator@sha256:74036811bc5d6cc1a136d8cc6d5577db67f29ba95eba02fbf0c3a8d2357dc8fe - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - version: 0.1.5 - maturity: alpha - customresourcedefinitions: - owned: - - name: vaultservices.vault.security.coreos.com - version: v1alpha1 - kind: VaultService - displayName: Vault Service - description: A running Vault instance, backed by an Etcd Cluster - resources: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - - kind: Service - version: v1 - - kind: ConfigMap - version: v1 - - kind: Secret - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of Pods for the cluster - displayName: Size - path: nodes - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - statusDescriptors: - - description: The status of each of the node Pods for the Vault cluster. - displayName: Node Status - path: nodes - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running Vault cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The port at which the Vault cluster is running under the service. - displayName: Client Port - path: clientPort - required: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - - packages: |- - - #! package-manifest: ./deploy/chart/catalog_resources/ocs/etcdoperator.v0.9.2.clusterserviceversion.yaml - packageName: etcd - channels: - - name: alpha - currentCSV: etcdoperator.v0.9.2 - - - #! package-manifest: ./deploy/chart/catalog_resources/ocs/prometheusoperator.0.15.0.clusterserviceversion.yaml - packageName: prometheus - channels: - - name: alpha - currentCSV: prometheusoperator.0.15.0 - - - #! package-manifest: ./deploy/chart/catalog_resources/ocs/vaultoperator.0.1.9.clusterserviceversion.yaml - packageName: vault - channels: - - name: alpha - currentCSV: vault-operator.0.1.9 - - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/09-tectoniccomponents.configmap.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/09-tectoniccomponents.configmap.yaml deleted file mode 100644 index 953c48342c..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/09-tectoniccomponents.configmap.yaml +++ /dev/null @@ -1,444 +0,0 @@ -##--- -# Source: olm/templates/09-tectoniccomponents.configmap.yaml - -kind: ConfigMap -apiVersion: v1 -metadata: - name: tectonic-components - namespace: kube-system - labels: - tectonic-operators.coreos.com/managed-by: tectonic-x-operator - -data: - customResourceDefinitions: |- - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: chargebacks.chargeback.coreos.com - annotations: - catalog.app.coreos.com/description: An instance of Chargeback - catalog.app.coreos.com/displayName: Chargeback - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: chargebacks - singular: chargeback - kind: Chargeback - listKind: ChargebackList - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: prestotables.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback Presto Table" - catalog.app.coreos.com/description: "A table within PrestoDB" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: prestotables - singular: prestotable - kind: PrestoTable - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reports.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback Report" - catalog.app.coreos.com/description: "A chargeback report for a specific time interval" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: reports - kind: Report - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reportdatasources.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback data source" - catalog.app.coreos.com/description: "A resource describing a source of data for usage by Report Generation Queries" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: reportdatasources - singular: reportdatasource - kind: ReportDataSource - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reportgenerationqueries.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback generation query" - catalog.app.coreos.com/description: "A SQL query used by Chargeback to generate reports" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: reportgenerationqueries - singular: reportgenerationquery - kind: ReportGenerationQuery - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reportprometheusqueries.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback prometheus query" - catalog.app.coreos.com/description: "A Prometheus query by Chargeback to do metering" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: reportprometheusqueries - singular: reportprometheusquery - kind: ReportPrometheusQuery - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: scheduledreports.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback Scheduled Report" - catalog.app.coreos.com/description: "A chargeback report that runs on a scheduled interval" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: scheduledreports - kind: ScheduledReport - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: storagelocations.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback storage location" - catalog.app.coreos.com/description: "Represents a configurable storage location for Chargeback to store metering and report data" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: storagelocations - kind: StorageLocation - - clusterServiceVersions: |- - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: app.coreos.com/v1alpha1 - kind: ClusterServiceVersion-v1 - metadata: - name: chargeback-helm-operator.v0.5.1 - namespace: placeholder - annotations: - tectonic-visibility: tectonic-feature - spec: - displayName: Chargeback - description: Chargeback can generate reports based on historical usage data from a cluster, providing accountability for how resources have been used. - keywords: [chargeback metrics reporting coreos] - version: 0.5.1 - maturity: alpha - maintainers: - - email: support@coreos.com - name: CoreOS, Inc - provider: - name: CoreOS, Inc - labels: - alm-owner-chargeback: chargeback-helm-operator - alm-status-descriptors: chargeback-helm-operator.v0.5.1 - selector: - matchLabels: - alm-owner-chargeback: chargeback-helm-operator - install: - strategy: deployment - spec: - permissions: - - rules: - - apiGroups: - - chargeback.coreos.com - resources: - - '*' - verbs: - - '*' - - apiGroups: - - "" - resources: - - pods - - pods/attach - - pods/exec - - pods/portforward - - pods/proxy - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - persistentvolumeclaims - - replicationcontrollers - - replicationcontrollers/scale - - secrets - - serviceaccounts - - services - - services/proxy - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - bindings - - events - - limitranges - - namespaces/status - - pods/log - - pods/status - - replicationcontrollers/status - - resourcequotas - - resourcequotas/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - deployments - - deployments/rollback - - deployments/scale - - statefulsets - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - deployments/rollback - - deployments/scale - - replicasets - - replicasets/scale - - replicationcontrollers/scale - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - - roles - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - serviceAccountName: chargeback-helm-operator - deployments: - - name: chargeback-helm-operator - spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app: chargeback-helm-operator - template: - metadata: - labels: - app: chargeback-helm-operator - spec: - containers: - - env: - - name: HELM_RELEASE_CRD_NAME - value: Chargeback - - name: HELM_RELEASE_CRD_API_GROUP - value: chargeback.coreos.com - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: HELM_HOST - value: 127.0.0.1:44134 - - name: SET_OWNER_REFERENCE_VALUE - value: "true" - - name: HELM_WAIT - value: "false" - - name: HELM_RECONCILE_INTERVAL_SECONDS - value: "120" - - name: RELEASE_HISTORY_LIMIT - value: "3" - image: quay.io/coreos/chargeback-helm-operator:0.5.1 - imagePullPolicy: Always - name: chargeback-helm-operator - resources: - limits: - cpu: 50m - memory: 25Mi - requests: - cpu: 50m - memory: 25Mi - - env: - - name: TILLER_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: TILLER_HISTORY_MAX - value: "3" - image: gcr.io/kubernetes-helm/tiller:v2.6.2 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 3 - httpGet: - path: /liveness - port: 44135 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: tiller - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readiness - port: 44135 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 50m - memory: 100Mi - requests: - cpu: 50m - memory: 50Mi - restartPolicy: Always - serviceAccount: chargeback-helm-operator - terminationGracePeriodSeconds: 30 - customresourcedefinitions: - owned: - - description: An instance of Chargeback - displayName: Chargeback - kind: Chargeback - name: chargebacks.chargeback.coreos.com - version: v1alpha1 - - description: A table within PrestoDB - displayName: Chargeback Presto Table - kind: PrestoTable - name: prestotables.chargeback.coreos.com - version: v1alpha1 - - description: A chargeback report for a specific time interval - displayName: Chargeback Report - kind: Report - name: reports.chargeback.coreos.com - version: v1alpha1 - - description: A resource describing a source of data for usage by Report Generation - Queries - displayName: Chargeback data source - kind: ReportDataSource - name: reportdatasources.chargeback.coreos.com - version: v1alpha1 - - description: A SQL query used by Chargeback to generate reports - displayName: Chargeback generation query - kind: ReportGenerationQuery - name: reportgenerationqueries.chargeback.coreos.com - version: v1alpha1 - - description: A Prometheus query by Chargeback to do metering - displayName: Chargeback prometheus query - kind: ReportPrometheusQuery - name: reportprometheusqueries.chargeback.coreos.com - version: v1alpha1 - - description: A chargeback report that runs on a scheduled interval - displayName: Chargeback Scheduled Report - kind: ScheduledReport - name: scheduledreports.chargeback.coreos.com - version: v1alpha1 - - description: Represents a configurable storage location for Chargeback to store - metering and report data - displayName: Chargeback storage location - kind: StorageLocation - name: storagelocations.chargeback.coreos.com - version: v1alpha1 - - packages: |- - - #! package-manifest: ./deploy/chart/catalog_resources/components/chargeback.v0.5.1.clusterserviceversion.yaml - packageName: chargeback - channels: - - name: alpha - currentCSV: chargeback-helm-operator.v0.5.1 - - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/10-tectonicocs.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/10-tectonicocs.catalogsource.yaml deleted file mode 100644 index d70321b309..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/10-tectonicocs.catalogsource.yaml +++ /dev/null @@ -1,19 +0,0 @@ -##--- -# Source: olm/templates/10-tectonicocs.catalogsource.yaml - -#! validate-crd: ./deploy/chart/templates/05-catalogsource.crd.yaml -#! parse-kind: CatalogSource -apiVersion: app.coreos.com/v1alpha1 -kind: CatalogSource-v1 -metadata: - name: tectonic-ocs - namespace: kube-system - annotations: - tectonic-operators.coreos.com/upgrade-strategy: 'DeleteAndRecreate' -spec: - name: tectonic-ocs - sourceType: internal - configMap: tectonic-ocs - displayName: Tectonic Open Cloud Services - publisher: CoreOS, Inc. - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/11-tectoniccomponents.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/11-tectoniccomponents.catalogsource.yaml deleted file mode 100644 index f99221ca13..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/11-tectoniccomponents.catalogsource.yaml +++ /dev/null @@ -1,19 +0,0 @@ -##--- -# Source: olm/templates/11-tectoniccomponents.catalogsource.yaml - -#! validate-crd: ./deploy/chart/templates/05-catalogsource.crd.yaml -#! parse-kind: CatalogSource -apiVersion: app.coreos.com/v1alpha1 -kind: CatalogSource-v1 -metadata: - name: tectonic-components - namespace: kube-system - annotations: - tectonic-operators.coreos.com/upgrade-strategy: 'DeleteAndRecreate' -spec: - name: tectonic-components - sourceType: internal - configMap: tectonic-components - displayName: Tectonic Cluster Components - publisher: CoreOS, Inc. - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/12-alm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/12-alm-operator.deployment.yaml deleted file mode 100644 index f50678d36c..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/12-alm-operator.deployment.yaml +++ /dev/null @@ -1,48 +0,0 @@ -##--- -# Source: olm/templates/12-alm-operator.deployment.yaml -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: alm-operator - namespace: kube-system - labels: - app: alm-operator - tectonic-operators.coreos.com/managed-by: tectonic-x-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: alm-operator - template: - metadata: - labels: - app: alm-operator - spec: - serviceAccountName: alm-operator-serviceaccount - containers: - - name: alm-operator - command: - - /bin/alm - image: quay.io/coreos/olm@sha256:00b6b703d235b622d8e2e5424d0bfb4aa9e46ec10abd295def47e2c6ed7a18e8 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - env: - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: alm-operator - imagePullSecrets: - - name: coreos-pull-secret diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/13-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/13-catalog-operator.deployment.yaml deleted file mode 100644 index 2874e3a83a..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/13-catalog-operator.deployment.yaml +++ /dev/null @@ -1,44 +0,0 @@ -##--- -# Source: olm/templates/13-catalog-operator.deployment.yaml -apiVersion: extensions/v1beta1 -kind: Deployment -metadata: - name: catalog-operator - namespace: kube-system - labels: - app: catalog-operator - tectonic-operators.coreos.com/managed-by: tectonic-x-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: alm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - - '-namespace' - - kube-system - - '-debug' - image: quay.io/coreos/catalog@sha256:08667c7c409c8ca044c05db9bf90a0aa9954ce511490e72df4a3493cebd58b8e - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - imagePullSecrets: - - name: coreos-pull-secret diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/18-upstreamcomponents.configmap.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/18-upstreamcomponents.configmap.yaml deleted file mode 100644 index 955525fef2..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/18-upstreamcomponents.configmap.yaml +++ /dev/null @@ -1,462 +0,0 @@ -##--- -# Source: olm/templates/18-upstreamcomponents.configmap.yaml - -kind: ConfigMap -apiVersion: v1 -metadata: - name: upstream-components - namespace: kube-system - labels: - tectonic-operators.coreos.com/managed-by: tectonic-x-operator - -data: - customResourceDefinitions: |- - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: meterings.chargeback.coreos.com - annotations: - catalog.app.coreos.com/description: An instance of Chargeback - catalog.app.coreos.com/displayName: Chargeback - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: meterings - singular: metering - kind: Metering - listKind: MeteringList - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: prestotables.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback Presto Table" - catalog.app.coreos.com/description: "A table within PrestoDB" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: prestotables - singular: prestotable - kind: PrestoTable - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reports.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback Report" - catalog.app.coreos.com/description: "A chargeback report for a specific time interval" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: reports - kind: Report - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reportdatasources.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback data source" - catalog.app.coreos.com/description: "A resource describing a source of data for usage by Report Generation Queries" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: reportdatasources - singular: reportdatasource - kind: ReportDataSource - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reportgenerationqueries.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback generation query" - catalog.app.coreos.com/description: "A SQL query used by Chargeback to generate reports" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: reportgenerationqueries - singular: reportgenerationquery - kind: ReportGenerationQuery - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reportprometheusqueries.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback prometheus query" - catalog.app.coreos.com/description: "A Prometheus query by Chargeback to do metering" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: reportprometheusqueries - singular: reportprometheusquery - kind: ReportPrometheusQuery - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: scheduledreports.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback Scheduled Report" - catalog.app.coreos.com/description: "A chargeback report that runs on a scheduled interval" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: scheduledreports - kind: ScheduledReport - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: storagelocations.chargeback.coreos.com - annotations: - catalog.app.coreos.com/displayName: "Chargeback storage location" - catalog.app.coreos.com/description: "Represents a configurable storage location for Chargeback to store metering and report data" - spec: - group: chargeback.coreos.com - version: v1alpha1 - scope: Namespaced - names: - plural: storagelocations - kind: StorageLocation - - clusterServiceVersions: |- - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: app.coreos.com/v1alpha1 - kind: ClusterServiceVersion-v1 - metadata: - name: metering-helm-operator.v0.6.0 - namespace: placeholder - annotations: - tectonic-visibility: tectonic-feature - labels: - alm-catalog: tectonic-feature - operator-metering: "true" - spec: - displayName: Metering - description: Metering can generate reports based on historical usage data from a cluster, providing accountability for how resources have been used. - keywords: [metering metrics reporting coreos] - version: 0.6.0 - maturity: alpha - maintainers: - - email: support@coreos.com - name: CoreOS, Inc - provider: - name: CoreOS, Inc - labels: - alm-owner-metering: metering-helm-operator - alm-status-descriptors: metering-helm-operator.v0.6.0 - selector: - matchLabels: - alm-owner-metering: metering-helm-operator - install: - strategy: deployment - spec: - permissions: - - rules: - - apiGroups: - - chargeback.coreos.com - resources: - - '*' - verbs: - - '*' - - apiGroups: - - "" - resources: - - pods - - pods/attach - - pods/exec - - pods/portforward - - pods/proxy - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - persistentvolumeclaims - - replicationcontrollers - - replicationcontrollers/scale - - secrets - - serviceaccounts - - services - - services/proxy - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - bindings - - events - - limitranges - - namespaces/status - - pods/log - - pods/status - - replicationcontrollers/status - - resourcequotas - - resourcequotas/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - deployments - - deployments/rollback - - deployments/scale - - statefulsets - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - deployments/rollback - - deployments/scale - - replicasets - - replicasets/scale - - replicationcontrollers/scale - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - - roles - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - serviceAccountName: metering-helm-operator - deployments: - - name: metering-helm-operator - spec: - replicas: 1 - selector: - matchLabels: - app: metering-helm-operator - strategy: - type: Recreate - template: - metadata: - labels: - app: metering-helm-operator - spec: - containers: - - args: - - run-operator.sh - env: - - name: HELM_RELEASE_CRD_NAME - value: Metering - - name: HELM_RELEASE_CRD_API_GROUP - value: chargeback.coreos.com - - name: HELM_CHART_PATH - value: /operator-metering-0.1.0.tgz - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: HELM_HOST - value: 127.0.0.1:44134 - - name: HELM_WAIT - value: "false" - - name: HELM_RECONCILE_INTERVAL_SECONDS - value: "30" - - name: RELEASE_HISTORY_LIMIT - value: "3" - image: quay.io/coreos/chargeback-helm-operator:0.6.0 - imagePullPolicy: Always - name: metering-helm-operator - resources: - limits: - cpu: 50m - memory: 25Mi - requests: - cpu: 50m - memory: 25Mi - - args: - - /tiller - env: - - name: TILLER_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: TILLER_HISTORY_MAX - value: "3" - image: quay.io/coreos/chargeback-helm-operator:0.6.0 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 3 - httpGet: - path: /liveness - port: 44135 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: tiller - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readiness - port: 44135 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 50m - memory: 100Mi - requests: - cpu: 50m - memory: 50Mi - imagePullSecrets: [] - restartPolicy: Always - securityContext: - runAsNonRoot: true - serviceAccount: metering-helm-operator - terminationGracePeriodSeconds: 30 - customresourcedefinitions: - owned: - - description: An instance of Metering - displayName: Metering - kind: Metering - name: meterings.chargeback.coreos.com - version: v1alpha1 - - description: A table within PrestoDB - displayName: Chargeback Presto Table - kind: PrestoTable - name: prestotables.chargeback.coreos.com - version: v1alpha1 - - description: A resource describing a source of data for usage by Report Generation - Queries - displayName: Chargeback data source - kind: ReportDataSource - name: reportdatasources.chargeback.coreos.com - version: v1alpha1 - - description: A SQL query used by Chargeback to generate reports - displayName: Chargeback generation query - kind: ReportGenerationQuery - name: reportgenerationqueries.chargeback.coreos.com - version: v1alpha1 - - description: A Prometheus query by Chargeback to do metering - displayName: Chargeback prometheus query - kind: ReportPrometheusQuery - name: reportprometheusqueries.chargeback.coreos.com - version: v1alpha1 - - description: A chargeback report for a specific time interval - displayName: Chargeback Report - kind: Report - name: reports.chargeback.coreos.com - version: v1alpha1 - - description: A chargeback report that runs on a scheduled interval - displayName: Chargeback Scheduled Report - kind: ScheduledReport - name: scheduledreports.chargeback.coreos.com - version: v1alpha1 - - description: Represents a configurable storage location for Chargeback to store - metering and report data - displayName: Chargeback storage location - kind: StorageLocation - name: storagelocations.chargeback.coreos.com - version: v1alpha1 - - packages: |- - - #! package-manifest: ./deploy/chart/catalog_resources/upstream/metering.0.6.0.clusterserviceversion.yaml - packageName: metering - channels: - - currentCSV: metering-helm-operator.v0.6.0 - name: alpha - - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/19-upstreamcomponents.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/19-upstreamcomponents.catalogsource.yaml deleted file mode 100644 index 8b25e74bfa..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.5.0/19-upstreamcomponents.catalogsource.yaml +++ /dev/null @@ -1,19 +0,0 @@ -##--- -# Source: olm/templates/19-upstreamcomponents.catalogsource.yaml - -#! validate-crd: ./deploy/chart/templates/05-catalogsource.crd.yaml -#! parse-kind: CatalogSource -apiVersion: app.coreos.com/v1alpha1 -kind: CatalogSource-v1 -metadata: - name: upstream-components - namespace: kube-system - annotations: - tectonic-operators.coreos.com/upgrade-strategy: 'DeleteAndRecreate' -spec: - name: upstream-components - sourceType: internal - configMap: upstream-components - displayName: OLM Upstream Components - publisher: CoreOS, Inc. - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/01-alm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/01-alm-operator.serviceaccount.yaml deleted file mode 100644 index 10b925e332..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/01-alm-operator.serviceaccount.yaml +++ /dev/null @@ -1,9 +0,0 @@ -##--- -# Source: olm/templates/01-alm-operator.serviceaccount.yaml -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: kube-system -imagePullSecrets: -- name: coreos-pull-secret diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/02-alm-operator.rolebinding.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/02-alm-operator.rolebinding.yaml deleted file mode 100644 index 9995080717..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/02-alm-operator.rolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -##--- -# Source: olm/templates/02-alm-operator.rolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: kube-system diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/03-clusterserviceversion.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/03-clusterserviceversion.crd.yaml deleted file mode 100644 index 1bf274799f..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/03-clusterserviceversion.crd.yaml +++ /dev/null @@ -1,438 +0,0 @@ -##--- -# Source: olm/templates/03-clusterserviceversion.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterserviceversions.operators.coreos.com - annotations: - displayName: Operator Version - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. -spec: - names: - plural: clusterserviceversions - singular: clusterserviceversion - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - shortNames: - - csv - categories: - - all - - olm - additionalPrinterColumns: - - name: Display - type: string - description: The name of the CSV - JSONPath: .spec.displayName - - name: Version - type: string - description: The version of the CSV - JSONPath: .spec.version - - name: Replaces - type: string - description: The name of a CSV that this one replaces - JSONPath: .spec.replaces - - name: Phase - type: string - JSONPath: .status.phase - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for a ClusterServiceVersion - required: - - displayName - - install - properties: - displayName: - type: string - description: Human readable name of the application that will be displayed in the ALM UI - - description: - type: string - description: Human readable description of what the application does - - keywords: - type: array - description: List of keywords which will be used to discover and categorize app types - items: - type: string - - maintainers: - type: array - description: Those responsible for the creation of this specific app type - items: - type: object - description: Information for a single maintainer - required: - - name - - email - properties: - name: - type: string - description: Maintainer's name - email: - type: string - description: Maintainer's email address - format: email - optionalProperties: - type: string - description: "Any additional key-value metadata you wish to expose about the maintainer, e.g. github: " - - links: - type: array - description: Interesting links to find more information about the project, such as marketing page, documentation, or github page - items: - type: object - description: A single link to describe one aspect of the project - required: - - name - - url - properties: - name: - type: string - description: Name of the link type, e.g. homepage or github url - url: - type: string - description: URL to which the link should point - format: uri - - icon: - type: array - description: Icon which should be rendered with the application information - required: - - base64data - - mediatype - properties: - base64data: - type: string - description: Base64 binary representation of the icon image - pattern: ^(?:[A-Za-z0-9+/]{4}){0,16250}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$ - mediatype: - type: string - description: Mediatype for the binary data specified in the base64data property - enum: - - image/gif - - image/jpeg - - image/png - - image/svg+xml - version: - type: string - description: Version string, recommended that users use semantic versioning - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - replaces: - type: string - description: Name of the ClusterServiceVersion custom resource that this version replaces - - maturity: - type: string - description: What level of maturity the software has achieved at this version - enum: - - planning - - pre-alpha - - alpha - - beta - - stable - - mature - - inactive - - deprecated - labels: - type: object - description: Labels that will be applied to associated resources created by the operator. - selector: - type: object - description: Label selector to find resources associated with or managed by the operator - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - customresourcedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the CRD - required: - - kind - - version - properties: - name: - type: string - description: If a CRD, the fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this spec is the same for all instances of the CRD and can be found here instead of on the CR. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - - - install: - type: object - description: Information required to install this specific version of the operator software - oneOf: - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['image'] - spec: - type: object - required: - - image - properties: - image: - type: string - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['deployment'] - spec: - type: object - required: - - deployments - properties: - deployments: - type: array - description: List of deployments to create - items: - type: object - description: A name and deployment to create in the cluster - required: - - name - - spec - properties: - name: - type: string - description: the consistent name of the deployment - spec: - type: object - description: The deployment spec to create in the cluster - permissions: - type: array - description: Permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - get - - list - - watch - - create - - update - - patch - - delete - - deletecollection - status: - type: object - description: Status for a ClusterServiceVersion diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/05-catalogsource.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/05-catalogsource.crd.yaml deleted file mode 100644 index 9cea24c345..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/05-catalogsource.crd.yaml +++ /dev/null @@ -1,81 +0,0 @@ -##--- -# Source: olm/templates/05-catalogsource.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: catalogsources.operators.coreos.com - annotations: - displayName: CatalogSource - description: A source configured to find packages and updates. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: catalogsources - singular: catalogsource - kind: CatalogSource - listKind: CatalogSourceList - categories: - - all - - olm - additionalPrinterColumns: - - name: Name - type: string - description: The pretty name of the catalog - JSONPath: .spec.displayName - - name: Type - type: string - description: The type of the catalog - JSONPath: .spec.sourceType - - name: Publisher - type: string - description: The publisher of the catalog - JSONPath: .spec.publisher - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Represents a subscription to a source and channel - required: - - spec - type: object - description: Spec for a catalog source. - required: - - sourceType - properties: - sourceType: - type: string - description: The type of the source. Currently the only supported type is "internal". - enum: - - internal - - configMap: - type: string - description: The name of a ConfigMap that holds the entries for an in-memory catalog. - - displayName: - type: string - description: Pretty name for display - - publisher: - type: string - description: The name of an entity that publishes this catalog - - secrets: - type: array - description: A set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. - items: - type: string - description: A name of a secret in the namespace where the CatalogSource is defined. diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/06-installplan.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/06-installplan.crd.yaml deleted file mode 100644 index 7173b43346..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/06-installplan.crd.yaml +++ /dev/null @@ -1,78 +0,0 @@ -##--- -# Source: olm/templates/06-installplan.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: installplans.operators.coreos.com - annotations: - displayName: Install Plan - description: Represents a plan to install and resolve dependencies for Cluster Services -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: installplans - singular: installplan - kind: InstallPlan - listKind: InstallPlanList - categories: - - all - - olm - additionalPrinterColumns: - - name: CSV - type: string - description: The first CSV in the list of clusterServiceVersionNames - JSONPath: .spec.clusterServiceVersionNames[0] - - name: Source - type: string - description: The catalog source for the specified CSVs. - JSONPath: .spec.source - - name: Approval - type: string - description: The approval mode - JSONPath: .spec.approval - - name: Approved - type: boolean - JSONPath: .spec.approved - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for an InstallPlan - required: - - clusterServiceVersionNames - - approval - properties: - source: - type: string - description: Name of the preferred CatalogSource - sourceNamespace: - type: string - description: Namespace that contains the preffered CatalogSource - clusterServiceVersionNames: - type: array - description: A list of the names of the Cluster Services - items: - type: string - anyOf: - - properties: - approval: - enum: - - Manual - approved: - type: boolean - required: - - approved - - properties: - approval: - enum: - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/07-subscription.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/07-subscription.crd.yaml deleted file mode 100644 index 3eaf9572b8..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/07-subscription.crd.yaml +++ /dev/null @@ -1,72 +0,0 @@ -##--- -# Source: olm/templates/07-subscription.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.operators.coreos.com - annotations: - displayName: Subscription - description: Subcribes service catalog to a source and channel to recieve updates for packages. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: subscriptions - singular: subscription - kind: Subscription - listKind: SubscriptionList - categories: - - all - - olm - additionalPrinterColumns: - - name: Package - type: string - description: The package subscribed to - JSONPath: .spec.name - - name: Source - type: string - description: The catalog source for the specified package - JSONPath: .spec.source - - name: Channel - type: string - description: The channel of updates to subscribe to - JSONPath: .spec.channel - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for a Subscription - required: - - source - - name - properties: - source: - type: string - description: Name of a CatalogSource that defines where and how to find the channel - sourceNamespace: - type: string - description: The Kubernetes namespace where the CatalogSource used is located - name: - type: string - description: Name of the package that defines the application - channel: - type: string - description: Name of the channel to track - startingCSV: - type: string - description: Name of the AppType that this subscription tracks - installPlanApproval: - type: string - description: Approval mode for emitted InstallPlans - enum: - - Manual - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/08-ocs.configmap.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/08-ocs.configmap.yaml deleted file mode 100644 index ce60188f46..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/08-ocs.configmap.yaml +++ /dev/null @@ -1,7254 +0,0 @@ -##--- -# Source: olm/templates/08-ocs.configmap.yaml - -kind: ConfigMap -apiVersion: v1 -metadata: - name: ocs - namespace: kube-system - -data: - customResourceDefinitions: |- - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: alertmanagers.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: Alertmanager - plural: alertmanagers - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: 'Specification of the desired behavior of the Alertmanager - cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - affinity: - description: Affinity is a group of affinity scheduling rules. - properties: - nodeAffinity: - description: Node affinity is a group of node affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). - properties: - preference: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - preference - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: A node selector represents the union of the results - of one or more label queries over a set of nodes; that is, - it represents the OR of the selectors represented by the node - selector terms. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - type: array - required: - - nodeSelectorTerms - podAffinity: - description: Pod affinity is a group of inter pod affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - podAntiAffinity: - description: Pod anti affinity is a group of inter pod anti affinity - scheduling rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more - of the expressions. The node that is most preferred is the - one with the greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field - and adding "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - baseImage: - description: Base image that is used to deploy pods, without tag. - type: string - containers: - description: Containers allows injecting additional containers. This - is meant to allow adding an authentication proxy to an Alertmanager - pod. - items: - description: A single application container that you want to run within - a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be - updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The - docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: EnvVarSource represents a source for the value - of an EnvVar. - properties: - configMapKeyRef: - description: Selects a key from a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap or it's - key must be defined - type: boolean - required: - - key - fieldRef: - description: ObjectFieldSelector selects an APIVersioned - field of an object. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - resourceFieldRef: - description: ResourceFieldSelector represents container - resources (cpu, memory) and their output format - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: {} - resource: - description: 'Required: resource to select' - type: string - required: - - resource - secretKeyRef: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's - key must be defined - type: boolean - required: - - key - required: - - name - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be a - C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of - ConfigMaps - properties: - configMapRef: - description: |- - ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. - - The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: |- - SecretEnvSource selects a Secret to populate the environment variables with. - - The contents of the target Secret's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle describes actions that the management system - should take in response to container lifecycle events. For the - PostStart and PreStop lifecycle handlers, management of the - container blocks until the action is complete, unless the container - process fails, in which case the handler is aborted. - properties: - postStart: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - preStop: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - livenessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - name: - description: Name of the container specified as a DNS_LABEL. Each - container in a pod must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about the - network connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Cannot be updated. - items: - description: ContainerPort represents a network port in a single - container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod must - have a unique name. Name for the port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. Must be UDP or TCP. Defaults - to "TCP". - type: string - required: - - containerPort - type: array - readinessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - securityContext: - description: SecurityContext holds security configuration that - will be applied to a container. Some fields are present in both - SecurityContext and PodSecurityContext. When both are set, - the values in SecurityContext take precedence. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: Adds and removes POSIX capabilities from running - containers. - properties: - add: - description: Added capabilities - items: - type: string - type: array - drop: - description: Removed capabilities - items: - type: string - type: array - privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. - type: boolean - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to - the container - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - stdin: - description: Whether this container should allocate a buffer for - stdin in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default is - false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin - channel after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container - start, is empty until the first client attaches to stdin, and - then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container - is restarted. If this flag is false, a container processes that - reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s - termination message will be written is mounted into the container''s - filesystem. Message written is intended to be brief final status, - such as an assertion failure message. Will be truncated by the - node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. - File will use the contents of terminationMessagePath to populate - the container status message on both success and failure. FallbackToLogsOnError - will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. This is an alpha feature and may change - in the future. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - name - - devicePath - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationHostToContainer - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - required: - - name - - mountPath - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might be - configured in the container image. Cannot be updated. - type: string - required: - - name - type: array - externalUrl: - description: The external URL the Alertmanager instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Alertmanager is not served from root of a DNS name. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same namespace - to use for pulling prometheus and alertmanager images from registries - see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to let - you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - type: array - listenLocal: - description: ListenLocal makes the Alertmanager server listen on loopback, - so that it does not bind against the Pod IP. Note this is only for - the Alertmanager UI, not the gossip communication. - type: boolean - logLevel: - description: Log level for Alertmanager to be configured with. - type: string - nodeSelector: - description: Define which Nodes the Pods are scheduled on. - type: object - paused: - description: If set to true all actions on the underlaying managed objects - are not goint to be performed, except for delete actions. - type: boolean - podMetadata: - description: ObjectMeta is metadata that all persisted resources must - have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs to. - This is used to distinguish resources with same name and namespace - in different clusters. This field is not set anywhere right now - and apiserver is going to ignore it if set in create or update - request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to gracefully - terminate before it will be removed from the system. Only set - when deletionTimestamp is also set. May only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted from the - registry. Each entry is an identifier for the responsible component - that will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that must execute - in order before this object is visible. When the last pending - initializer is removed, and no failing result is set, the - initializers struct will be set to nil and the object is considered - as initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible for - initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that don't return - other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of - this representation of an object. Servers should convert - recognized schemas to the latest internal value, and may - reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this status, - 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional properties - that MAY be set by the server to provide additional information - about a response. The Reason field of a Status object - defines what attributes will be set. Clients must ignore - fields that do not match the defined type of each attribute, - and should assume that any attribute may be empty, invalid, - or under defined. - properties: - causes: - description: The Causes array includes more details - associated with the StatusReason failure. Not all - StatusReasons may provide detailed causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases when - multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description of the - cause of the error. This field may be presented - as-is to a reader. - type: string - reason: - description: A machine-readable description of - the cause of the error. If this value is empty - there is no information available. - type: string - type: array - group: - description: The group attribute of the resource associated - with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource associated - with the status StatusReason. On some operations may - differ from the requested resource Kind. More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource associated - with the status StatusReason (when there is a single - name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds before - the operation should be retried. Some errors may indicate - the client must take an alternate action - for those - errors this field may indicate how long to wait before - taking the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there is a - single resource which can be described). More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the status - of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various status - objects. A resource may have only one of {ObjectMeta, - ListMeta}. - properties: - continue: - description: continue may be set if the user set a limit - on the number of items returned, and indicates that - the server has more data available. The value is opaque - and may be used to issue another request to the endpoint - that served this list to retrieve the next set of - available objects. Continuing a list may not be possible - if the server configuration has changed or more than - a few minutes have passed. The resourceVersion field - returned when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s internal - version of this object that can be used by clients - to determine when objects have changed. Value must - be treated as opaque by clients and passed unmodified - back to the server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why this - operation is in the "Failure" status. If this value is - empty there is no information available. A Reason clarifies - an HTTP status code but does not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a client - to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If ALL objects - in the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this - list will point to this controller, with the controller field - set to true. There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information to let - you identify an owning object. Currently, an owning object must - be in the same namespace, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the key-value - store until this reference is removed. Defaults to false. - To set this field, a user needs "delete" permission of the - owner, otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. Populated - by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - replicas: - description: Size is the expected size of the alertmanager cluster. - The controller will eventually make the size of the running cluster - equal to the expected size. - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - routePrefix: - description: The route prefix Alertmanager registers HTTP handlers for. - This is useful, if using ExternalURL and a proxy is rewriting HTTP - routes of a request, and the actual ExternalURL is still true, but - the server serves requests under a different route prefix. For example - for use with `kubectl proxy`. - type: string - secrets: - description: Secrets is a list of Secrets in the same namespace as the - Alertmanager object, which shall be mounted into the Alertmanager - Pods. The Secrets are mounted into /etc/alertmanager/secrets/. - items: - type: string - type: array - securityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in container.securityContext. Field - values of container.securityContext take precedence over field values - of PodSecurityContext. - properties: - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - format: int64 - type: integer - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to the - container - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - supplementalGroups: - description: A list of groups applied to the first process run in - each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: array - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to - use to run the Prometheus Pods. - type: string - storage: - description: StorageSpec defines the configured storage for a group - Prometheus servers. - properties: - class: - description: 'Name of the StorageClass to use when requesting storage - provisioning. More info: https://kubernetes.io/docs/user-guide/persistent-volumes/#storageclasses - DEPRECATED' - type: string - emptyDir: - description: Represents an empty directory for a pod. Empty directory - volumes support ownership management and SELinux relabeling. - properties: - medium: - description: 'What type of storage medium should back this directory. - The default is "" which means to use the node''s default medium. - Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: {} - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - volumeClaimTemplate: - description: PersistentVolumeClaim is a user's request for and claim - to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - description: ObjectMeta is metadata that all persisted resources - must have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs - to. This is used to distinguish resources with same name - and namespace in different clusters. This field is not - set anywhere right now and apiserver is going to ignore - it if set in create or update request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to - gracefully terminate before it will be removed from the - system. Only set when deletionTimestamp is also set. May - only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted - from the registry. Each entry is an identifier for the - responsible component that will remove the entry from - the list. If the deletionTimestamp of the object is non-nil, - entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that - must execute in order before this object is visible. - When the last pending initializer is removed, and - no failing result is set, the initializers struct - will be set to nil and the object is considered as - initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible - for initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that - don't return other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal - value, and may reject unrecognized values. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this - status, 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional - properties that MAY be set by the server to provide - additional information about a response. The Reason - field of a Status object defines what attributes - will be set. Clients must ignore fields that do - not match the defined type of each attribute, - and should assume that any attribute may be empty, - invalid, or under defined. - properties: - causes: - description: The Causes array includes more - details associated with the StatusReason failure. - Not all StatusReasons may provide detailed - causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases - when multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description - of the cause of the error. This field - may be presented as-is to a reader. - type: string - reason: - description: A machine-readable description - of the cause of the error. If this value - is empty there is no information available. - type: string - type: array - group: - description: The group attribute of the resource - associated with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource - associated with the status StatusReason. On - some operations may differ from the requested - resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource - associated with the status StatusReason (when - there is a single name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds - before the operation should be retried. Some - errors may indicate the client must take an - alternate action - for those errors this field - may indicate how long to wait before taking - the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there - is a single resource which can be described). - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing - the REST resource this object represents. Servers - may infer this from the endpoint the client submits - requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the - status of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various - status objects. A resource may have only one of - {ObjectMeta, ListMeta}. - properties: - continue: - description: continue may be set if the user - set a limit on the number of items returned, - and indicates that the server has more data - available. The value is opaque and may be - used to issue another request to the endpoint - that served this list to retrieve the next - set of available objects. Continuing a list - may not be possible if the server configuration - has changed or more than a few minutes have - passed. The resourceVersion field returned - when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s - internal version of this object that can be - used by clients to determine when objects - have changed. Value must be treated as opaque - by clients and passed unmodified back to the - server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing - this object. Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why - this operation is in the "Failure" status. If - this value is empty there is no information available. - A Reason clarifies an HTTP status code but does - not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is - required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If - ALL objects in the list have been deleted, this object - will be garbage collected. If this object is managed by - a controller, then an entry in this list will point to - this controller, with the controller field set to true. - There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. Currently, an - owning object must be in the same namespace, so there - is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from - the key-value store until this reference is removed. - Defaults to false. To set this field, a user needs - "delete" permission of the owner, otherwise 422 - (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the - managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - spec: - description: PersistentVolumeClaimSpec describes the common - attributes of storage devices and allows a Source for provider-specific - attributes - properties: - accessModes: - description: 'AccessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - resources: - description: ResourceRequirements describes the compute - resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set - of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - storageClassName: - description: 'Name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not - included in claim spec. This is an alpha feature and may - change in the future. - type: string - volumeName: - description: VolumeName is the binding reference to the - PersistentVolume backing this claim. - type: string - status: - description: PersistentVolumeClaimStatus is the current status - of a persistent volume claim. - properties: - accessModes: - description: 'AccessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - capacity: - description: Represents the actual resources of the underlying - volume. - type: object - conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails details - about state of pvc - properties: - lastProbeTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - lastTransitionTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - message: - description: Human-readable message indicating details - about last transition. - type: string - reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is being - resized. - type: string - status: - type: string - type: - type: string - required: - - type - - status - type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string - tag: - description: Tag of Alertmanager container image to be deployed. Defaults - to the value of `version`. - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: array - version: - description: Version the cluster should be on. - type: string - status: - description: 'Most recent observed status of the Alertmanager cluster. Read-only. - Not included when requesting from the apiserver, only from the Prometheus - Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this Alertmanager cluster. - format: int32 - type: integer - paused: - description: Represents whether any actions on the underlaying managed - objects are being performed. Only delete actions will be performed. - type: boolean - replicas: - description: Total number of non-terminated pods targeted by this Alertmanager - cluster (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: Total number of unavailable pods targeted by this Alertmanager - cluster. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted by this Alertmanager - cluster that have the desired version spec. - format: int32 - type: integer - required: - - paused - - replicas - - updatedReplicas - - availableReplicas - - unavailableReplicas - version: v1 - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdbackups.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - kind: EtcdBackup - listKind: EtcdBackupList - plural: etcdbackups - singular: etcdbackup - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdclusters.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - plural: etcdclusters - singular: etcdcluster - kind: EtcdCluster - listKind: EtcdClusterList - shortNames: - - etcdclus - - etcd - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdrestores.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - kind: EtcdRestore - listKind: EtcdRestoreList - plural: etcdrestores - singular: etcdrestore - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: prometheuses.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: Prometheus - plural: prometheuses - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: 'Specification of the desired behavior of the Prometheus cluster. - More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - additionalAlertManagerConfigs: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must be defined - type: boolean - required: - - key - additionalScrapeConfigs: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must be defined - type: boolean - required: - - key - affinity: - description: Affinity is a group of affinity scheduling rules. - properties: - nodeAffinity: - description: Node affinity is a group of node affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). - properties: - preference: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - preference - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: A node selector represents the union of the results - of one or more label queries over a set of nodes; that is, - it represents the OR of the selectors represented by the node - selector terms. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - type: array - required: - - nodeSelectorTerms - podAffinity: - description: Pod affinity is a group of inter pod affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - podAntiAffinity: - description: Pod anti affinity is a group of inter pod anti affinity - scheduling rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more - of the expressions. The node that is most preferred is the - one with the greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field - and adding "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - alerting: - description: AlertingSpec defines parameters for alerting configuration - of Prometheus servers. - properties: - alertmanagers: - description: AlertmanagerEndpoints Prometheus should fire alerts - against. - items: - description: AlertmanagerEndpoints defines a selection of a single - Endpoints object containing alertmanager IPs to fire alerts - against. - properties: - bearerTokenFile: - description: BearerTokenFile to read from filesystem to use - when authenticating to Alertmanager. - type: string - name: - description: Name of Endpoints object in Namespace. - type: string - namespace: - description: Namespace of Endpoints object. - type: string - pathPrefix: - description: Prefix for the HTTP path alerts are pushed to. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use when firing alerts. - type: string - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - required: - - namespace - - name - - port - type: array - required: - - alertmanagers - baseImage: - description: Base image to use for a Prometheus deployment. - type: string - containers: - description: Containers allows injecting additional containers. This - is meant to allow adding an authentication proxy to a Prometheus pod. - items: - description: A single application container that you want to run within - a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be - updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The - docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: EnvVarSource represents a source for the value - of an EnvVar. - properties: - configMapKeyRef: - description: Selects a key from a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap or it's - key must be defined - type: boolean - required: - - key - fieldRef: - description: ObjectFieldSelector selects an APIVersioned - field of an object. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - resourceFieldRef: - description: ResourceFieldSelector represents container - resources (cpu, memory) and their output format - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: {} - resource: - description: 'Required: resource to select' - type: string - required: - - resource - secretKeyRef: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's - key must be defined - type: boolean - required: - - key - required: - - name - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be a - C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of - ConfigMaps - properties: - configMapRef: - description: |- - ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. - The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: |- - SecretEnvSource selects a Secret to populate the environment variables with. - The contents of the target Secret's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle describes actions that the management system - should take in response to container lifecycle events. For the - PostStart and PreStop lifecycle handlers, management of the - container blocks until the action is complete, unless the container - process fails, in which case the handler is aborted. - properties: - postStart: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - preStop: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - livenessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - name: - description: Name of the container specified as a DNS_LABEL. Each - container in a pod must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about the - network connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Cannot be updated. - items: - description: ContainerPort represents a network port in a single - container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod must - have a unique name. Name for the port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. Must be UDP or TCP. Defaults - to "TCP". - type: string - required: - - containerPort - type: array - readinessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - securityContext: - description: SecurityContext holds security configuration that - will be applied to a container. Some fields are present in both - SecurityContext and PodSecurityContext. When both are set, - the values in SecurityContext take precedence. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: Adds and removes POSIX capabilities from running - containers. - properties: - add: - description: Added capabilities - items: - type: string - type: array - drop: - description: Removed capabilities - items: - type: string - type: array - privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. - type: boolean - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to - the container - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - stdin: - description: Whether this container should allocate a buffer for - stdin in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default is - false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin - channel after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container - start, is empty until the first client attaches to stdin, and - then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container - is restarted. If this flag is false, a container processes that - reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s - termination message will be written is mounted into the container''s - filesystem. Message written is intended to be brief final status, - such as an assertion failure message. Will be truncated by the - node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. - File will use the contents of terminationMessagePath to populate - the container status message on both success and failure. FallbackToLogsOnError - will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. This is an alpha feature and may change - in the future. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - name - - devicePath - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationHostToContainer - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - required: - - name - - mountPath - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might be - configured in the container image. Cannot be updated. - type: string - required: - - name - type: array - evaluationInterval: - description: Interval between consecutive evaluations. - type: string - externalLabels: - description: The labels to add to any time series or alerts when communicating - with external systems (federation, remote storage, Alertmanager). - type: object - externalUrl: - description: The external URL the Prometheus instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Prometheus is not served from root of a DNS name. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same namespace - to use for pulling prometheus and alertmanager images from registries - see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to let - you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - type: array - listenLocal: - description: ListenLocal makes the Prometheus server listen on loopback, - so that it does not bind against the Pod IP. - type: boolean - logLevel: - description: Log level for Prometheus to be configured with. - type: string - nodeSelector: - description: Define which Nodes the Pods are scheduled on. - type: object - paused: - description: When a Prometheus deployment is paused, no actions except - for deletion will be performed on the underlying objects. - type: boolean - podMetadata: - description: ObjectMeta is metadata that all persisted resources must - have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs to. - This is used to distinguish resources with same name and namespace - in different clusters. This field is not set anywhere right now - and apiserver is going to ignore it if set in create or update - request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to gracefully - terminate before it will be removed from the system. Only set - when deletionTimestamp is also set. May only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted from the - registry. Each entry is an identifier for the responsible component - that will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that must execute - in order before this object is visible. When the last pending - initializer is removed, and no failing result is set, the - initializers struct will be set to nil and the object is considered - as initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible for - initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that don't return - other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of - this representation of an object. Servers should convert - recognized schemas to the latest internal value, and may - reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this status, - 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional properties - that MAY be set by the server to provide additional information - about a response. The Reason field of a Status object - defines what attributes will be set. Clients must ignore - fields that do not match the defined type of each attribute, - and should assume that any attribute may be empty, invalid, - or under defined. - properties: - causes: - description: The Causes array includes more details - associated with the StatusReason failure. Not all - StatusReasons may provide detailed causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases when - multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description of the - cause of the error. This field may be presented - as-is to a reader. - type: string - reason: - description: A machine-readable description of - the cause of the error. If this value is empty - there is no information available. - type: string - type: array - group: - description: The group attribute of the resource associated - with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource associated - with the status StatusReason. On some operations may - differ from the requested resource Kind. More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource associated - with the status StatusReason (when there is a single - name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds before - the operation should be retried. Some errors may indicate - the client must take an alternate action - for those - errors this field may indicate how long to wait before - taking the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there is a - single resource which can be described). More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the status - of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various status - objects. A resource may have only one of {ObjectMeta, - ListMeta}. - properties: - continue: - description: continue may be set if the user set a limit - on the number of items returned, and indicates that - the server has more data available. The value is opaque - and may be used to issue another request to the endpoint - that served this list to retrieve the next set of - available objects. Continuing a list may not be possible - if the server configuration has changed or more than - a few minutes have passed. The resourceVersion field - returned when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s internal - version of this object that can be used by clients - to determine when objects have changed. Value must - be treated as opaque by clients and passed unmodified - back to the server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why this - operation is in the "Failure" status. If this value is - empty there is no information available. A Reason clarifies - an HTTP status code but does not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a client - to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If ALL objects - in the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this - list will point to this controller, with the controller field - set to true. There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information to let - you identify an owning object. Currently, an owning object must - be in the same namespace, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the key-value - store until this reference is removed. Defaults to false. - To set this field, a user needs "delete" permission of the - owner, otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. Populated - by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - remoteRead: - description: If specified, the remote_read spec. This is an experimental - feature, it may change in any upcoming release in a breaking way. - items: - description: RemoteReadSpec defines the remote_read configuration - for prometheus. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - username: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bearerToken: - description: bearer token for remote read. - type: string - bearerTokenFile: - description: File to read bearer token for remote read. - type: string - proxyUrl: - description: Optional ProxyURL - type: string - readRecent: - description: Whether reads should be made for queries for time - ranges that the local storage should have complete data for. - type: boolean - remoteTimeout: - description: Timeout for requests to the remote read endpoint. - type: string - requiredMatchers: - description: An optional list of equality matchers which have - to be present in a selector to query the remote read endpoint. - type: object - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - url: - description: The URL of the endpoint to send samples to. - type: string - required: - - url - type: array - remoteWrite: - description: If specified, the remote_write spec. This is an experimental - feature, it may change in any upcoming release in a breaking way. - items: - description: RemoteWriteSpec defines the remote_write configuration - for prometheus. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - username: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bearerToken: - description: File to read bearer token for remote write. - type: string - bearerTokenFile: - description: File to read bearer token for remote write. - type: string - proxyUrl: - description: Optional ProxyURL - type: string - queueConfig: - description: QueueConfig allows the tuning of remote_write queue_config - parameters. This object is referenced in the RemoteWriteSpec - object. - properties: - batchSendDeadline: - description: BatchSendDeadline is the maximum time a sample - will wait in buffer. - type: string - capacity: - description: Capacity is the number of samples to buffer per - shard before we start dropping them. - format: int32 - type: integer - maxBackoff: - description: MaxBackoff is the maximum retry delay. - type: string - maxRetries: - description: MaxRetries is the maximum number of times to - retry a batch on recoverable errors. - format: int32 - type: integer - maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number of samples - per send. - format: int32 - type: integer - maxShards: - description: MaxShards is the maximum number of shards, i.e. - amount of concurrency. - format: int32 - type: integer - minBackoff: - description: MinBackoff is the initial retry delay. Gets doubled - for every retry. - type: string - remoteTimeout: - description: Timeout for requests to the remote write endpoint. - type: string - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - url: - description: The URL of the endpoint to send samples to. - type: string - writeRelabelConfigs: - description: The list of remote write relabel configurations. - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It defines - ``-section of Prometheus configuration. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - description: Action to perform based on regex matching. - Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label - values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. defailt is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular expression - for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: array - required: - - url - type: array - replicas: - description: Number of instances to deploy for a Prometheus deployment. - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - retention: - description: Time duration Prometheus shall retain data for. - type: string - routePrefix: - description: The route prefix Prometheus registers HTTP handlers for. - This is useful, if using ExternalURL and a proxy is rewriting HTTP - routes of a request, and the actual ExternalURL is still true, but - the server serves requests under a different route prefix. For example - for use with `kubectl proxy`. - type: string - ruleNamespaceSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - ruleSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - scrapeInterval: - description: Interval between consecutive scrapes. - type: string - secrets: - description: Secrets is a list of Secrets in the same namespace as the - Prometheus object, which shall be mounted into the Prometheus Pods. - The Secrets are mounted into /etc/prometheus/secrets/. - Secrets changes after initial creation of a Prometheus object are - not reflected in the running Pods. To change the secrets mounted into - the Prometheus Pods, the object must be deleted and recreated with - the new list of secrets. - items: - type: string - type: array - securityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in container.securityContext. Field - values of container.securityContext take precedence over field values - of PodSecurityContext. - properties: - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. - format: int64 - type: integer - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to the - container - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - supplementalGroups: - description: A list of groups applied to the first process run in - each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: array - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to - use to run the Prometheus Pods. - type: string - serviceMonitorNamespaceSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - serviceMonitorSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - storage: - description: StorageSpec defines the configured storage for a group - Prometheus servers. - properties: - class: - description: 'Name of the StorageClass to use when requesting storage - provisioning. More info: https://kubernetes.io/docs/user-guide/persistent-volumes/#storageclasses - DEPRECATED' - type: string - emptyDir: - description: Represents an empty directory for a pod. Empty directory - volumes support ownership management and SELinux relabeling. - properties: - medium: - description: 'What type of storage medium should back this directory. - The default is "" which means to use the node''s default medium. - Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: {} - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - volumeClaimTemplate: - description: PersistentVolumeClaim is a user's request for and claim - to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - description: ObjectMeta is metadata that all persisted resources - must have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs - to. This is used to distinguish resources with same name - and namespace in different clusters. This field is not - set anywhere right now and apiserver is going to ignore - it if set in create or update request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to - gracefully terminate before it will be removed from the - system. Only set when deletionTimestamp is also set. May - only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted - from the registry. Each entry is an identifier for the - responsible component that will remove the entry from - the list. If the deletionTimestamp of the object is non-nil, - entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that - must execute in order before this object is visible. - When the last pending initializer is removed, and - no failing result is set, the initializers struct - will be set to nil and the object is considered as - initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible - for initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that - don't return other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal - value, and may reject unrecognized values. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this - status, 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional - properties that MAY be set by the server to provide - additional information about a response. The Reason - field of a Status object defines what attributes - will be set. Clients must ignore fields that do - not match the defined type of each attribute, - and should assume that any attribute may be empty, - invalid, or under defined. - properties: - causes: - description: The Causes array includes more - details associated with the StatusReason failure. - Not all StatusReasons may provide detailed - causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases - when multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description - of the cause of the error. This field - may be presented as-is to a reader. - type: string - reason: - description: A machine-readable description - of the cause of the error. If this value - is empty there is no information available. - type: string - type: array - group: - description: The group attribute of the resource - associated with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource - associated with the status StatusReason. On - some operations may differ from the requested - resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource - associated with the status StatusReason (when - there is a single name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds - before the operation should be retried. Some - errors may indicate the client must take an - alternate action - for those errors this field - may indicate how long to wait before taking - the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there - is a single resource which can be described). - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing - the REST resource this object represents. Servers - may infer this from the endpoint the client submits - requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the - status of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various - status objects. A resource may have only one of - {ObjectMeta, ListMeta}. - properties: - continue: - description: continue may be set if the user - set a limit on the number of items returned, - and indicates that the server has more data - available. The value is opaque and may be - used to issue another request to the endpoint - that served this list to retrieve the next - set of available objects. Continuing a list - may not be possible if the server configuration - has changed or more than a few minutes have - passed. The resourceVersion field returned - when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s - internal version of this object that can be - used by clients to determine when objects - have changed. Value must be treated as opaque - by clients and passed unmodified back to the - server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing - this object. Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why - this operation is in the "Failure" status. If - this value is empty there is no information available. - A Reason clarifies an HTTP status code but does - not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is - required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If - ALL objects in the list have been deleted, this object - will be garbage collected. If this object is managed by - a controller, then an entry in this list will point to - this controller, with the controller field set to true. - There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. Currently, an - owning object must be in the same namespace, so there - is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from - the key-value store until this reference is removed. - Defaults to false. To set this field, a user needs - "delete" permission of the owner, otherwise 422 - (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the - managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - spec: - description: PersistentVolumeClaimSpec describes the common - attributes of storage devices and allows a Source for provider-specific - attributes - properties: - accessModes: - description: 'AccessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - resources: - description: ResourceRequirements describes the compute - resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set - of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - storageClassName: - description: 'Name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not - included in claim spec. This is an alpha feature and may - change in the future. - type: string - volumeName: - description: VolumeName is the binding reference to the - PersistentVolume backing this claim. - type: string - status: - description: PersistentVolumeClaimStatus is the current status - of a persistent volume claim. - properties: - accessModes: - description: 'AccessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - capacity: - description: Represents the actual resources of the underlying - volume. - type: object - conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails details - about state of pvc - properties: - lastProbeTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - lastTransitionTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - message: - description: Human-readable message indicating details - about last transition. - type: string - reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is being - resized. - type: string - status: - type: string - type: - type: string - required: - - type - - status - type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string - tag: - description: Tag of Prometheus container image to be deployed. Defaults - to the value of `version`. - type: string - thanos: - description: ThanosSpec defines parameters for a Prometheus server within - a Thanos deployment. - properties: - baseImage: - description: Thanos base image if other than default. - type: string - gcs: - description: ThanosGCSSpec defines parameters for use of Google - Cloud Storage (GCS) with Thanos. - properties: - bucket: - description: Google Cloud Storage bucket name for stored blocks. - If empty it won't store any block inside Google Cloud Storage. - type: string - peers: - description: Peers is a DNS name for Thanos to discover peers through. - type: string - s3: - description: ThanosSpec defines parameters for of AWS Simple Storage - Service (S3) with Thanos. (S3 compatible services apply as well) - properties: - accessKey: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bucket: - description: S3-Compatible API bucket name for stored blocks. - type: string - endpoint: - description: S3-Compatible API endpoint for stored blocks. - type: string - insecure: - description: Whether to use an insecure connection with an S3-Compatible - API. - type: boolean - secretKey: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - signatureVersion2: - description: Whether to use S3 Signature Version 2; otherwise - Signature Version 4 will be used. - type: boolean - tag: - description: Tag of Thanos sidecar container image to be deployed. - Defaults to the value of `version`. - type: string - version: - description: Version describes the version of Thanos to use. - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: array - version: - description: Version of Prometheus to be deployed. - type: string - status: - description: 'Most recent observed status of the Prometheus cluster. Read-only. - Not included when requesting from the apiserver, only from the Prometheus - Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this Prometheus deployment. - format: int32 - type: integer - paused: - description: Represents whether any actions on the underlaying managed - objects are being performed. Only delete actions will be performed. - type: boolean - replicas: - description: Total number of non-terminated pods targeted by this Prometheus - deployment (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: Total number of unavailable pods targeted by this Prometheus - deployment. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted by this Prometheus - deployment that have the desired version spec. - format: int32 - type: integer - required: - - paused - - replicas - - updatedReplicas - - availableReplicas - - unavailableReplicas - version: v1 - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: prometheusrules.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: PrometheusRule - plural: prometheusrules - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: PrometheusRuleSpec contains specification parameters for a - Rule. - properties: - groups: - description: Content of Prometheus rule file - items: - description: RuleGroup is a list of sequentially evaluated recording - and alerting rules. - properties: - interval: - type: string - name: - type: string - rules: - items: - description: Rule describes an alerting or recording rule. - properties: - alert: - type: string - annotations: - type: object - expr: - type: string - for: - type: string - labels: - type: object - record: - type: string - required: - - expr - type: array - required: - - name - - rules - type: array - version: v1 - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: servicemonitors.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: ServiceMonitor - plural: servicemonitors - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: ServiceMonitorSpec contains specification parameters for a - ServiceMonitor. - properties: - endpoints: - description: A list of endpoints allowed as part of this ServiceMonitor. - items: - description: Endpoint defines a scrapeable endpoint serving Prometheus - metrics. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - username: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bearerTokenFile: - description: File to read bearer token for scraping targets. - type: string - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - interval: - description: Interval at which metrics should be scraped - type: string - metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It defines - ``-section of Prometheus configuration. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - description: Action to perform based on regex matching. - Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label - values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. defailt is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular expression - for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: array - params: - description: Optional HTTP URL parameters - type: object - path: - description: HTTP path to scrape for metrics. - type: string - port: - description: Name of the service port this endpoint refers to. - Mutually exclusive with targetPort. - type: string - proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. - type: string - scheme: - description: HTTP scheme to use for scraping. - type: string - scrapeTimeout: - description: Timeout after which the scrape is ended - type: string - targetPort: - anyOf: - - type: string - - type: integer - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: array - jobLabel: - description: The label to use to retrieve the job name from. - type: string - namespaceSelector: - description: A selector for selecting namespaces either selecting all - namespaces or a list of namespaces. - properties: - any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. - type: boolean - matchNames: - description: List of namespace names. - items: - type: string - type: array - selector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - targetLabels: - description: TargetLabels transfers labels on the Kubernetes Service - onto the target. - items: - type: string - type: array - required: - - endpoints - - selector - version: v1 - - clusterServiceVersions: |- - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: etcdoperator.v0.6.1 - namespace: placeholder - annotations: - tectonic-visibility: ocs - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - **High availability** - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - **Automated updates** - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - **Backups included** - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.6.1 - maturity: alpha - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-status-descriptors: etcdoperator.v0.6.1 - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - verbs: - - "*" - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:bd944a211eaf8f31da5e6d69e8541e7cada8f16a9f7a5a570b22478997819943 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: service - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: etcdoperator.v0.9.0 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdCluster","metadata":{"name":"example","namespace":"default"},"spec":{"size":3,"version":"3.2.13"}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdRestore","metadata":{"name":"example-etcd-cluster"},"spec":{"etcdCluster":{"name":"example-etcd-cluster"},"backupStorageType":"S3","s3":{"path":"","awsSecret":""}}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdBackup","metadata":{"name":"example-etcd-cluster-backup"},"spec":{"etcdEndpoints":[""],"storageType":"S3","s3":{"path":"","awsSecret":""}}}]' - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - - - **Automated updates** - - - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - - - **Backups included** - - - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.9.0 - maturity: alpha - replaces: etcdoperator.v0.6.1 - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - - etcdbackups - - etcdrestores - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-backup-operator - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - command: - - etcd-backup-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-restore-operator - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - command: - - etcd-restore-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: pod.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdbackups.etcd.database.coreos.com - version: v1beta2 - kind: EtcdBackup - displayName: etcd Backup - description: Represents the intent to backup an etcd cluster. - specDescriptors: - - description: Specifies the endpoints of an etcd cluster. - displayName: etcd Endpoint(s) - path: etcdEndpoints - x-descriptors: - - 'urn:alm:descriptor:etcd:endpoint' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the backup was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any backup related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdrestores.etcd.database.coreos.com - version: v1beta2 - kind: EtcdRestore - displayName: etcd Restore - description: Represents the intent to restore an etcd cluster from a backup. - specDescriptors: - - description: References the EtcdCluster which should be restored, - displayName: etcd Cluster - path: etcdCluster.name - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:EtcdCluster' - - 'urn:alm:descriptor:text' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the restore was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any restore related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: etcdoperator.v0.9.2 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdCluster","metadata":{"name":"example","namespace":"default"},"spec":{"size":3,"version":"3.2.13"}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdRestore","metadata":{"name":"example-etcd-cluster"},"spec":{"etcdCluster":{"name":"example-etcd-cluster"},"backupStorageType":"S3","s3":{"path":"","awsSecret":""}}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdBackup","metadata":{"name":"example-etcd-cluster-backup"},"spec":{"etcdEndpoints":[""],"storageType":"S3","s3":{"path":"","awsSecret":""}}}]' - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - - - **Automated updates** - - - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - - - **Backups included** - - - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.9.2 - maturity: alpha - replaces: etcdoperator.v0.9.0 - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - - etcdbackups - - etcdrestores - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-backup-operator - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - command: - - etcd-backup-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-restore-operator - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - command: - - etcd-restore-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: pod.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdbackups.etcd.database.coreos.com - version: v1beta2 - kind: EtcdBackup - displayName: etcd Backup - description: Represents the intent to backup an etcd cluster. - specDescriptors: - - description: Specifies the endpoints of an etcd cluster. - displayName: etcd Endpoint(s) - path: etcdEndpoints - x-descriptors: - - 'urn:alm:descriptor:etcd:endpoint' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the backup was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any backup related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdrestores.etcd.database.coreos.com - version: v1beta2 - kind: EtcdRestore - displayName: etcd Restore - description: Represents the intent to restore an etcd cluster from a backup. - specDescriptors: - - description: References the EtcdCluster which should be restored, - displayName: etcd Cluster - path: etcdCluster.name - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:EtcdCluster' - - 'urn:alm:descriptor:text' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the restore was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any restore related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: prometheusoperator.0.14.0 - namespace: placeholder - spec: - displayName: Prometheus - description: | - An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. - - _The Prometheus Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Monitoring applications - - Prometheus scrapes your application metrics based on targets maintained in a ServiceMonitor object. When alerts need to be sent, they are processsed by an AlertManager. - - [Read the complete guide to monitoring applications with the Prometheus Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/prometheus-ocs.html) - - ## Supported Features - - **High availability** - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - **Updates via automated operations** - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - **Handles the dynamic nature of containers** - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator Source Code - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.14.0 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-14-0 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: ["get", "list"] - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - servicemonitors - verbs: - - "*" - - apiGroups: - - apps - resources: - - statefulsets - verbs: ["*"] - - apiGroups: [""] - resources: - - configmaps - - secrets - verbs: ["*"] - - apiGroups: [""] - resources: - - pods - verbs: ["list", "delete"] - - apiGroups: [""] - resources: - - services - - endpoints - verbs: ["get", "create", "update"] - - apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] - - apiGroups: [""] - resources: - - namespaces - verbs: ['list'] - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-14-0 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:5037b4e90dbb03ebdefaa547ddf6a1f748c8eeebeedf6b9d9f0913ad662b5731 - command: - - sh - - -c - - > - /bin/operator --namespace=$K8S_NAMESPACE --crd-apigroup monitoring.coreos.com - --labels alm-status-descriptors=prometheusoperator.0.14.0,alm-owner-prometheus=prometheusoperator - --kubelet-service=kube-system/kubelet - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - maturity: alpha - version: 0.14.0 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:monitoring.coreos.com:v1:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Define resources requests and limits for single Pods - displayName: Resource Request - path: resources.requests - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The current number of Pods for the cluster - displayName: Cluster Size - path: replicas - - path: prometheusSelector - displayName: Prometheus Service Selector - description: Label selector to find the service that routes to this prometheus - x-descriptors: - - 'urn:alm:descriptor:label:selector' - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Selector to select which namespaces the Endpoints objects are discovered from - displayName: Monitoring Namespaces - path: namespaceSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:namespaceSelector' - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alert Manager - description: Configures an Alert Manager for the namespace - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: prometheusoperator.0.15.0 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v1.7.0","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' - spec: - replaces: prometheusoperator.0.14.0 - displayName: Prometheus - description: | - An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. - - _The Prometheus Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Monitoring applications - - Prometheus scrapes your application metrics based on targets maintained in a ServiceMonitor object. When alerts need to be sent, they are processsed by an AlertManager. - - [Read the complete guide to monitoring applications with the Prometheus Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/prometheus-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - - - **Updates via automated operations** - - - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - - - **Handles the dynamic nature of containers** - - - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator Source Code - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.15.0 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-14-0 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: ["get", "list"] - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - servicemonitors - verbs: - - "*" - - apiGroups: - - apps - resources: - - statefulsets - verbs: ["*"] - - apiGroups: [""] - resources: - - configmaps - - secrets - verbs: ["*"] - - apiGroups: [""] - resources: - - pods - verbs: ["list", "delete"] - - apiGroups: [""] - resources: - - services - - endpoints - verbs: ["get", "create", "update"] - - apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] - - apiGroups: [""] - resources: - - namespaces - verbs: ['list'] - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-14-0 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:0e92dd9b5789c4b13d53e1319d0a6375bcca4caaf0d698af61198061222a576d - command: - - sh - - -c - - > - /bin/operator --namespace=$K8S_NAMESPACE --crd-apigroup monitoring.coreos.com - --labels alm-status-descriptors=prometheusoperator.0.15.0,alm-owner-prometheus=prometheusoperator - --kubelet-service=kube-system/kubelet - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - maturity: alpha - version: 0.15.0 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:monitoring.coreos.com:v1:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The current number of Pods for the cluster - displayName: Cluster Size - path: replicas - - path: prometheusSelector - displayName: Prometheus Service Selector - description: Label selector to find the service that routes to this prometheus - x-descriptors: - - 'urn:alm:descriptor:label:selector' - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Selector to select which namespaces the Endpoints objects are discovered from - displayName: Monitoring Namespaces - path: namespaceSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:namespaceSelector' - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alert Manager - description: Configures an Alert Manager for the namespace - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: prometheusoperator.0.22.2 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","securityContext": {}, "serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' - spec: - replaces: prometheusoperator.0.15.0 - displayName: Prometheus - description: | - An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. - - _The Prometheus Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Monitoring applications - - Prometheus scrapes your application metrics based on targets maintained in a ServiceMonitor object. When alerts need to be sent, they are processsed by an AlertManager. - - [Read the complete guide to monitoring applications with the Prometheus Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/prometheus-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - - - **Updates via automated operations** - - - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - - - **Handles the dynamic nature of containers** - - - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator Source Code - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.22.2 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-22-2 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - '*' - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - prometheuses/finalizers - - alertmanagers/finalizers - - servicemonitors - - prometheusrules - verbs: - - '*' - - apiGroups: - - apps - resources: - - statefulsets - verbs: - - '*' - - apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - '*' - - apiGroups: - - "" - resources: - - pods - verbs: - - list - - delete - - apiGroups: - - "" - resources: - - services - - endpoints - verbs: - - get - - create - - update - - apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - list - - watch - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-22-2 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:3daa69a8c6c2f1d35dcf1fe48a7cd8b230e55f5229a1ded438f687debade5bcf - args: - - -namespace=$(K8S_NAMESPACE) - - -manage-crds=false - - -logtostderr=true - - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - - --prometheus-config-reloader=quay.io/coreos/prometheus-config-reloader:v0.22.2 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - nodeSelector: - beta.kubernetes.io/os: linux - maturity: alpha - version: 0.22.2 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:monitoring.coreos.com:v1:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: prometheusrules.monitoring.coreos.com - version: v1 - kind: PrometheusRule - displayName: Prometheus Rule - description: A Prometheus Rule configures groups of sequentially evaluated recording and alerting rules. - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Selector to select which namespaces the Endpoints objects are discovered from - displayName: Monitoring Namespaces - path: namespaceSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:namespaceSelector' - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alert Manager - description: Configures an Alert Manager for the namespace - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - packages: |- - - #! package-manifest: ./deploy/chart/catalog_resources/ocs/etcdoperator.v0.9.2.clusterserviceversion.yaml - packageName: etcd - channels: - - name: alpha - currentCSV: etcdoperator.v0.9.2 - - - #! package-manifest: ./deploy/chart/catalog_resources/ocs/prometheusoperator.0.22.2.clusterserviceversion.yaml - packageName: prometheus - channels: - - name: alpha - currentCSV: prometheusoperator.0.22.2 - - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/10-ocs.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/10-ocs.catalogsource.yaml deleted file mode 100644 index 291900dbbe..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/10-ocs.catalogsource.yaml +++ /dev/null @@ -1,16 +0,0 @@ -##--- -# Source: olm/templates/10-ocs.catalogsource.yaml - -#! validate-crd: ./deploy/chart/templates/05-catalogsource.crd.yaml -#! parse-kind: CatalogSource -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: ocs - namespace: kube-system -spec: - sourceType: internal - configMap: ocs - displayName: Open Cloud Services - publisher: Red Hat - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/12-alm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/12-alm-operator.deployment.yaml deleted file mode 100644 index 28f18bc923..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/12-alm-operator.deployment.yaml +++ /dev/null @@ -1,47 +0,0 @@ -##--- -# Source: olm/templates/12-alm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: alm-operator - namespace: kube-system - labels: - app: alm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: alm-operator - template: - metadata: - labels: - app: alm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: alm-operator - command: - - /bin/olm - image: quay.io/coreos/olm@sha256:d2e51372b3251321c38d2159e8060fe0bf2f3eeb60a4a3cd53fbee3e1cdd5756 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - env: - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: alm-operator - imagePullSecrets: - - name: coreos-pull-secret diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/13-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/13-catalog-operator.deployment.yaml deleted file mode 100644 index 5c3136a5ad..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/13-catalog-operator.deployment.yaml +++ /dev/null @@ -1,43 +0,0 @@ -##--- -# Source: olm/templates/13-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: kube-system - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - - '-namespace' - - kube-system - - '-debug' - image: quay.io/coreos/catalog@sha256:cc60359f7fdeaf71e4d989b470dd8c35c693756b5f24485b0f3df6612a730101 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - imagePullSecrets: - - name: coreos-pull-secret diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml deleted file mode 100644 index 86a0977c26..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/20-aggregated-edit.clusterrole.yaml +++ /dev/null @@ -1,14 +0,0 @@ -##--- -# Source: olm/templates/20-aggregated-edit.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/21-aggregated-view.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/21-aggregated-view.clusterrole.yaml deleted file mode 100644 index 2589e9f42b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.6.0/21-aggregated-view.clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -##--- -# Source: olm/templates/21-aggregated-view.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "view" default roles - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/00-olm-operator.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/00-olm-operator.clusterrole.yaml deleted file mode 100644 index 0f54e4854d..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/00-olm-operator.clusterrole.yaml +++ /dev/null @@ -1,12 +0,0 @@ -##--- -# Source: olm/templates/00-olm-operator.clusterrole.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/01-olm-operator.serviceaccount.yaml deleted file mode 100644 index 918e53bb60..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,7 +0,0 @@ -##--- -# Source: olm/templates/01-olm-operator.serviceaccount.yaml -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: kube-system diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/02-olm-operator.rolebinding.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/02-olm-operator.rolebinding.yaml deleted file mode 100644 index 2c04bdf9f7..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/02-olm-operator.rolebinding.yaml +++ /dev/null @@ -1,14 +0,0 @@ -##--- -# Source: olm/templates/02-olm-operator.rolebinding.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: kube-system diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/03-clusterserviceversion.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/03-clusterserviceversion.crd.yaml deleted file mode 100644 index 5a2638aa29..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/03-clusterserviceversion.crd.yaml +++ /dev/null @@ -1,465 +0,0 @@ -##--- -# Source: olm/templates/03-clusterserviceversion.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterserviceversions.operators.coreos.com - annotations: - displayName: Operator Version - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. -spec: - names: - plural: clusterserviceversions - singular: clusterserviceversion - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - shortNames: - - csv - categories: - - all - - olm - additionalPrinterColumns: - - name: Display - type: string - description: The name of the CSV - JSONPath: .spec.displayName - - name: Version - type: string - description: The version of the CSV - JSONPath: .spec.version - - name: Replaces - type: string - description: The name of a CSV that this one replaces - JSONPath: .spec.replaces - - name: Phase - type: string - JSONPath: .status.phase - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for a ClusterServiceVersion - required: - - displayName - - install - properties: - displayName: - type: string - description: Human readable name of the application that will be displayed in the ALM UI - - description: - type: string - description: Human readable description of what the application does - - keywords: - type: array - description: List of keywords which will be used to discover and categorize app types - items: - type: string - - maintainers: - type: array - description: Those responsible for the creation of this specific app type - items: - type: object - description: Information for a single maintainer - required: - - name - - email - properties: - name: - type: string - description: Maintainer's name - email: - type: string - description: Maintainer's email address - format: email - optionalProperties: - type: string - description: "Any additional key-value metadata you wish to expose about the maintainer, e.g. github: " - - links: - type: array - description: Interesting links to find more information about the project, such as marketing page, documentation, or github page - items: - type: object - description: A single link to describe one aspect of the project - required: - - name - - url - properties: - name: - type: string - description: Name of the link type, e.g. homepage or github url - url: - type: string - description: URL to which the link should point - format: uri - - icon: - type: array - description: Icon which should be rendered with the application information - required: - - base64data - - mediatype - properties: - base64data: - type: string - description: Base64 binary representation of the icon image - pattern: ^(?:[A-Za-z0-9+/]{4}){0,16250}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$ - mediatype: - type: string - description: Mediatype for the binary data specified in the base64data property - enum: - - image/gif - - image/jpeg - - image/png - - image/svg+xml - version: - type: string - description: Version string, recommended that users use semantic versioning - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - replaces: - type: string - description: Name of the ClusterServiceVersion custom resource that this version replaces - - maturity: - type: string - description: What level of maturity the software has achieved at this version - enum: - - planning - - pre-alpha - - alpha - - beta - - stable - - mature - - inactive - - deprecated - labels: - type: object - description: Labels that will be applied to associated resources created by the operator. - selector: - type: object - description: Label selector to find resources associated with or managed by the operator - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - customresourcedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the CRD - required: - - kind - - version - properties: - name: - type: string - description: If a CRD, the fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this spec is the same for all instances of the CRD and can be found here instead of on the CR. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - type: object - description: If present, the value of this action is the same for all instances of the CRD and can be found here instead of on the CR. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - - - install: - type: object - description: Information required to install this specific version of the operator software - oneOf: - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['image'] - spec: - type: object - required: - - image - properties: - image: - type: string - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['deployment'] - spec: - type: object - required: - - deployments - properties: - deployments: - type: array - description: List of deployments to create - items: - type: object - description: A name and deployment to create in the cluster - required: - - name - - spec - properties: - name: - type: string - description: the consistent name of the deployment - spec: - type: object - description: The deployment spec to create in the cluster - permissions: - type: array - description: Permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - get - - list - - watch - - create - - update - - patch - - delete - - deletecollection - status: - type: object - description: Status for a ClusterServiceVersion diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/05-catalogsource.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/05-catalogsource.crd.yaml deleted file mode 100644 index ec2bc40813..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/05-catalogsource.crd.yaml +++ /dev/null @@ -1,81 +0,0 @@ -##--- -# Source: olm/templates/05-catalogsource.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: catalogsources.operators.coreos.com - annotations: - displayName: CatalogSource - description: A source configured to find packages and updates. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: catalogsources - singular: catalogsource - kind: CatalogSource - listKind: CatalogSourceList - categories: - - all - - olm - additionalPrinterColumns: - - name: Name - type: string - description: The pretty name of the catalog - JSONPath: .spec.displayName - - name: Type - type: string - description: The type of the catalog - JSONPath: .spec.sourceType - - name: Publisher - type: string - description: The publisher of the catalog - JSONPath: .spec.publisher - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Represents a subscription to a source and channel - required: - - spec - type: object - description: Spec for a catalog source. - required: - - sourceType - properties: - sourceType: - type: string - description: The type of the source. Currently the only supported type is "internal". - enum: - - internal - - configMap: - type: string - description: The name of a ConfigMap that holds the entries for an in-memory catalog. - - displayName: - type: string - description: Pretty name for display - - publisher: - type: string - description: The name of an entity that publishes this catalog - - secrets: - type: array - description: A set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. - items: - type: string - description: A name of a secret in the namespace where the CatalogSource is defined. diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/06-installplan.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/06-installplan.crd.yaml deleted file mode 100644 index 7173b43346..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/06-installplan.crd.yaml +++ /dev/null @@ -1,78 +0,0 @@ -##--- -# Source: olm/templates/06-installplan.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: installplans.operators.coreos.com - annotations: - displayName: Install Plan - description: Represents a plan to install and resolve dependencies for Cluster Services -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: installplans - singular: installplan - kind: InstallPlan - listKind: InstallPlanList - categories: - - all - - olm - additionalPrinterColumns: - - name: CSV - type: string - description: The first CSV in the list of clusterServiceVersionNames - JSONPath: .spec.clusterServiceVersionNames[0] - - name: Source - type: string - description: The catalog source for the specified CSVs. - JSONPath: .spec.source - - name: Approval - type: string - description: The approval mode - JSONPath: .spec.approval - - name: Approved - type: boolean - JSONPath: .spec.approved - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for an InstallPlan - required: - - clusterServiceVersionNames - - approval - properties: - source: - type: string - description: Name of the preferred CatalogSource - sourceNamespace: - type: string - description: Namespace that contains the preffered CatalogSource - clusterServiceVersionNames: - type: array - description: A list of the names of the Cluster Services - items: - type: string - anyOf: - - properties: - approval: - enum: - - Manual - approved: - type: boolean - required: - - approved - - properties: - approval: - enum: - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/07-subscription.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/07-subscription.crd.yaml deleted file mode 100644 index 3eaf9572b8..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/07-subscription.crd.yaml +++ /dev/null @@ -1,72 +0,0 @@ -##--- -# Source: olm/templates/07-subscription.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.operators.coreos.com - annotations: - displayName: Subscription - description: Subcribes service catalog to a source and channel to recieve updates for packages. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: subscriptions - singular: subscription - kind: Subscription - listKind: SubscriptionList - categories: - - all - - olm - additionalPrinterColumns: - - name: Package - type: string - description: The package subscribed to - JSONPath: .spec.name - - name: Source - type: string - description: The catalog source for the specified package - JSONPath: .spec.source - - name: Channel - type: string - description: The channel of updates to subscribe to - JSONPath: .spec.channel - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for a Subscription - required: - - source - - name - properties: - source: - type: string - description: Name of a CatalogSource that defines where and how to find the channel - sourceNamespace: - type: string - description: The Kubernetes namespace where the CatalogSource used is located - name: - type: string - description: Name of the package that defines the application - channel: - type: string - description: Name of the channel to track - startingCSV: - type: string - description: Name of the AppType that this subscription tracks - installPlanApproval: - type: string - description: Approval mode for emitted InstallPlans - enum: - - Manual - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/08-rh-operators.configmap.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/08-rh-operators.configmap.yaml deleted file mode 100644 index aaa654e8b0..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/08-rh-operators.configmap.yaml +++ /dev/null @@ -1,9699 +0,0 @@ -##--- -# Source: olm/templates/08-rh-operators.configmap.yaml - -kind: ConfigMap -apiVersion: v1 -metadata: - name: rh-operators - namespace: kube-system - -data: - customResourceDefinitions: |- - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: alertmanagers.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: Alertmanager - plural: alertmanagers - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: 'Specification of the desired behavior of the Alertmanager - cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - affinity: - description: Affinity is a group of affinity scheduling rules. - properties: - nodeAffinity: - description: Node affinity is a group of node affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). - properties: - preference: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - preference - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: A node selector represents the union of the results - of one or more label queries over a set of nodes; that is, - it represents the OR of the selectors represented by the node - selector terms. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - type: array - required: - - nodeSelectorTerms - podAffinity: - description: Pod affinity is a group of inter pod affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - podAntiAffinity: - description: Pod anti affinity is a group of inter pod anti affinity - scheduling rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more - of the expressions. The node that is most preferred is the - one with the greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field - and adding "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - baseImage: - description: Base image that is used to deploy pods, without tag. - type: string - containers: - description: Containers allows injecting additional containers. This - is meant to allow adding an authentication proxy to an Alertmanager - pod. - items: - description: A single application container that you want to run within - a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be - updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The - docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: EnvVarSource represents a source for the value - of an EnvVar. - properties: - configMapKeyRef: - description: Selects a key from a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap or it's - key must be defined - type: boolean - required: - - key - fieldRef: - description: ObjectFieldSelector selects an APIVersioned - field of an object. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - resourceFieldRef: - description: ResourceFieldSelector represents container - resources (cpu, memory) and their output format - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: {} - resource: - description: 'Required: resource to select' - type: string - required: - - resource - secretKeyRef: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's - key must be defined - type: boolean - required: - - key - required: - - name - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be a - C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of - ConfigMaps - properties: - configMapRef: - description: |- - ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. - - The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: |- - SecretEnvSource selects a Secret to populate the environment variables with. - - The contents of the target Secret's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle describes actions that the management system - should take in response to container lifecycle events. For the - PostStart and PreStop lifecycle handlers, management of the - container blocks until the action is complete, unless the container - process fails, in which case the handler is aborted. - properties: - postStart: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - preStop: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - livenessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - name: - description: Name of the container specified as a DNS_LABEL. Each - container in a pod must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about the - network connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Cannot be updated. - items: - description: ContainerPort represents a network port in a single - container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod must - have a unique name. Name for the port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. Must be UDP or TCP. Defaults - to "TCP". - type: string - required: - - containerPort - type: array - readinessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - securityContext: - description: SecurityContext holds security configuration that - will be applied to a container. Some fields are present in both - SecurityContext and PodSecurityContext. When both are set, - the values in SecurityContext take precedence. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: Adds and removes POSIX capabilities from running - containers. - properties: - add: - description: Added capabilities - items: - type: string - type: array - drop: - description: Removed capabilities - items: - type: string - type: array - privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. - type: boolean - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to - the container - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - stdin: - description: Whether this container should allocate a buffer for - stdin in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default is - false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin - channel after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container - start, is empty until the first client attaches to stdin, and - then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container - is restarted. If this flag is false, a container processes that - reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s - termination message will be written is mounted into the container''s - filesystem. Message written is intended to be brief final status, - such as an assertion failure message. Will be truncated by the - node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. - File will use the contents of terminationMessagePath to populate - the container status message on both success and failure. FallbackToLogsOnError - will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. This is an alpha feature and may change - in the future. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - name - - devicePath - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationHostToContainer - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - required: - - name - - mountPath - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might be - configured in the container image. Cannot be updated. - type: string - required: - - name - type: array - externalUrl: - description: The external URL the Alertmanager instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Alertmanager is not served from root of a DNS name. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same namespace - to use for pulling prometheus and alertmanager images from registries - see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to let - you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - type: array - listenLocal: - description: ListenLocal makes the Alertmanager server listen on loopback, - so that it does not bind against the Pod IP. Note this is only for - the Alertmanager UI, not the gossip communication. - type: boolean - logLevel: - description: Log level for Alertmanager to be configured with. - type: string - nodeSelector: - description: Define which Nodes the Pods are scheduled on. - type: object - paused: - description: If set to true all actions on the underlaying managed objects - are not goint to be performed, except for delete actions. - type: boolean - podMetadata: - description: ObjectMeta is metadata that all persisted resources must - have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs to. - This is used to distinguish resources with same name and namespace - in different clusters. This field is not set anywhere right now - and apiserver is going to ignore it if set in create or update - request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to gracefully - terminate before it will be removed from the system. Only set - when deletionTimestamp is also set. May only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted from the - registry. Each entry is an identifier for the responsible component - that will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that must execute - in order before this object is visible. When the last pending - initializer is removed, and no failing result is set, the - initializers struct will be set to nil and the object is considered - as initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible for - initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that don't return - other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of - this representation of an object. Servers should convert - recognized schemas to the latest internal value, and may - reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this status, - 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional properties - that MAY be set by the server to provide additional information - about a response. The Reason field of a Status object - defines what attributes will be set. Clients must ignore - fields that do not match the defined type of each attribute, - and should assume that any attribute may be empty, invalid, - or under defined. - properties: - causes: - description: The Causes array includes more details - associated with the StatusReason failure. Not all - StatusReasons may provide detailed causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases when - multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description of the - cause of the error. This field may be presented - as-is to a reader. - type: string - reason: - description: A machine-readable description of - the cause of the error. If this value is empty - there is no information available. - type: string - type: array - group: - description: The group attribute of the resource associated - with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource associated - with the status StatusReason. On some operations may - differ from the requested resource Kind. More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource associated - with the status StatusReason (when there is a single - name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds before - the operation should be retried. Some errors may indicate - the client must take an alternate action - for those - errors this field may indicate how long to wait before - taking the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there is a - single resource which can be described). More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the status - of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various status - objects. A resource may have only one of {ObjectMeta, - ListMeta}. - properties: - continue: - description: continue may be set if the user set a limit - on the number of items returned, and indicates that - the server has more data available. The value is opaque - and may be used to issue another request to the endpoint - that served this list to retrieve the next set of - available objects. Continuing a list may not be possible - if the server configuration has changed or more than - a few minutes have passed. The resourceVersion field - returned when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s internal - version of this object that can be used by clients - to determine when objects have changed. Value must - be treated as opaque by clients and passed unmodified - back to the server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why this - operation is in the "Failure" status. If this value is - empty there is no information available. A Reason clarifies - an HTTP status code but does not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a client - to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If ALL objects - in the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this - list will point to this controller, with the controller field - set to true. There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information to let - you identify an owning object. Currently, an owning object must - be in the same namespace, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the key-value - store until this reference is removed. Defaults to false. - To set this field, a user needs "delete" permission of the - owner, otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. Populated - by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - replicas: - description: Size is the expected size of the alertmanager cluster. - The controller will eventually make the size of the running cluster - equal to the expected size. - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - routePrefix: - description: The route prefix Alertmanager registers HTTP handlers for. - This is useful, if using ExternalURL and a proxy is rewriting HTTP - routes of a request, and the actual ExternalURL is still true, but - the server serves requests under a different route prefix. For example - for use with `kubectl proxy`. - type: string - secrets: - description: Secrets is a list of Secrets in the same namespace as the - Alertmanager object, which shall be mounted into the Alertmanager - Pods. The Secrets are mounted into /etc/alertmanager/secrets/. - items: - type: string - type: array - securityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in container.securityContext. Field - values of container.securityContext take precedence over field values - of PodSecurityContext. - properties: - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - format: int64 - type: integer - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to the - container - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - supplementalGroups: - description: A list of groups applied to the first process run in - each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: array - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to - use to run the Prometheus Pods. - type: string - storage: - description: StorageSpec defines the configured storage for a group - Prometheus servers. - properties: - class: - description: 'Name of the StorageClass to use when requesting storage - provisioning. More info: https://kubernetes.io/docs/user-guide/persistent-volumes/#storageclasses - DEPRECATED' - type: string - emptyDir: - description: Represents an empty directory for a pod. Empty directory - volumes support ownership management and SELinux relabeling. - properties: - medium: - description: 'What type of storage medium should back this directory. - The default is "" which means to use the node''s default medium. - Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: {} - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - volumeClaimTemplate: - description: PersistentVolumeClaim is a user's request for and claim - to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - description: ObjectMeta is metadata that all persisted resources - must have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs - to. This is used to distinguish resources with same name - and namespace in different clusters. This field is not - set anywhere right now and apiserver is going to ignore - it if set in create or update request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to - gracefully terminate before it will be removed from the - system. Only set when deletionTimestamp is also set. May - only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted - from the registry. Each entry is an identifier for the - responsible component that will remove the entry from - the list. If the deletionTimestamp of the object is non-nil, - entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that - must execute in order before this object is visible. - When the last pending initializer is removed, and - no failing result is set, the initializers struct - will be set to nil and the object is considered as - initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible - for initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that - don't return other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal - value, and may reject unrecognized values. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this - status, 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional - properties that MAY be set by the server to provide - additional information about a response. The Reason - field of a Status object defines what attributes - will be set. Clients must ignore fields that do - not match the defined type of each attribute, - and should assume that any attribute may be empty, - invalid, or under defined. - properties: - causes: - description: The Causes array includes more - details associated with the StatusReason failure. - Not all StatusReasons may provide detailed - causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases - when multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description - of the cause of the error. This field - may be presented as-is to a reader. - type: string - reason: - description: A machine-readable description - of the cause of the error. If this value - is empty there is no information available. - type: string - type: array - group: - description: The group attribute of the resource - associated with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource - associated with the status StatusReason. On - some operations may differ from the requested - resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource - associated with the status StatusReason (when - there is a single name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds - before the operation should be retried. Some - errors may indicate the client must take an - alternate action - for those errors this field - may indicate how long to wait before taking - the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there - is a single resource which can be described). - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing - the REST resource this object represents. Servers - may infer this from the endpoint the client submits - requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the - status of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various - status objects. A resource may have only one of - {ObjectMeta, ListMeta}. - properties: - continue: - description: continue may be set if the user - set a limit on the number of items returned, - and indicates that the server has more data - available. The value is opaque and may be - used to issue another request to the endpoint - that served this list to retrieve the next - set of available objects. Continuing a list - may not be possible if the server configuration - has changed or more than a few minutes have - passed. The resourceVersion field returned - when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s - internal version of this object that can be - used by clients to determine when objects - have changed. Value must be treated as opaque - by clients and passed unmodified back to the - server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing - this object. Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why - this operation is in the "Failure" status. If - this value is empty there is no information available. - A Reason clarifies an HTTP status code but does - not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is - required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If - ALL objects in the list have been deleted, this object - will be garbage collected. If this object is managed by - a controller, then an entry in this list will point to - this controller, with the controller field set to true. - There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. Currently, an - owning object must be in the same namespace, so there - is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from - the key-value store until this reference is removed. - Defaults to false. To set this field, a user needs - "delete" permission of the owner, otherwise 422 - (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the - managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - spec: - description: PersistentVolumeClaimSpec describes the common - attributes of storage devices and allows a Source for provider-specific - attributes - properties: - accessModes: - description: 'AccessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - resources: - description: ResourceRequirements describes the compute - resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set - of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - storageClassName: - description: 'Name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not - included in claim spec. This is an alpha feature and may - change in the future. - type: string - volumeName: - description: VolumeName is the binding reference to the - PersistentVolume backing this claim. - type: string - status: - description: PersistentVolumeClaimStatus is the current status - of a persistent volume claim. - properties: - accessModes: - description: 'AccessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - capacity: - description: Represents the actual resources of the underlying - volume. - type: object - conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails details - about state of pvc - properties: - lastProbeTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - lastTransitionTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - message: - description: Human-readable message indicating details - about last transition. - type: string - reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is being - resized. - type: string - status: - type: string - type: - type: string - required: - - type - - status - type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string - tag: - description: Tag of Alertmanager container image to be deployed. Defaults - to the value of `version`. - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: array - version: - description: Version the cluster should be on. - type: string - status: - description: 'Most recent observed status of the Alertmanager cluster. Read-only. - Not included when requesting from the apiserver, only from the Prometheus - Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this Alertmanager cluster. - format: int32 - type: integer - paused: - description: Represents whether any actions on the underlaying managed - objects are being performed. Only delete actions will be performed. - type: boolean - replicas: - description: Total number of non-terminated pods targeted by this Alertmanager - cluster (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: Total number of unavailable pods targeted by this Alertmanager - cluster. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted by this Alertmanager - cluster that have the desired version spec. - format: int32 - type: integer - required: - - paused - - replicas - - updatedReplicas - - availableReplicas - - unavailableReplicas - version: v1 - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkas.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: Kafka - listKind: KafkaList - singular: kafka - plural: kafkas - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - kafka: - type: object - properties: - replicas: - type: integer - minimum: 1 - image: - type: string - storage: - type: object - properties: - class: - type: string - deleteClaim: - type: boolean - selector: - type: object - size: - type: string - type: - type: string - listeners: - type: object - properties: - plain: - type: object - properties: {} - tls: - type: object - properties: - authentication: - type: object - properties: - type: - type: string - authorization: - type: object - properties: - superUsers: - type: array - items: - type: string - type: - type: string - config: - type: object - rack: - type: object - properties: - topologyKey: - type: string - example: failure-domain.beta.kubernetes.io/zone - required: - - topologyKey - brokerRackInitImage: - type: string - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - metrics: - type: object - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - required: - - replicas - - storage - - listeners - zookeeper: - type: object - properties: - replicas: - type: integer - minimum: 1 - image: - type: string - storage: - type: object - properties: - class: - type: string - deleteClaim: - type: boolean - selector: - type: object - size: - type: string - type: - type: string - config: - type: object - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - metrics: - type: object - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - required: - - replicas - - storage - topicOperator: - type: object - properties: - watchedNamespace: - type: string - image: - type: string - reconciliationIntervalSeconds: - type: integer - minimum: 0 - zookeeperSessionTimeoutSeconds: - type: integer - minimum: 0 - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - topicMetadataMaxAttempts: - type: integer - minimum: 0 - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - entityOperator: - type: object - properties: - topicOperator: - type: object - properties: - watchedNamespace: - type: string - image: - type: string - reconciliationIntervalSeconds: - type: integer - minimum: 0 - zookeeperSessionTimeoutSeconds: - type: integer - minimum: 0 - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - topicMetadataMaxAttempts: - type: integer - minimum: 0 - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - userOperator: - type: object - properties: - watchedNamespace: - type: string - image: - type: string - reconciliationIntervalSeconds: - type: integer - minimum: 0 - zookeeperSessionTimeoutSeconds: - type: integer - minimum: 0 - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - required: - - kafka - - zookeeper - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkaconnects.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaConnect - listKind: KafkaConnectList - singular: kafkaconnect - plural: kafkaconnects - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - replicas: - type: integer - image: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - metrics: - type: object - authentication: - type: object - properties: - certificateAndKey: - type: object - properties: - certificate: - type: string - key: - type: string - secretName: - type: string - required: - - certificate - - key - - secretName - type: - type: string - required: - - certificateAndKey - bootstrapServers: - type: string - config: - type: object - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - tls: - type: object - properties: - trustedCertificates: - type: array - items: - type: object - properties: - certificate: - type: string - secretName: - type: string - required: - - certificate - - secretName - required: - - trustedCertificates - required: - - bootstrapServers - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkaconnects2is.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaConnectS2I - listKind: KafkaConnectS2IList - singular: kafkaconnects2i - plural: kafkaconnects2is - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - replicas: - type: integer - image: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - metrics: - type: object - authentication: - type: object - properties: - certificateAndKey: - type: object - properties: - certificate: - type: string - key: - type: string - secretName: - type: string - required: - - certificate - - key - - secretName - type: - type: string - required: - - certificateAndKey - bootstrapServers: - type: string - config: - type: object - insecureSourceRepository: - type: boolean - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - tls: - type: object - properties: - trustedCertificates: - type: array - items: - type: object - properties: - certificate: - type: string - secretName: - type: string - required: - - certificate - - secretName - required: - - trustedCertificates - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - required: - - bootstrapServers - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkatopics.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaTopic - listKind: KafkaTopicList - singular: kafkatopic - plural: kafkatopics - shortNames: - - kt - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - partitions: - type: integer - minimum: 1 - replicas: - type: integer - minimum: 1 - maximum: 32767 - config: - type: object - topicName: - type: string - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkausers.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaUser - listKind: KafkaUserList - singular: kafkauser - plural: kafkausers - shortNames: - - ku - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - authentication: - type: object - properties: - type: - type: string - authorization: - type: object - properties: - acls: - type: array - items: - type: object - properties: - host: - type: string - operation: - type: string - enum: - - Read - - Write - - Create - - Delete - - Alter - - Describe - - ClusterAction - - AlterConfigs - - DescribeConfigs - - IdempotentWrite - - All - resource: - type: object - properties: - name: - type: string - patternType: - type: string - enum: - - literal - - prefix - type: - type: string - type: - type: string - enum: - - allow - - deny - required: - - operation - - resource - type: - type: string - required: - - acls - required: - - authentication - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdbackups.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - kind: EtcdBackup - listKind: EtcdBackupList - plural: etcdbackups - singular: etcdbackup - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdclusters.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - plural: etcdclusters - singular: etcdcluster - kind: EtcdCluster - listKind: EtcdClusterList - shortNames: - - etcdclus - - etcd - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdrestores.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - kind: EtcdRestore - listKind: EtcdRestoreList - plural: etcdrestores - singular: etcdrestore - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: prometheuses.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: Prometheus - plural: prometheuses - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: 'Specification of the desired behavior of the Prometheus cluster. - More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - additionalAlertManagerConfigs: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must be defined - type: boolean - required: - - key - additionalScrapeConfigs: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must be defined - type: boolean - required: - - key - affinity: - description: Affinity is a group of affinity scheduling rules. - properties: - nodeAffinity: - description: Node affinity is a group of node affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). - properties: - preference: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - preference - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: A node selector represents the union of the results - of one or more label queries over a set of nodes; that is, - it represents the OR of the selectors represented by the node - selector terms. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - type: array - required: - - nodeSelectorTerms - podAffinity: - description: Pod affinity is a group of inter pod affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - podAntiAffinity: - description: Pod anti affinity is a group of inter pod anti affinity - scheduling rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more - of the expressions. The node that is most preferred is the - one with the greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field - and adding "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - alerting: - description: AlertingSpec defines parameters for alerting configuration - of Prometheus servers. - properties: - alertmanagers: - description: AlertmanagerEndpoints Prometheus should fire alerts - against. - items: - description: AlertmanagerEndpoints defines a selection of a single - Endpoints object containing alertmanager IPs to fire alerts - against. - properties: - bearerTokenFile: - description: BearerTokenFile to read from filesystem to use - when authenticating to Alertmanager. - type: string - name: - description: Name of Endpoints object in Namespace. - type: string - namespace: - description: Namespace of Endpoints object. - type: string - pathPrefix: - description: Prefix for the HTTP path alerts are pushed to. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use when firing alerts. - type: string - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - required: - - namespace - - name - - port - type: array - required: - - alertmanagers - baseImage: - description: Base image to use for a Prometheus deployment. - type: string - containers: - description: Containers allows injecting additional containers. This - is meant to allow adding an authentication proxy to a Prometheus pod. - items: - description: A single application container that you want to run within - a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be - updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The - docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: EnvVarSource represents a source for the value - of an EnvVar. - properties: - configMapKeyRef: - description: Selects a key from a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap or it's - key must be defined - type: boolean - required: - - key - fieldRef: - description: ObjectFieldSelector selects an APIVersioned - field of an object. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - resourceFieldRef: - description: ResourceFieldSelector represents container - resources (cpu, memory) and their output format - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: {} - resource: - description: 'Required: resource to select' - type: string - required: - - resource - secretKeyRef: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's - key must be defined - type: boolean - required: - - key - required: - - name - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be a - C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of - ConfigMaps - properties: - configMapRef: - description: |- - ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. - The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: |- - SecretEnvSource selects a Secret to populate the environment variables with. - The contents of the target Secret's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle describes actions that the management system - should take in response to container lifecycle events. For the - PostStart and PreStop lifecycle handlers, management of the - container blocks until the action is complete, unless the container - process fails, in which case the handler is aborted. - properties: - postStart: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - preStop: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - livenessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - name: - description: Name of the container specified as a DNS_LABEL. Each - container in a pod must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about the - network connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Cannot be updated. - items: - description: ContainerPort represents a network port in a single - container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod must - have a unique name. Name for the port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. Must be UDP or TCP. Defaults - to "TCP". - type: string - required: - - containerPort - type: array - readinessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - securityContext: - description: SecurityContext holds security configuration that - will be applied to a container. Some fields are present in both - SecurityContext and PodSecurityContext. When both are set, - the values in SecurityContext take precedence. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: Adds and removes POSIX capabilities from running - containers. - properties: - add: - description: Added capabilities - items: - type: string - type: array - drop: - description: Removed capabilities - items: - type: string - type: array - privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. - type: boolean - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to - the container - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - stdin: - description: Whether this container should allocate a buffer for - stdin in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default is - false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin - channel after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container - start, is empty until the first client attaches to stdin, and - then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container - is restarted. If this flag is false, a container processes that - reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s - termination message will be written is mounted into the container''s - filesystem. Message written is intended to be brief final status, - such as an assertion failure message. Will be truncated by the - node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. - File will use the contents of terminationMessagePath to populate - the container status message on both success and failure. FallbackToLogsOnError - will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. This is an alpha feature and may change - in the future. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - name - - devicePath - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationHostToContainer - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - required: - - name - - mountPath - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might be - configured in the container image. Cannot be updated. - type: string - required: - - name - type: array - evaluationInterval: - description: Interval between consecutive evaluations. - type: string - externalLabels: - description: The labels to add to any time series or alerts when communicating - with external systems (federation, remote storage, Alertmanager). - type: object - externalUrl: - description: The external URL the Prometheus instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Prometheus is not served from root of a DNS name. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same namespace - to use for pulling prometheus and alertmanager images from registries - see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to let - you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - type: array - listenLocal: - description: ListenLocal makes the Prometheus server listen on loopback, - so that it does not bind against the Pod IP. - type: boolean - logLevel: - description: Log level for Prometheus to be configured with. - type: string - nodeSelector: - description: Define which Nodes the Pods are scheduled on. - type: object - paused: - description: When a Prometheus deployment is paused, no actions except - for deletion will be performed on the underlying objects. - type: boolean - podMetadata: - description: ObjectMeta is metadata that all persisted resources must - have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs to. - This is used to distinguish resources with same name and namespace - in different clusters. This field is not set anywhere right now - and apiserver is going to ignore it if set in create or update - request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to gracefully - terminate before it will be removed from the system. Only set - when deletionTimestamp is also set. May only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted from the - registry. Each entry is an identifier for the responsible component - that will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that must execute - in order before this object is visible. When the last pending - initializer is removed, and no failing result is set, the - initializers struct will be set to nil and the object is considered - as initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible for - initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that don't return - other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of - this representation of an object. Servers should convert - recognized schemas to the latest internal value, and may - reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this status, - 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional properties - that MAY be set by the server to provide additional information - about a response. The Reason field of a Status object - defines what attributes will be set. Clients must ignore - fields that do not match the defined type of each attribute, - and should assume that any attribute may be empty, invalid, - or under defined. - properties: - causes: - description: The Causes array includes more details - associated with the StatusReason failure. Not all - StatusReasons may provide detailed causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases when - multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description of the - cause of the error. This field may be presented - as-is to a reader. - type: string - reason: - description: A machine-readable description of - the cause of the error. If this value is empty - there is no information available. - type: string - type: array - group: - description: The group attribute of the resource associated - with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource associated - with the status StatusReason. On some operations may - differ from the requested resource Kind. More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource associated - with the status StatusReason (when there is a single - name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds before - the operation should be retried. Some errors may indicate - the client must take an alternate action - for those - errors this field may indicate how long to wait before - taking the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there is a - single resource which can be described). More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the status - of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various status - objects. A resource may have only one of {ObjectMeta, - ListMeta}. - properties: - continue: - description: continue may be set if the user set a limit - on the number of items returned, and indicates that - the server has more data available. The value is opaque - and may be used to issue another request to the endpoint - that served this list to retrieve the next set of - available objects. Continuing a list may not be possible - if the server configuration has changed or more than - a few minutes have passed. The resourceVersion field - returned when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s internal - version of this object that can be used by clients - to determine when objects have changed. Value must - be treated as opaque by clients and passed unmodified - back to the server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why this - operation is in the "Failure" status. If this value is - empty there is no information available. A Reason clarifies - an HTTP status code but does not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a client - to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If ALL objects - in the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this - list will point to this controller, with the controller field - set to true. There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information to let - you identify an owning object. Currently, an owning object must - be in the same namespace, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the key-value - store until this reference is removed. Defaults to false. - To set this field, a user needs "delete" permission of the - owner, otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. Populated - by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - remoteRead: - description: If specified, the remote_read spec. This is an experimental - feature, it may change in any upcoming release in a breaking way. - items: - description: RemoteReadSpec defines the remote_read configuration - for prometheus. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - username: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bearerToken: - description: bearer token for remote read. - type: string - bearerTokenFile: - description: File to read bearer token for remote read. - type: string - proxyUrl: - description: Optional ProxyURL - type: string - readRecent: - description: Whether reads should be made for queries for time - ranges that the local storage should have complete data for. - type: boolean - remoteTimeout: - description: Timeout for requests to the remote read endpoint. - type: string - requiredMatchers: - description: An optional list of equality matchers which have - to be present in a selector to query the remote read endpoint. - type: object - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - url: - description: The URL of the endpoint to send samples to. - type: string - required: - - url - type: array - remoteWrite: - description: If specified, the remote_write spec. This is an experimental - feature, it may change in any upcoming release in a breaking way. - items: - description: RemoteWriteSpec defines the remote_write configuration - for prometheus. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - username: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bearerToken: - description: File to read bearer token for remote write. - type: string - bearerTokenFile: - description: File to read bearer token for remote write. - type: string - proxyUrl: - description: Optional ProxyURL - type: string - queueConfig: - description: QueueConfig allows the tuning of remote_write queue_config - parameters. This object is referenced in the RemoteWriteSpec - object. - properties: - batchSendDeadline: - description: BatchSendDeadline is the maximum time a sample - will wait in buffer. - type: string - capacity: - description: Capacity is the number of samples to buffer per - shard before we start dropping them. - format: int32 - type: integer - maxBackoff: - description: MaxBackoff is the maximum retry delay. - type: string - maxRetries: - description: MaxRetries is the maximum number of times to - retry a batch on recoverable errors. - format: int32 - type: integer - maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number of samples - per send. - format: int32 - type: integer - maxShards: - description: MaxShards is the maximum number of shards, i.e. - amount of concurrency. - format: int32 - type: integer - minBackoff: - description: MinBackoff is the initial retry delay. Gets doubled - for every retry. - type: string - remoteTimeout: - description: Timeout for requests to the remote write endpoint. - type: string - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - url: - description: The URL of the endpoint to send samples to. - type: string - writeRelabelConfigs: - description: The list of remote write relabel configurations. - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It defines - ``-section of Prometheus configuration. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - description: Action to perform based on regex matching. - Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label - values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. defailt is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular expression - for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: array - required: - - url - type: array - replicas: - description: Number of instances to deploy for a Prometheus deployment. - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - retention: - description: Time duration Prometheus shall retain data for. - type: string - routePrefix: - description: The route prefix Prometheus registers HTTP handlers for. - This is useful, if using ExternalURL and a proxy is rewriting HTTP - routes of a request, and the actual ExternalURL is still true, but - the server serves requests under a different route prefix. For example - for use with `kubectl proxy`. - type: string - ruleNamespaceSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - ruleSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - scrapeInterval: - description: Interval between consecutive scrapes. - type: string - secrets: - description: Secrets is a list of Secrets in the same namespace as the - Prometheus object, which shall be mounted into the Prometheus Pods. - The Secrets are mounted into /etc/prometheus/secrets/. - Secrets changes after initial creation of a Prometheus object are - not reflected in the running Pods. To change the secrets mounted into - the Prometheus Pods, the object must be deleted and recreated with - the new list of secrets. - items: - type: string - type: array - securityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in container.securityContext. Field - values of container.securityContext take precedence over field values - of PodSecurityContext. - properties: - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. - format: int64 - type: integer - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to the - container - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - supplementalGroups: - description: A list of groups applied to the first process run in - each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: array - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to - use to run the Prometheus Pods. - type: string - serviceMonitorNamespaceSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - serviceMonitorSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - storage: - description: StorageSpec defines the configured storage for a group - Prometheus servers. - properties: - class: - description: 'Name of the StorageClass to use when requesting storage - provisioning. More info: https://kubernetes.io/docs/user-guide/persistent-volumes/#storageclasses - DEPRECATED' - type: string - emptyDir: - description: Represents an empty directory for a pod. Empty directory - volumes support ownership management and SELinux relabeling. - properties: - medium: - description: 'What type of storage medium should back this directory. - The default is "" which means to use the node''s default medium. - Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: {} - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - volumeClaimTemplate: - description: PersistentVolumeClaim is a user's request for and claim - to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - description: ObjectMeta is metadata that all persisted resources - must have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs - to. This is used to distinguish resources with same name - and namespace in different clusters. This field is not - set anywhere right now and apiserver is going to ignore - it if set in create or update request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to - gracefully terminate before it will be removed from the - system. Only set when deletionTimestamp is also set. May - only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted - from the registry. Each entry is an identifier for the - responsible component that will remove the entry from - the list. If the deletionTimestamp of the object is non-nil, - entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that - must execute in order before this object is visible. - When the last pending initializer is removed, and - no failing result is set, the initializers struct - will be set to nil and the object is considered as - initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible - for initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that - don't return other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal - value, and may reject unrecognized values. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this - status, 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional - properties that MAY be set by the server to provide - additional information about a response. The Reason - field of a Status object defines what attributes - will be set. Clients must ignore fields that do - not match the defined type of each attribute, - and should assume that any attribute may be empty, - invalid, or under defined. - properties: - causes: - description: The Causes array includes more - details associated with the StatusReason failure. - Not all StatusReasons may provide detailed - causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases - when multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description - of the cause of the error. This field - may be presented as-is to a reader. - type: string - reason: - description: A machine-readable description - of the cause of the error. If this value - is empty there is no information available. - type: string - type: array - group: - description: The group attribute of the resource - associated with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource - associated with the status StatusReason. On - some operations may differ from the requested - resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource - associated with the status StatusReason (when - there is a single name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds - before the operation should be retried. Some - errors may indicate the client must take an - alternate action - for those errors this field - may indicate how long to wait before taking - the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there - is a single resource which can be described). - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing - the REST resource this object represents. Servers - may infer this from the endpoint the client submits - requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the - status of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various - status objects. A resource may have only one of - {ObjectMeta, ListMeta}. - properties: - continue: - description: continue may be set if the user - set a limit on the number of items returned, - and indicates that the server has more data - available. The value is opaque and may be - used to issue another request to the endpoint - that served this list to retrieve the next - set of available objects. Continuing a list - may not be possible if the server configuration - has changed or more than a few minutes have - passed. The resourceVersion field returned - when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s - internal version of this object that can be - used by clients to determine when objects - have changed. Value must be treated as opaque - by clients and passed unmodified back to the - server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing - this object. Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why - this operation is in the "Failure" status. If - this value is empty there is no information available. - A Reason clarifies an HTTP status code but does - not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is - required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If - ALL objects in the list have been deleted, this object - will be garbage collected. If this object is managed by - a controller, then an entry in this list will point to - this controller, with the controller field set to true. - There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. Currently, an - owning object must be in the same namespace, so there - is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from - the key-value store until this reference is removed. - Defaults to false. To set this field, a user needs - "delete" permission of the owner, otherwise 422 - (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the - managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - spec: - description: PersistentVolumeClaimSpec describes the common - attributes of storage devices and allows a Source for provider-specific - attributes - properties: - accessModes: - description: 'AccessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - resources: - description: ResourceRequirements describes the compute - resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set - of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - storageClassName: - description: 'Name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not - included in claim spec. This is an alpha feature and may - change in the future. - type: string - volumeName: - description: VolumeName is the binding reference to the - PersistentVolume backing this claim. - type: string - status: - description: PersistentVolumeClaimStatus is the current status - of a persistent volume claim. - properties: - accessModes: - description: 'AccessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - capacity: - description: Represents the actual resources of the underlying - volume. - type: object - conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails details - about state of pvc - properties: - lastProbeTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - lastTransitionTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - message: - description: Human-readable message indicating details - about last transition. - type: string - reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is being - resized. - type: string - status: - type: string - type: - type: string - required: - - type - - status - type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string - tag: - description: Tag of Prometheus container image to be deployed. Defaults - to the value of `version`. - type: string - thanos: - description: ThanosSpec defines parameters for a Prometheus server within - a Thanos deployment. - properties: - baseImage: - description: Thanos base image if other than default. - type: string - gcs: - description: ThanosGCSSpec defines parameters for use of Google - Cloud Storage (GCS) with Thanos. - properties: - bucket: - description: Google Cloud Storage bucket name for stored blocks. - If empty it won't store any block inside Google Cloud Storage. - type: string - peers: - description: Peers is a DNS name for Thanos to discover peers through. - type: string - s3: - description: ThanosSpec defines parameters for of AWS Simple Storage - Service (S3) with Thanos. (S3 compatible services apply as well) - properties: - accessKey: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bucket: - description: S3-Compatible API bucket name for stored blocks. - type: string - endpoint: - description: S3-Compatible API endpoint for stored blocks. - type: string - insecure: - description: Whether to use an insecure connection with an S3-Compatible - API. - type: boolean - secretKey: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - signatureVersion2: - description: Whether to use S3 Signature Version 2; otherwise - Signature Version 4 will be used. - type: boolean - tag: - description: Tag of Thanos sidecar container image to be deployed. - Defaults to the value of `version`. - type: string - version: - description: Version describes the version of Thanos to use. - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: array - version: - description: Version of Prometheus to be deployed. - type: string - status: - description: 'Most recent observed status of the Prometheus cluster. Read-only. - Not included when requesting from the apiserver, only from the Prometheus - Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this Prometheus deployment. - format: int32 - type: integer - paused: - description: Represents whether any actions on the underlaying managed - objects are being performed. Only delete actions will be performed. - type: boolean - replicas: - description: Total number of non-terminated pods targeted by this Prometheus - deployment (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: Total number of unavailable pods targeted by this Prometheus - deployment. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted by this Prometheus - deployment that have the desired version spec. - format: int32 - type: integer - required: - - paused - - replicas - - updatedReplicas - - availableReplicas - - unavailableReplicas - version: v1 - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: prometheusrules.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: PrometheusRule - plural: prometheusrules - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: PrometheusRuleSpec contains specification parameters for a - Rule. - properties: - groups: - description: Content of Prometheus rule file - items: - description: RuleGroup is a list of sequentially evaluated recording - and alerting rules. - properties: - interval: - type: string - name: - type: string - rules: - items: - description: Rule describes an alerting or recording rule. - properties: - alert: - type: string - annotations: - type: object - expr: - type: string - for: - type: string - labels: - type: object - record: - type: string - required: - - expr - type: array - required: - - name - - rules - type: array - version: v1 - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: servicemonitors.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: ServiceMonitor - plural: servicemonitors - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: ServiceMonitorSpec contains specification parameters for a - ServiceMonitor. - properties: - endpoints: - description: A list of endpoints allowed as part of this ServiceMonitor. - items: - description: Endpoint defines a scrapeable endpoint serving Prometheus - metrics. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - username: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bearerTokenFile: - description: File to read bearer token for scraping targets. - type: string - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - interval: - description: Interval at which metrics should be scraped - type: string - metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It defines - ``-section of Prometheus configuration. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - description: Action to perform based on regex matching. - Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label - values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. defailt is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular expression - for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: array - params: - description: Optional HTTP URL parameters - type: object - path: - description: HTTP path to scrape for metrics. - type: string - port: - description: Name of the service port this endpoint refers to. - Mutually exclusive with targetPort. - type: string - proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. - type: string - scheme: - description: HTTP scheme to use for scraping. - type: string - scrapeTimeout: - description: Timeout after which the scrape is ended - type: string - targetPort: - anyOf: - - type: string - - type: integer - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: array - jobLabel: - description: The label to use to retrieve the job name from. - type: string - namespaceSelector: - description: A selector for selecting namespaces either selecting all - namespaces or a list of namespaces. - properties: - any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. - type: boolean - matchNames: - description: List of namespace names. - items: - type: string - type: array - selector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - targetLabels: - description: TargetLabels transfers labels on the Kubernetes Service - onto the target. - items: - type: string - type: array - required: - - endpoints - - selector - version: v1 - - clusterServiceVersions: |- - - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: amqstreams.v1.0.0.beta - namespace: placeholder - annotations: - alm-examples: '[{"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"Kafka","metadata":{"name":"my-cluster"},"spec":{"kafka":{"replicas":3,"listeners":{"plain":{},"tls":{}},"config":{"offsets.topic.replication.factor":3,"transaction.state.log.replication.factor":3,"transaction.state.log.min.isr":2},"storage":{"type":"ephemeral"}},"zookeeper":{"replicas":3,"storage":{"type":"ephemeral"}},"entityOperator":{"topicOperator":{},"userOperator":{}}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaConnect","metadata":{"name":"my-connect-cluster"},"spec":{"replicas":1,"bootstrapServers":"my-cluster-kafka-bootstrap:9093","tls":{"trustedCertificates":[{"secretName":"my-cluster-cluster-ca-cert","certificate":"ca.crt"}]}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaConnectS2I","metadata":{"name":"my-connect-cluster"},"spec":{"replicas":1,"bootstrapServers":"my-cluster-kafka-bootstrap:9093","tls":{"trustedCertificates":[{"secretName":"my-cluster-cluster-ca-cert","certificate":"ca.crt"}]}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaTopic","metadata":{"name":"my-topic","labels":{"strimzi.io/cluster":"my-cluster"}},"spec":{"partitions":10,"replicas":3,"config":{"retention.ms":604800000,"segment.bytes":1073741824}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaUser","metadata":{"name":"my-user","labels":{"strimzi.io/cluster":"my-cluster"}},"spec":{"authentication":{"type":"tls"},"authorization":{"type":"simple","acls":[{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Read","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Describe","host":"*"},{"resource":{"type":"group","name":"my-group","patternType":"literal"},"operation":"Read","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Write","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Create","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Describe","host":"*"}]}}}]' - spec: - displayName: AMQ Streams - description: | - **Red Hat AMQ Streams** is a massively scalable, distributed, and high performance data streaming platform based on the Apache Kafka project. - AMQ Streams provides an event streaming backbone that allows microservices and other application components to exchange data with extremely high throughput and low latency. - - **The core capabilities include** - * A pub/sub messaging model, similar to a traditional enterprise messaging system, in which application components publish and consume events to/from an ordered stream - * The long term, fault-tolerant storage of events - * The ability for a consumer to replay streams of events - * The ability to partition topics for horizontal scalability - - # Before you start - - 1\. Create AMQ Streams Cluster Roles - ``` - $ oc apply -f http://amq.io/amqstreams/rbac.yaml - ``` - 2\. Create following bindings - ``` - $ oc adm policy add-cluster-role-to-user strimzi-cluster-operator -z strimzi-cluster-operator --namespace - $ oc adm policy add-cluster-role-to-user strimzi-kafka-broker -z strimzi-cluster-operator --namespace - ``` - keywords: ['amq', 'streams', 'messaging', 'kafka', 'streaming'] - version: 1.0.0-Beta - maturity: beta - maintainers: - - name: Red Hat, Inc. - email: customerservice@redhat.com - provider: - name: Red Hat, Inc. - links: - - name: Product Page - url: https://access.redhat.com/products/red-hat-amq-streams - - name: Documentation - url: https://access.redhat.com/documentation/en-us/red_hat_amq_streams/1.0-beta/html-single/using_amq_streams/ - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAlywAAJcsBGkdkZgAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7d13nBx3ff/x13d29/aK6kmyyjXJlnVqLpJV3ABL2GAnuIANJAZDjGkmIWCn0H4ktCTEgfwI5AeEOPyMSRwTmktiwJIlGVu2ZEkWtnxFXbrbu1M9lWtb55s/7k7tdu+2zMx3y+f5ePDgbnZn5i1Zn8/07yhEQWuvpWLAx+yETb22qFM2FwHVKKYA1RqqFVQD5UAQqByatRyoGPp5AAgP/dwHRIEBBd02dCtFNzbdQLe2OKxs2i0fbZVxDtaFGPDsDyscp0wHEGPbehWBiqNc6oNFGhYDC4E5KOrRTDMc7zDQBhwAmhQ0KYs3Og+wZxXEzUYTY5EGkGd2zyUYi7PEslmpFSvRXAbMA8pMZ8tQFEUrmh0KXlE2m+IT+d2iJqKmg4mzpAEYtnsG02IBVqO4RmlWoljC4K56MQoDr6LYrDQv6QTrF3Rw3HSoUiYNwGPrwT+jniuAW4F3AEsAy2wqY2xgu4K1NqytsHhxzoEz5yKEB6QBeGDPJVwUi3GH1tyhFDdw9uSbOF8fsEErfumL8WRjJ8dMByp20gBcsmMWdX4/tzC4pb8Z8BuOVGgSwCYFP1U2P2sM0WE6UDGSBuCgvRczMRrnvcAfAVcjf79OsTW8hOKRQICfXrqH06YDFQv5B5ojDdaueq614R7gfUCV6UxFLgw8Dfx4fhvPqME9BZElaQBZ2nMJF0XjfEzZfBhFvek8JeqA0jzsi/GDSw9x1HSYQiQNIENNs7nSsrmfwS2+nMzLDxEF/4XNN+aHeN10mEIiDSANGqzWBu5A8yngzabziFGtU5pvN7bztBq8zChGIQ1gFBqsnfXcacOXFSwwnUdkpFnD3y9o4z/kPEFq0gCSGC58DV8FGk3nETnZB/z9oTZ+KM8mjCQN4BwarNZ67tHwRQWXmM4jHKTYpTRfbWzjMTk0OEsawJCmet7qg29ouNJ0FuGqV5Xiz+cfZL3pIPmg5BvAztnMt22+ArzbdBbhqbVa88DCdt4wHcSkkm0Au2cwLV7GV4H7kNt0S1UMzQ9szV8tCtFtOowJJdcANKiWeu5Rim/kwWAaIj90A5+b38a/KtCmw3ippBpAUy1zLYvvATeaziLy0m99io/PO0iL6SBeKYkGsPUqApVHeVDBlynewTaEM2IK/tFXxl9fuoeI6TBuK/oG0FLPVRp+LDfyiAy9Yfl4f+N+XjMdxE1FOxKNBl9zPZ8BXpLiF1lYbCfY0lLPlzT4TIdxS1HuAbTMZjY2P0Lu2xfOeNm2+cCiEHtMB3Fa0e0BNDdwHzY7kOIXzrnGstjWXM8HTAdxWtHsAeyfTXkkwT9rxX2ms4jipeDHvXE+vqyTftNZnFAUDaCplrmWj5+judx0FlEStvvgrnlt7DMdJFcFfwjQUs87LItXpPiFh5YkYHtzA+80HSRXBdsANFgt9fwd8BQw2XQeUXImKM3PWur5si7gPemCDP7adKoCQf5Dwe2mswiB5hd9Ce4pxPMCBdcAmhuYqTRPActMZxHiDMXmuMXtl+3nsOkomSioBtBcx2Kl+G+gwXQWIZLYb8M7FrXRbDpIugrmHEBLHW9Xio1I8Yv8NccHG1sbWG06SLoKogE01/FeFE8DE0xnEWI0GiZpza9a67nLdJZ05H0DaK3n/Urx70DAdBYh0lSm4fHWOu41HWQsed0AWuu4X8OPkBF7ROHxacW/tdbzKdNBRpO3DaC5ns9oxXfJ44xCjEFp+FZzA180HSSVvLwK0FrHV7TK3780ITIV1vxoSTt/ZDrHhfKuATTX8YBS/KPpHEI4pc+GfhuC8JuVndxsOs+58mr3uqWBP5HiF8VkuPgBIvD2TbX83Gyi8+XNHkBLPR8EfkieNSUhsnVu8Z8rqHh0ZQcf9D7RSHlRbC0N3Ak8TJ7kESJXqYofIKL5wNZa/snbRMkZ3wNoqePtQzf5yHV+URT67cEGMJYKi88sD/GQ+4lSM9oAmupZ6IONGiaZzCGEU0bb8l9IgQ5a3LUixC/cTTVqBjOaZjPDstmE3NsvikQmxT9MQSJYxrIVB/idO6lGZ+SYu72WCkvzBFL8okhkU/wwOHx9PMaLv51h5jV1njcADVav4j/QrPR63UK4IdviHxbXVPl9vLbVwHkwzxtAaz1/gyr8sdSEgMHCz6X4h8U1MxO1PJf7kjLjaQNoqedW4DNerlMIt/SlebY/XRGbN71Sw1edW+LYPDsJOPRm3q3ARK/WKYRbct3tT8UCXWWxekmIDc4vfSRPGkB7LRW9FhuBJV6sTwg3uVX8w3wQrlbULujguHtrGeTJIUCvxXeR4hdFwO3iB0hA+UnY5O5aBrneAJobuA/y7zFIITLl1Am/dMQ0c7fU8i9ur8fVQ4Bd9VycgN8B491cjxBu82LLfyELtGWx6toQz7u4DndosBLw/5HiFwXORPED2KCweaoJytxah2sNYGcDn0de0S0KnKniHxaHCb01/NKt5btyCNDcwFKleRkXO5cQbjNd/OeqtHjfshCPOb1cxxvA7rkEY1G2K1jg9LKF8Eq6j/R6xacI63FcdP1OepxcruOHAPEon5fiF4XM6Tv8nJDQlAd6nT8UcHQPoKWGefh4DSh3crmidCl/AFVZ5dn6eqMx+nr7PFtfJhQQgLdf3cmzTi3TsRduaFCtPr6HFP9ZPh/THvgyE+68B6tKLoZkyo5G6T64D6thrmfrnAzEDnVw5Oufo2fDrz1bbzo0YCse1zBFDf6aM8f2AFob+JDW/JtTyysGk+/9U6Z/KS+Gfis4diTM0abXsermGFm/Dg+w55alJE64fjduxip8fH95O/c7sSxHzgHsnsE0rc2ObZaPxt2QV0PAFww7EuZos7niB1DlFZQvutLY+kcTSfDRjXVc4sSyHGkA8TK+BkxxYllFxS/jnGbKjkYGt/y15op/mMrT/342WH7bmfcL5NwAdjWwAPiQA1lEibOjEY6+8ZrRLX+hiGiu2DqD3891OTk3gLjNN5G394ocSfFnLmrxcK7LyKkBtDawWiluyTWEKG2Du/1S/JmKw4wtNTyQyzKybgAaLK35h1xWLsSZ4s+DY/5CFNX8jc5hDzzrGVvruQdYmu38QtjRCEebd2RU/InOdnr37kTrs5fBA8EgVSveBOr8q9p2z2l6XtuCtgdv67MZfL528tKVWJXjHPkzmJaAii2z+Bad/Ek282fVADT4WhWfd+ZWBFGK7GiEY807sGoyezVEZ9PrHKmeMWL6ZbubKZu36Lxpp7dvYm/VyItTeusmpr75xswC57GY4iNN8OAiiGY6b1aHAK31vB/NvGzmFWJ4t19lWPwAWiW/d03HRv7bt+3kN/TbdiLj9eazhKasdxbfzGbejPcANPha4XPZrEyMLXHqBD1NvyMeiVBWNY5xly3Fqqgce0at6dy4gZOhNnzBINMXLGbS/MXuB86Q6Tv8ilVc8dGt8OAyiGUyX8YNYGc9fwg0ZjqfGNuJjeto81WQKJ945omKwLYtzKkqZ9yS1C9S6m0/wLZ1axmYXguTpgOwf387U15+kaXvuxdfWdCL+GPyuviLazs/uoSmzK7jIdozuyqQ0SGABp+GL2QWTaSj59VN7C+fSOKCYo1VjmdPVBPZtzPpfIlImC3Pbxgs/nMpxfGZs3n1sUdcSpwZE7f32iV2jipmc3+mVwQyagCtDdwOzM8olUhLx6meEWexh9mBMg7tbEn62f5fPUlk6siTYsO6p9dzet8uRzJm60zxy6U+VyU0wc01/HUm82TUAJTm05lFEumwe3vonzj6oxSnxk9OOr37xIlR59NKceSN17LOlispfm9p+EQm30+7ATQ1sETDmzKPJMaUYst/Lq2S/6dKdVb8vO8YOustxe+9mKZ6aw3vTvf7aTcAS/Op7CKJsVhV4yjvH32ot/Gnu5NOn1A19mg51XO9P2rzuvjzbAQvo+Kk/4LRtBrA7hlMA96bdSIxppnWKGesbJvpNTVJP7rk5tvw95xMOeuEroNMWeztc+0mtvyldsJvNDFN49ZZ6Z2rS6sBxIJ8HBnqy1WTr72BmpOHRwzRZCXizOk/QdXly5LOVzZ+Aksa5+E/NXIPoepIB0tvfacLaVOT3X7zNJCwSGsoqjEvGWiwWm0+7N2LxEvX9NW3MOnAHk7t3UU0FiPos5i08HICNStGnW/K5Uu54ZJ57F/zDKdOdmNpmFpbR/377wXLk/e/AsPFn9m9/cIdMZvVGnxqjNshxmwALfWsVlDvXDQxmuDsuVw0O/NBMP1V47j0jve4kCg9djTC0ZY3sGpnG8sgzrLBv6WWPybEt0f73pibB6W517lYohglImGOtTZl/GBPVlLtiaa4SpL0qxl8t5AlNJ8c6zuj7gHsvZiJ0Th3OBdJFJtEJMzxnc2omXWerG/arFp8HaHzpvksReXlbx3x3eoFlxFPcg/EpCtK4yn2hOaSrVOZuewYXam+M2oDiMb5AyCNJ1FEKbKjEY61vOHNln9IxYLLqVlweVrfDcyooWZG8qsnpcAGlSjna8B9qb4z1r7QB52NJIpFIhLm2M5mT4tfZC6huXO0z1M2gN011AJXO55IFLxEJMzxXS2oGbVjf1kYFddM3NqQeuSulA0g4eNOXHp9uChcg8XfKsVfQOJx/iLVZykbgIZ3uRNHFKqzxV+6x9WFSMPbUn2WtAHsmMN04DrXEpUKXTz3pybCw7v9JVT88bjpBI6Iaao31yQfwi9pA/AnuAPwuZqqBERTDOJRaBLhMMd3l9Yxv45FCe98w3QM5yg+k2xy0gagNbe7m6Y0HP/u14kd3Gs6Rk5KsfjtgX4OffXPiR89ZDqKY2w7+WvERpzk2z+b8rDNceT6vyNUeQWVV12LNanadJSsxI8dIRI64Mm6Jj76LNbE5AOfZOPkzx7l+CPfyXi++KFOdDyjsTXzngIdn8yEVU30njt9xI1AAzbXKyl+x+jwAH0bnzMdI+/12TAh4dzAJaeeeIxDf/uXkGJo8FKjQY0/xb3AeR1xxCGABTd5lkoIBou/38E6PfXEY3R95UEp/gvENSOeFhvRALQ0AOEhx4v/yf+U4k/BhhEjw5zXAHbOYipwhWeJRElzvPifepyuLz8gxZ9CXDNuSz0XnzvtvAag/ay+cJoQbuh3o/i/9Gkp/jHYcT527u/nnQTUcvOP8IDTW/7Tv/4lh2TLnx7FqnN/tS74MPX7p4RwgOPF/5sn6Po/f4x28ApCMUvo81/rd6YB7J5LED3yJIEQTnGl+L/wCXSR3LLrhThM2Drr7GX+Mw0gHmMpkB9vkRRFx/Hif/ZJKf4sxdXZMQLONABty7P/wh2uFP/n75fiz5KCW4d/PtMAlMVyM3FEMXP6bH/Pmqek+HOkFVcN/3z2KoDmMiNpRNFyesvfs/ZpOj/3cSn+HCVsZg7/bAFsvYoAJH9eWIhsuFL8n/2YFL8DbKhogjIYagAVR5nH0AQhcuV88f83nZ+VLb9TNBCZxZthqAH4YJHRRKJoOF78z/3P0Ja/uB7PNc1WrIahBqClAQgHuFL8n/moFL8L4rAMzp4EXGgwyxmBmgamfOqLBOctRvnHfG1hehIJEr2nnVlWnosdPczAxGrwBzxbp338CJGnH+fkmqdzLn5tn72br3fdM1L8LtJD5/yGq8z461ytikrqf7KeQJ3xKAUp3Laf3mk1+Kuner7usutv4tTA++G3z+a0nJO/+HemfviBwTv8vvhJKX4X2ZpqGBoSrKWeo4D3/3LOUXn1DdT/ZL3JCAUr3LafUwNhLAPFP+zUMz+n6/P3G1u/yIwFies78VtD9wUbLX4A38RJpiMUpEhHG6cGBowWP4Bv3Hij6xeZscG3aS4TrPFl1JsOI7IT6WjjZG8vVvU001FEAfKFWWrZCeTtjgVIil/kSimWWijZAyg0UvzCCVqz0FKai0wHEemT4hdOsTUz/dqimuJ5hV1Ry6b47eNHSJzsPjvBsgjUzobAyDu/dW8P8cMd503zT69ByQm+oqSh2s/Q9UCR37Ip/sTRQ7y+/yC27/ybqmbsXUPNjSPfFNX66lb6qyacN62iaxsLr78hq8wiv2mYZIE0gHyX7W6/ffrkiOIHiFjJ7xQMV47c0g9UjC+qtxyL84y3gCmmU+TEtol1hYgd6cp41oGjhzmxu4Vob48LwZwRbtsnx/zCFTZU+QHn3sbosRMvP0+HVUY0MDiUYXD3bmpUgknXrhp9vl0t7Nj0Ev0XDb3rfvc+Jh3t5Iqb30HF9JmjzuulcNs+TvUPYE2R87TCBZpyiwJ9EejhF9ayPzj+TPEDRCrGsa98IsfWPZNyvpN7drKlZefZ4gewfJycXsdL69YS7j7mZuy0SfELt2mFz6IABwKJHNxLZ1XqUxft46cST3FIsOPF57GD5Uk/i02eRuszTzqSMRdS/MITGlWQDeDUvt2jXrnUPj89O5tGTI+e7KZ/et2oy+72mR0Z3WTxy6m+0qLBKsgGkEjjLTCxgf4R0yInutFKjb7s8oqsc+VKtvzCY4W5BxAsT74Lf953KqtGTKusqUNFI6POV9ZzIutcuZDiF15TDA4JVnANYOKiK/GNMlhE4PQJxi9ZMWK6ryzI1O5Doy57ZuXYzcVpUvzCBHtoD6Dg+CZPYQ4xVGLkKLG+yABzxldiVSW/fXXx7XdRfqQj6WeTQnuZ9667Hc06Fil+YZIfiALeb/ZyNGHF9SzY1cyRPTvpq5yATsQZ13+a6YuvIDgn9SsOgpOncN0dd7Hr6Z9xNAGJsnICfT3MmjyBuR+6f+i0iDek+IVJFuiCbQAA5fMWUj8v8/FMAxMmsuh997mQKH2RjjZjxS8v0hYweNXHYrABCA9FOto42dNjbMsvl/vEkDN7AMIjXha/f0YtE9teYqB83JlpWttMspK3gOoThzk97vw7wyf0nYAxLp2KwqTAlgbgIa+3/KpqHHNXvS3t78++aeQjwqJ4WQrbAvpMBykFpnf7hbiQ1iQsBd1jf1XkQopf5COlCFu2NABXSfGLfKUUfRaa46aDFCspfpHnTsshgEsiHW2cPC3FL/KXBSf9gJmnXy4QP3rYdATHhNv2caqvH2vqdNNRPBM/3Gk6gsjcCUtbHDGdAiD8+hYGtm8yHSNnpVj8id7TnHjsX03HEBlS0OVXNm3kwX0eOh6n/Q/fyqS7P0rZJfMzvvlk3E234Z82w8E8Mbr/9R8znEnT130Myr0fZS2mIW7gFr/4scP0PPc/xA4lf8BK5C+taVatc2jUCVpNh8lV2cWN1D++Dv/0WY4sz+7vY9eCcWN/MQ/02dBvm04hCk25xQ1WVYw2iuD28Oi+nbT9weqSOxaV4hfZ6pvINqsuxACK/BgKN0el1gSk+EW2FCRWNdE7+PC75qDhPI4plSYgxS9y4YN+GHwcGA37zMZxVrE3gX4pfpEjyxrc67cAFLSYjeO8Ym0Cffbg/4TIhYLdcLYBvGE2jjuKrQnIbr9wiqXZCkMNwFKMfItGkSiWJiDFLxylWANDDaDjILuB0QfML2CF3gSk+IXTVIiNMNQAVkEc2GU0kcsKtQlI8Qun+RX9yyAGQw1gyOuG8nim0JqAnO0XblBwpgCscya+YiaOtwqlCcjZfuEWv2LL8M9nG4BN4T+Kl6Z8bwKy2y9cpXhq+MczDaBnOtuBASOBDMjXJiDFL9zW284Twz+faQDLthEDthtJZEi+NQEpfuE2v+LkKggP/37+i/BU6RwGDMuXJiDFL7xgcf6j//5zf1Galwv+ueAsRPftpO3uGwfHE3BwUBGASe+9jwnvugerKvXYAjZgl+Jf/Fi05ljLDnwz67xbpW0T6zjIsR98k+jenZ6t1ys+WHfu7+cNu9NSwxR8HOHCPYMSUTZ3wZkmEGl5nf03X5HT8ia+6x5m/t9HHUpXYrQmtO5XBC9fbmT18eNH2X/HtSR6ThlZv1vGBZm9dP/Zp3/PK/QFHRwHXvU8VZ6I7mnh4G0rOfS5j9H+gZtzXt74W+50IFUJ0pqOdb82VvwA/inTqLjqGmPrd4MPes4tfki+pV/jUZ68FOts4+RjPyB+pCvnZanKKgcSlRit6Vj3K8ouX2Y6yaiHbYXIr0Zu3Ec0AKVKuwEIg84Uv7ktfzFT8JMLp41oAIlxbEReGCq8NrTbL8XvDgXamsGPLpw+ogEsaiIKbPAilBDAOcVvfre/WAUUh5ZtGxwG7FxJz/ZrxS/djyQEg8W/XorfbZbi6WTT/ckmqjhP4OP7qT4XwhFa07HhWcouS7/4dSRMOHTgvGm+iirKZiW5V0Brwvt3o/XZO6wsn59gwyUZv3im0CmLv082PWmBL+jgeEs9LwCrXE0lSpfWdDy/hrLFSzOaLfTCcxyZfMHNWid6WRyNEpx9yXmTu19az/7yiSOWcXHXb5l8zVsyjlyoAopjy9uSD/yb+oYfxS9cS1QiEnJ3X3Ja07H+N5QtWpLxrFGdZMutFPHe0yMmx6LRpMuIRcJJpxcrBb9O9VnKBmAl+CWDd6mKLPTZ2f/lRQ510tP8OtEM35gc6+vl8PYtHHvjNexono7wpjWd639D2WVXmU5SMvxBHkr5WaoPGkN0NNfzkoLr3YlVvLIdyadv707a9++jv3rozcIH2xn3ykvUX7GU8tqGlPPZsSjbHnuE7snT0WVBAFRzM3U+zcI7787mj+Cazg3PEpDi94xfcWLZPnak+nz0e/7VyOuGYnTZjuQzcGAvu492ny1+AMuid2YDu3bvIXY89VvcNz76Q45Prz9T/AB6wmTaqqrZ8ZMfZx7GJZ3rf0Mgw2N+kRu/4qejfT5qA9D9PA70OpqoiOXySG/7rlbscwr4XPGJk+nY9GLSzw5uWENfzeyUy+0oH09/hocSbpDi954FOhbji2N8J7VFR+lVyD0B6cil+O3wAH1TRn8M+XTlhKTTO/ftGX3hwXI6trycXTCHdG54VorfAL9i93WHSb3rSDqP/SoecSpQscp1MA87EkGPcV3aLq9MOj3O2Nezo2FzZ707NzxLIIuz/SJ3Ps23x/rOmA2g8SDrKbKXhzrJiZF8/BMn4YuNftY+cPpE0umVwbIxlz9hurODnKSrc8MaKX5DfIrYsk6+N9b3xmwACrTS/NCZWMXFyXH7p/SNPvDEtIrk5wcufdMqiCW/3g3gP36E2qvflFO2bHQ+v4bAois9X68Y5IO1Ko0r0WmN/KMS/AslNGJwOpwet3/W9asYd+Jo0s8mH+3gojffmPSzCfVzmOPTkIiP+Ez1nuaKK69E+XzOBU1D5/NrCCyU4jfJVvxpOt9LqwE0dnJMaR7LLVLxcGMAT6ssyLxVN1EX6WHcyWOU9/cw/lgXs+MDzHn7raPO2/h7t7N0dj3jD7fjP3GMwLHDVB/t4Pq3vIVpiy53NugYun67VorfsCA0XRtijLPDg9J+2MeGbyn4EKRx1qmIuTp6r2Ux7Zq3MC2LWS9adDkXeVzsF+p6YR3+BbmNoyhyZ/n4QtrfTfeLC9t5gxIfJ0CG7k6t68X1+OdfZi5AJk/3FfGTgAHFseXtPJnu9zN63Fdp/kmr0nxCUF7UmVrXxg34Gxd7sq7JleWEe06COrvtCsTClC9bOeK746bPpPLwUWzr7DkQlYgzvq7Wk6wm+BTfyeT7GTWAxnaeaq1nB2Cw1XtPtvypdb2wztMtf/V1q6lO87tVC69gwUJX4+QVnyK8PMTfZDJPRuP/K9Ba87eZxSpsUvypdb3obfGL0fkV31GQyGSejF8AsqCd/wLeyHS+QiTFn1rXi+vwN0rx5wtLEVkR4vMZz5fpDApspfh6pvMVGin+1KT480/A4rsKRt4MMoasXgHWeJDHgeJ7cdoQKf7Uul5cL8WfZ3yKyIp2/jKbebNqAAoSCr6Wzbz5Ts72p+bl2X6RvoDi+9ls/SGHl4A2tvEYsDXb+fOR07f3Ro8ccm5hhh3a/CL+eYtMx/BU/FCH6Qhj8kPv8hAPZjt/1g1AgY3Nn2c7f75xY7e/85H/hx7lQZ1C0fXy8/gubjQdw1N9r7xA//bNpmOMKQCfTeehn1RyviWqpZ4ngdtyXY5Jbh7zV81fzNRb30PZ1OljfzkPhY8eou/4MU/WNfUjD2I5+ELVeFeI07/ObDwbnUgQ2dtKz5qn0fGYY1ncELAIXRMiyQsR0pdzA2idQ6NOsAMI5LosE+SEX/64dF0zvuqpjiwr1hWi7SPvJBY6OPaXC1QF3LS8k7W5LCPrQ4Bh8/ezE80Pcl2OCVL8xakUir8MtuVa/OBAAwCwNX8Fo489lm+k+ItTKRS/BbYu4y6HlpW7RSG6NfyFE8vyghR/cSqF4gcos/jONQc44MSyHGkAAAvbeBRy3yVxmxR/cSqV4g8ojq0I8WmnludYAwDQNp8A8vbFa1L8xalUih+gXPFuJ5fnaANYGGI38HdOLtMpUvzFqcSK/1dLQs4OyuNoAwCwx/N18uxpQbm9tziVUvH7YMCa4cyJv3M53gAWNRG14Q/Ik0MBp2/vFfmhlIpfAWUW9yzbRr/Ty3a8AQAsaqNJw1+7sexMyG5/cSql4gcos3hieYifu7FsVxoAwII2voE2N4ioFH9xKrXi9ytOrgg5v+s/zLUGoMD229wDJH+nlYuk+ItTqRW/BdqCWzId5ivDdbjn0g5CGueuWaZDTvgVp1IrfoAA/PPVHWxycx2uNgAYvEFIwcNurwfkhF+xKsXiL1PsWNmZ3uu9cuF6AwAIWnwS2ObmOmS3vziVYvH7FX3xcVznxbo8aQBzDhDWPu4EXHmwXIq/OJVi8SvQQZtbrt9Jjxfr86QBACzcz0ENd+PwCQ0p/uIU7wrRdt/tJVX8ABWKv7qqixe8Wp9nDQBgYRtrILM3l4xGTvgVl/CuJgBine0cvO92Yp3thhN5q1zx3LIObwfb9fwtiRpUax3/juLuXJYjW/7iY1VUUrnsOgZe30rilOdXj40KKNqv7mCOm5f8kjHyXdGzvgAABdxJREFUmtT9sykP26wDrslmfil+UUx8it7xPuovb/P+nhlPDwGGzTlA2IpzG7An03ml+EUxsSBebrPCRPEPrd+Mxk6OWRa3ksGdglL8opgohQ7Y3HFVFy2mMhhrAACNB2hViruAMQfPlxN+otgEFZ9eeYj/MZnBaAMAmH+QdVrzXkZ5tZHc4SeKTdDioRUhvm06h5GTgMm01vN+DT/igqYku/2i2JQrfrCig4+ZzgF51AAAWhv4kNY8zFAuKX5RbMotHlsR4n2mcwzLqwYA0FrPpzR8S4pfFJug4pmVHfy+6RznyrsGALC9jkd6EnzQdA4hnFKmWHd1B281neNCedkAAF6p4cmwLuyXjgoBELT4zcoQN5vOkYzxqwCprOjg9qDFf5rOIUQuyhSP52vxQx43AICVIe4uh++aziFENsotHr66gz80nWM0ed0AAFZ08sdBi4dM5xAiExV+/mFFiI+YzjGWvD0HcKHNNTwQ03zTLqDMovQo0AHFg1d38C3TWdJRUMW0ZQa3RH08mdAETGcR4kI+RaxMccfyEM+YzpKugmoAAC/PZIG22BzXjDedRYhhfugJalaafLAnGwXXAAC2XszEWITXYpoG01mECChCExRXLArRbTpLpgqyAQBo8G2exfoovMl0FlG6yhXPLe/gbQoK8r7VvL8KkIqCxNWdvLnCxxcUaNN5RGmxQFcovrCigxsLtfihgPcAzrWphqttWBvXVJnOIoqfX9EftLnZy9F73VIUDQCGzgtEeTFms9h0FlG8Aha7A2UsX7aPU6azOKFoGsCwLbX8S1jzEa2L788mzLFAB+CfvXhdl5eKskhebeCacJxn4ppJprOIwudXnKrQ/N6STl4yncVpRdkAADRYr8ziZ1F4p5whFNlQQFDxq+Ud3KZGGbKukBXsVYCxKLBXdvKuCsV7fIqw6TyisPhgoMzHO1d08HvFWvxQxA1g2LIOfqoU1eWKp01nEYUhqHhej2f6ynaeMJ3FbUV7CJDM9lpuCGt+GtNMNZ1F5B8/HA8q3nNVB+tMZ/FKSTWAYVtq+XrE5i/sEtgDEmOzwA5aPLw8lB8j9XqpJBsAwMY6LvHb/DyiucJ0FmFO0GKbr4x3LdtHm+ksJpRsAxi2ZRY3xRU/jGlqTWcR3gnA4TLF3aW0u59MyTeAYZtm8Qlb8ZDcTlzc/Io+n+ZzKzv5juks+UAawDk0+LbM4tsxxYcTmjLTeYRzfIpIQPH95SEeLOSHd5wmDSAJDf6ttXwtqvlUQlNuOo/InqWIBBU/qgzxyUVpvIS21EgDGIUG35YavhSHB+OaStN5RPr8inBA8agK8SfLIGY6T76SBpAGDb7NNXxJwydimmrTeURqAcVxn+Lby0N8TXb1xyYNIENbZ/G2uOKhqFw+zBsKCFjs8yv+bFkJ3L3nJGkAWdpcwzwU34nZrLbBbzpPKbIUMT+sTVh88rp29prOU4ikAeRIg7W1lnsTmj+La+bLewvcF4CDfovvLgvxDdnNz438Y3XQ1qnMTJTztYTmzrhmouk8xcSvOOFX/DQW44vXHeaI6TzFQhqASzbXMM9S/Fnc5vYYTDedpxD54bQPnisr4ytLDvA703mKkTQAD2yq5VIFn7Vtfj8BF8lhQnIWaL/ikKX4b+3j71YeZL/pTMVO/iF6bDcET9TybjR3x2FlvMQvK/oU/X543VL8MlLF967fSY/pTKVEGoBhmxuYQ4yPoVid0DTGYYLpTG4KKE4paPXBc7qc76/YS7vpTKVMGkCeeamWCgvuVJrbtOKqhGamrakoxHEN/Yp+BZ0+2KosnprUzi8uhYjpXOIsaQAFoAnKIrN4cwxu1IqlGubZmmoNlTb4TGZTkPBBv1IctzS7lGKbD9bqDl6QW3DznzSAAvdiI+MrelmuLa5MaBagmQVUa5ikYbwNVWjKUYONQmt8eui/+/D/K4Ue+kUrRYLBDxNKMaCgX8Fp4JRSHFfQqTUtlmJ770S2rmqi19AfXTjgfwFVFcHePttw0QAAAABJRU5ErkJggg== - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: strimzi-cluster-operator - rules: - - apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - create - - delete - - patch - - update - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - rolebindings - verbs: - - get - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - kafka.strimzi.io - resources: - - kafkas - - kafkaconnects - - kafkaconnects2is - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - delete - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - deployments - - deployments/scale - - replicasets - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - apps - resources: - - deployments - - deployments/scale - - deployments/status - - statefulsets - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - events - verbs: - - create - - apiGroups: - - extensions - resources: - - replicationcontrollers - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - apps.openshift.io - resources: - - deploymentconfigs - - deploymentconfigs/scale - - deploymentconfigs/status - - deploymentconfigs/finalizers - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - build.openshift.io - resources: - - buildconfigs - - builds - verbs: - - create - - delete - - get - - list - - patch - - watch - - update - - apiGroups: - - image.openshift.io - resources: - - imagestreams - - imagestreams/status - verbs: - - create - - delete - - get - - list - - watch - - patch - - update - - apiGroups: - - "" - resources: - - replicationcontrollers - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - kafka.strimzi.io - resources: - - kafkatopics - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - apiGroups: - - kafka.strimzi.io - resources: - - kafkausers - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - deployments: - - name: strimzi-cluster-operator - spec: - replicas: 1 - selector: - matchLabels: - name: strimzi-cluster-operator-alm-owned - template: - metadata: - name: strimzi-cluster-operator-alm-owned - labels: - name: strimzi-cluster-operator-alm-owned - spec: - serviceAccountName: strimzi-cluster-operator - containers: - - name: cluster-operator - image: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-clusteroperator-openshift:1.0.0-beta - env: - - name: STRIMZI_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: STRIMZI_FULL_RECONCILIATION_INTERVAL_MS - value: "120000" - - name: STRIMZI_OPERATION_TIMEOUT_MS - value: "300000" - - name: STRIMZI_DEFAULT_ZOOKEEPER_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-zookeeper-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafka-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_CONNECT_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkaconnect-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_CONNECT_S2I_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkaconnects2i-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TOPIC_OPERATOR_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-topicoperator-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_USER_OPERATOR_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-useroperator-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_INIT_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkainit-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TLS_SIDECAR_ZOOKEEPER_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-zookeeperstunnel-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TLS_SIDECAR_KAFKA_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkastunnel-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TLS_SIDECAR_ENTITY_OPERATOR_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-entityoperatorstunnel-openshift:1.0.0-beta - - name: STRIMZI_LOG_LEVEL - value: INFO - customresourcedefinitions: - owned: - - name: kafkas.kafka.strimzi.io - version: v1alpha1 - kind: Kafka - displayName: Kafka - description: Represents a Kafka cluster - specDescriptors: - - description: The desired number of Kafka brokers. - displayName: Kafka Brokers - path: kafka.replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: The type of storage used by Kafka brokers - displayName: Kafka storage - path: kafka.storage.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Kafka Resource Requirements - path: kafka.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - description: The desired number of Zookeeper nodes. - displayName: Zookeeper Nodes - path: zookeeper.replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: The type of storage used by Zookeeper nodes - displayName: Zookeeper storage - path: zookeeper.storage.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Zookeeper Resource Requirements - path: zookeeper.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: kafkaconnects.kafka.strimzi.io - version: v1alpha1 - kind: KafkaConnect - displayName: Kafka Connect - description: Represents a Kafka Connect cluster - specDescriptors: - - description: The desired number of Kafka Connect nodes. - displayName: Connect nodes - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: The address of the bootstrap server - displayName: Bootstrap server - path: bootstrapServers - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: kafkaconnects2is.kafka.strimzi.io - version: v1alpha1 - kind: KafkaConnectS2I - displayName: Kafka Connect S2I - description: Represents a Kafka Connect cluster with Source 2 Image support - specDescriptors: - - description: The desired number of Kafka Connect nodes. - displayName: Connect nodes - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: The address of the bootstrap server - displayName: Bootstrap server - path: bootstrapServers - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: kafkatopics.kafka.strimzi.io - version: v1alpha1 - kind: KafkaTopic - displayName: Kafka Topic - description: Represents a topic inside a Kafka cluster - specDescriptors: - - description: The number of partitions - displayName: Partitions - path: partitions - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: The number of replicas - displayName: Replication factor - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - name: kafkausers.kafka.strimzi.io - version: v1alpha1 - kind: KafkaUser - displayName: Kafka User - description: Represents a user inside a Kafka cluster - specDescriptors: - - description: Authentication type - displayName: Authentication type - path: authentication.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Authorization type - displayName: Authorization type - path: authorization.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: etcdoperator.v0.6.1 - namespace: placeholder - annotations: - tectonic-visibility: ocs - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - **High availability** - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - **Automated updates** - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - **Backups included** - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.6.1 - maturity: alpha - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-status-descriptors: etcdoperator.v0.6.1 - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - verbs: - - "*" - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:bd944a211eaf8f31da5e6d69e8541e7cada8f16a9f7a5a570b22478997819943 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: service - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: etcdoperator.v0.9.0 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdCluster","metadata":{"name":"example","namespace":"default"},"spec":{"size":3,"version":"3.2.13"}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdRestore","metadata":{"name":"example-etcd-cluster"},"spec":{"etcdCluster":{"name":"example-etcd-cluster"},"backupStorageType":"S3","s3":{"path":"","awsSecret":""}}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdBackup","metadata":{"name":"example-etcd-cluster-backup"},"spec":{"etcdEndpoints":[""],"storageType":"S3","s3":{"path":"","awsSecret":""}}}]' - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - - - **Automated updates** - - - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - - - **Backups included** - - - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.9.0 - maturity: alpha - replaces: etcdoperator.v0.6.1 - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - - etcdbackups - - etcdrestores - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-backup-operator - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - command: - - etcd-backup-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-restore-operator - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - command: - - etcd-restore-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: pod.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdbackups.etcd.database.coreos.com - version: v1beta2 - kind: EtcdBackup - displayName: etcd Backup - description: Represents the intent to backup an etcd cluster. - specDescriptors: - - description: Specifies the endpoints of an etcd cluster. - displayName: etcd Endpoint(s) - path: etcdEndpoints - x-descriptors: - - 'urn:alm:descriptor:etcd:endpoint' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the backup was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any backup related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdrestores.etcd.database.coreos.com - version: v1beta2 - kind: EtcdRestore - displayName: etcd Restore - description: Represents the intent to restore an etcd cluster from a backup. - specDescriptors: - - description: References the EtcdCluster which should be restored, - displayName: etcd Cluster - path: etcdCluster.name - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:EtcdCluster' - - 'urn:alm:descriptor:text' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the restore was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any restore related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: etcdoperator.v0.9.2 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdCluster","metadata":{"name":"example","namespace":"default"},"spec":{"size":3,"version":"3.2.13"}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdRestore","metadata":{"name":"example-etcd-cluster"},"spec":{"etcdCluster":{"name":"example-etcd-cluster"},"backupStorageType":"S3","s3":{"path":"","awsSecret":""}}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdBackup","metadata":{"name":"example-etcd-cluster-backup"},"spec":{"etcdEndpoints":[""],"storageType":"S3","s3":{"path":"","awsSecret":""}}}]' - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - - - **Automated updates** - - - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - - - **Backups included** - - - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.9.2 - maturity: alpha - replaces: etcdoperator.v0.9.0 - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - - etcdbackups - - etcdrestores - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-backup-operator - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - command: - - etcd-backup-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-restore-operator - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - command: - - etcd-restore-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: pod.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdbackups.etcd.database.coreos.com - version: v1beta2 - kind: EtcdBackup - displayName: etcd Backup - description: Represents the intent to backup an etcd cluster. - specDescriptors: - - description: Specifies the endpoints of an etcd cluster. - displayName: etcd Endpoint(s) - path: etcdEndpoints - x-descriptors: - - 'urn:alm:descriptor:etcd:endpoint' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the backup was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any backup related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdrestores.etcd.database.coreos.com - version: v1beta2 - kind: EtcdRestore - displayName: etcd Restore - description: Represents the intent to restore an etcd cluster from a backup. - specDescriptors: - - description: References the EtcdCluster which should be restored, - displayName: etcd Cluster - path: etcdCluster.name - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:EtcdCluster' - - 'urn:alm:descriptor:text' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the restore was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any restore related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: prometheusoperator.0.14.0 - namespace: placeholder - spec: - displayName: Prometheus - description: | - An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. - - _The Prometheus Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Monitoring applications - - Prometheus scrapes your application metrics based on targets maintained in a ServiceMonitor object. When alerts need to be sent, they are processsed by an AlertManager. - - [Read the complete guide to monitoring applications with the Prometheus Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/prometheus-ocs.html) - - ## Supported Features - - **High availability** - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - **Updates via automated operations** - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - **Handles the dynamic nature of containers** - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator Source Code - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.14.0 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-14-0 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: ["get", "list"] - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - servicemonitors - verbs: - - "*" - - apiGroups: - - apps - resources: - - statefulsets - verbs: ["*"] - - apiGroups: [""] - resources: - - configmaps - - secrets - verbs: ["*"] - - apiGroups: [""] - resources: - - pods - verbs: ["list", "delete"] - - apiGroups: [""] - resources: - - services - - endpoints - verbs: ["get", "create", "update"] - - apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] - - apiGroups: [""] - resources: - - namespaces - verbs: ['list'] - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-14-0 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:5037b4e90dbb03ebdefaa547ddf6a1f748c8eeebeedf6b9d9f0913ad662b5731 - command: - - sh - - -c - - > - /bin/operator --namespace=$K8S_NAMESPACE --crd-apigroup monitoring.coreos.com - --labels alm-status-descriptors=prometheusoperator.0.14.0,alm-owner-prometheus=prometheusoperator - --kubelet-service=kube-system/kubelet - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - maturity: alpha - version: 0.14.0 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:monitoring.coreos.com:v1:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Define resources requests and limits for single Pods - displayName: Resource Request - path: resources.requests - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The current number of Pods for the cluster - displayName: Cluster Size - path: replicas - - path: prometheusSelector - displayName: Prometheus Service Selector - description: Label selector to find the service that routes to this prometheus - x-descriptors: - - 'urn:alm:descriptor:label:selector' - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Selector to select which namespaces the Endpoints objects are discovered from - displayName: Monitoring Namespaces - path: namespaceSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:namespaceSelector' - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alert Manager - description: Configures an Alert Manager for the namespace - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: prometheusoperator.0.15.0 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v1.7.0","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' - spec: - replaces: prometheusoperator.0.14.0 - displayName: Prometheus - description: | - An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. - - _The Prometheus Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Monitoring applications - - Prometheus scrapes your application metrics based on targets maintained in a ServiceMonitor object. When alerts need to be sent, they are processsed by an AlertManager. - - [Read the complete guide to monitoring applications with the Prometheus Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/prometheus-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - - - **Updates via automated operations** - - - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - - - **Handles the dynamic nature of containers** - - - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator Source Code - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.15.0 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-14-0 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: ["get", "list"] - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - servicemonitors - verbs: - - "*" - - apiGroups: - - apps - resources: - - statefulsets - verbs: ["*"] - - apiGroups: [""] - resources: - - configmaps - - secrets - verbs: ["*"] - - apiGroups: [""] - resources: - - pods - verbs: ["list", "delete"] - - apiGroups: [""] - resources: - - services - - endpoints - verbs: ["get", "create", "update"] - - apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] - - apiGroups: [""] - resources: - - namespaces - verbs: ['list'] - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-14-0 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:0e92dd9b5789c4b13d53e1319d0a6375bcca4caaf0d698af61198061222a576d - command: - - sh - - -c - - > - /bin/operator --namespace=$K8S_NAMESPACE --crd-apigroup monitoring.coreos.com - --labels alm-status-descriptors=prometheusoperator.0.15.0,alm-owner-prometheus=prometheusoperator - --kubelet-service=kube-system/kubelet - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - maturity: alpha - version: 0.15.0 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:monitoring.coreos.com:v1:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The current number of Pods for the cluster - displayName: Cluster Size - path: replicas - - path: prometheusSelector - displayName: Prometheus Service Selector - description: Label selector to find the service that routes to this prometheus - x-descriptors: - - 'urn:alm:descriptor:label:selector' - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Selector to select which namespaces the Endpoints objects are discovered from - displayName: Monitoring Namespaces - path: namespaceSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:namespaceSelector' - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alert Manager - description: Configures an Alert Manager for the namespace - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: prometheusoperator.0.22.2 - namespace: placeholder - annotations: - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","securityContext": {}, "serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus"}},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3, "securityContext": {}}}]' - spec: - replaces: prometheusoperator.0.15.0 - displayName: Prometheus Operator - description: | - The Prometheus Operator for Kubernetes provides easy monitoring definitions for Kubernetes services and deployment and management of Prometheus instances. - - Once installed, the Prometheus Operator provides the following features: - - * **Create/Destroy**: Easily launch a Prometheus instance for your Kubernetes namespace, a specific application or team easily using the Operator. - - * **Simple Configuration**: Configure the fundamentals of Prometheus like versions, persistence, retention policies, and replicas from a native Kubernetes resource. - - * **Target Services via Labels**: Automatically generate monitoring target configurations based on familiar Kubernetes label queries; no need to learn a Prometheus specific configuration language. - - ### Other Supported Features - - **High availability** - - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - - **Updates via automated operations** - - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - - **Handles the dynamic nature of containers** - - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - - provider: - name: Red Hat - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.22.2 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-22-2 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - '*' - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - prometheuses/finalizers - - alertmanagers/finalizers - - servicemonitors - - prometheusrules - verbs: - - '*' - - apiGroups: - - apps - resources: - - statefulsets - verbs: - - '*' - - apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - '*' - - apiGroups: - - "" - resources: - - pods - verbs: - - list - - delete - - apiGroups: - - "" - resources: - - services - - endpoints - verbs: - - get - - create - - update - - apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - list - - watch - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-22-2 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:3daa69a8c6c2f1d35dcf1fe48a7cd8b230e55f5229a1ded438f687debade5bcf - args: - - -namespace=$(K8S_NAMESPACE) - - -manage-crds=false - - -logtostderr=true - - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - - --prometheus-config-reloader=quay.io/coreos/prometheus-config-reloader:v0.22.2 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - nodeSelector: - beta.kubernetes.io/os: linux - maturity: beta - version: 0.22.2 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:monitoring.coreos.com:v1:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: prometheusrules.monitoring.coreos.com - version: v1 - kind: PrometheusRule - displayName: Prometheus Rule - description: A Prometheus Rule configures groups of sequentially evaluated recording and alerting rules. - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alertmanager - description: Configures an Alertmanager for the namespace - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - packages: |- - - #! package-manifest: ./deploy/chart/catalog_resources/rh-operators/amq-streams.v1.0.0-clusterserviceversion - packageName: amq-streams - channels: - - name: preview - currentCSV: amqstreams.v1.0.0.beta - - - #! package-manifest: ./deploy/chart/catalog_resources/rh-operators/etcdoperator.v0.9.2.clusterserviceversion.yaml - packageName: etcd - channels: - - name: alpha - currentCSV: etcdoperator.v0.9.2 - - - #! package-manifest: ./deploy/chart/catalog_resources/rh-operators/prometheusoperator.0.22.2.clusterserviceversion.yaml - packageName: prometheus - channels: - - name: preview - currentCSV: prometheusoperator.0.22.2 - - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/10-rh-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/10-rh-operators.catalogsource.yaml deleted file mode 100644 index 45c67dc0af..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/10-rh-operators.catalogsource.yaml +++ /dev/null @@ -1,16 +0,0 @@ -##--- -# Source: olm/templates/10-rh-operators.catalogsource.yaml - -#! validate-crd: ./deploy/chart/templates/05-catalogsource.crd.yaml -#! parse-kind: CatalogSource -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: rh-operators - namespace: kube-system -spec: - sourceType: internal - configMap: rh-operators - displayName: Red Hat Operators - publisher: Red Hat - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/12-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/12-olm-operator.deployment.yaml deleted file mode 100644 index f5c5773876..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/12-olm-operator.deployment.yaml +++ /dev/null @@ -1,47 +0,0 @@ -##--- -# Source: olm/templates/12-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: kube-system - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - image: quay.io/coreos/olm@sha256:5f593ae61902caef7f2add7e27d1f672a14091a399b852b1b6722ef5f8b9c8e3 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - env: - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator - imagePullSecrets: - - name: coreos-pull-secret diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/13-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/13-catalog-operator.deployment.yaml deleted file mode 100644 index 12f1b0c128..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/13-catalog-operator.deployment.yaml +++ /dev/null @@ -1,43 +0,0 @@ -##--- -# Source: olm/templates/13-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: kube-system - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - - '-namespace' - - kube-system - - '-debug' - image: quay.io/coreos/catalog@sha256:8fc933e660a5b143bce7a5e4cb1606630fa9497cc252a7e47e0def3c18268f45 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - imagePullSecrets: - - name: coreos-pull-secret diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/20-aggregated-edit.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/20-aggregated-edit.clusterrole.yaml deleted file mode 100644 index 6971c17372..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/20-aggregated-edit.clusterrole.yaml +++ /dev/null @@ -1,14 +0,0 @@ -##--- -# Source: olm/templates/20-aggregated-edit.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "packagemanifests"] - verbs: ["create", "update", "patch", "delete"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/21-aggregated-view.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/21-aggregated-view.clusterrole.yaml deleted file mode 100644 index b9cf1d2333..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/21-aggregated-view.clusterrole.yaml +++ /dev/null @@ -1,13 +0,0 @@ -##--- -# Source: olm/templates/21-aggregated-view.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "view" default roles - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "packagemanifests"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/22-packageserver.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/22-packageserver.yaml deleted file mode 100644 index 2882236c66..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.0/22-packageserver.yaml +++ /dev/null @@ -1,149 +0,0 @@ -##--- -# Source: olm/templates/22-packageserver.yaml -apiVersion: apiregistration.k8s.io/v1beta1 -kind: APIService -metadata: - name: v1alpha1.packages.apps.redhat.com -spec: - caBundle: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM5VENDQWQyZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFjTVJvd0dBWURWUVFERXhGd1lXTnIKWVdkbExYTmxjblpsY2kxallUQWVGdzB4T0RBNU1Ua3hOVEk1TWpGYUZ3MHhPVEE1TVRreE5USTVNakZhTUJ3eApHakFZQmdOVkJBTVRFWEJoWTJ0aFoyVXRjMlZ5ZG1WeUxXTmhNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUF5Sko5amhubXdaaEV2enRZQlNicWt0MTFBUWF3cWNldks2ZS9aY0VnQ0l6RHQvYWkKNVdjdjd2eWE5NlFSZkVZWG5qN2t0VnY3MzYrZGVraWFodWswK0taOXNnTmpIcXp0eGpZUVZvSHI1NTdLTW4vOApxOUd4QUVtQWgvWkdqUzM5bkNtaW5YSUN1M3I2bUdtK2pzQTA2VTAzWUtXclRtVlQweThBbys0MnM2RGRKTXZ5ClVmSjMvT0pLSzFxQVAyQS90ckRieG5peVUyRnBIWVpzVlRWdDM3RU1VYW9VTjJLeldSSVlpODlZM05HYVNxMVYKbzdaeWI2WEY2Uyt3dUpybUZMek9VYTByQ1o2Mko0ajg3OVl2Q0lvODVKQTNWaHdpT3hlYmQ4U2Q0ZW10Z0F3NwpHUm9vWkVraFhLVjBzT2pLdnBvamtSQmlTc0xZUVZ3VTJHTFpKUUlEQVFBQm8wSXdRREFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBSytpcXlUM1NUenM0OHVyTTM1bFBFZWpYVll4TWNHbApnYnExOGt5NG1UQ1lIaFlleDQ2ZVltK1dQMFBCVU43ZHZiNDNhNlA5d0lmZURQem15SjNKOEF1TUxEeVRGSUErClk1Q1M4TlFzOVpzdi9IN0MvVU9HaTFjQzVOVCt5eWU4WXB3cnpLVmphMXNVNFZXN1dUWS9xVnhmUFVKQjNhS3QKcnhzWTU4Vmd6SE91ajRlNE92UCt4TTJEcjJEa2pXSkw4aml4bmdnL0Z6MTU5ZHQvNlhuSko2ZDZHZ3o2cVFDVQpGRkZEQjhTMEozVWRDSUs5cjNwQVh4eFZubVhGRGhaRVZGeFRkcVE4VTNtTmdkRjlqaVVtams2VkdhSHJKMkc5Cmd4c0JMeTJCS050NzBHWmZYTC9ySGY5cWtVN1dpcmlaVHpzNitqb1ZEWnBOMmYzSzZjd2xKa009Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" - group: packages.apps.redhat.com - groupPriorityMinimum: 2000 - versionPriority: 15 - service: - name: package-server - namespace: kube-system - version: v1alpha1 ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: packagemanifest:system:auth-delegator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: packagemanifest-auth-reader - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: packagemanifest-view -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: kube-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: package-apiserver-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: aggregated-apiserver-clusterrole -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: kube-system ---- -apiVersion: v1 -kind: Secret -type: kubernetes.io/tls -metadata: - name: package-server-certs - namespace: kube-system - labels: - app: package-server -data: - tls.crt: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURPRENDQWlDZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFjTVJvd0dBWURWUVFERXhGd1lXTnIKWVdkbExYTmxjblpsY2kxallUQWVGdzB4T0RBNU1Ua3hOVEk1TWpKYUZ3MHhPVEE1TVRreE5USTVNakphTUJreApGekFWQmdOVkJBTVREbkJoWTJ0aFoyVXRjMlZ5ZG1WeU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQXpiQnNZL3hjeWc0bXlTWlR5OWVRNXpYU0JlWjFjTlVYVXp6TEIvQjFUUkJMYjlUR1I4Z1YKZGNmQ09YeElGRlRuVHd6NnRlTlZZczRLclNLc3V6eFFCQko4aUVKMDhTanZqQTFwcXNUWE9OemtDVHVlYUs4ZQp2WGs0SVBvUmJ2NWgyQklVazZBaGVxa0xJVE1TV0ViT3dDY3dIc3lpQ0p5dDlzTkxDSUpsY3RXOUgrbmdMSEZ5ClI2ai9Qck9kUmVoL21NRkF2YTVKbGNONHRFT2dxdFFjNndqWXRxMVJzSkxzRlErc2V4VTFhUWthQjZwVFFJK1IKclc2TFU4dU1CbkJmOWZoTUZUdjdCMDNvajdyLyt4V1JKWjFpdFIyeEpRckhkSnkrc1YydmpqNGg5dHNDc3RkUwpxTmdYNHA1RVNQRDNLZzRHSkJYejQ3MG1IN1N1N3BxTXNRSURBUUFCbzRHSE1JR0VNQTRHQTFVZER3RUIvd1FFCkF3SUZvREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXcKQURCRkJnTlZIUkVFUGpBOGdocHdZV05yWVdkbExYTmxjblpsY2k1cmRXSmxMWE41YzNSbGJZSWVjR0ZqYTJGbgpaUzF6WlhKMlpYSXVhM1ZpWlMxemVYTjBaVzB1YzNaak1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRREJDRWxsClNCZlhhZUQ3SWh6WHlSaXk3Y0FwTStJVmNWOURTWmE4Vm1wc1hydFhJMUJVelN3aFQwbjhmRlZiY3l2OFpzTnEKdVgrRGQ0eWR5TWV0ZUVpS3VhMmZpVXIvaDU0YmpTa0ZsbzZRaW1xN3pLbFB2b1IrZWRLM3ArVFJnZzdELzdGUgp5WDVZeGx5amJPUy9KVHQxMC91aVVxLzZqbjZBOURVSkJ2QWJuR3JzRzY1UkxLdGZuTzNLc2duYUpVN2s5Mm1lCjYyT3gzMGlsQ3pqSW5jQW0rZ09rRFNlNmhUdThuRjVXNjJiRWlMeG43NSt4bk9vazgrbkhtTmNEMzVWU0pqRXUKemJKNVpoZVA1NmFPUGFKYU1iYlV0WDBHamltellncllUd2pQN3pGMStubE13ZTJOODFDeWNnc0srUk5NME4rKwpwdEFja0ZlQkNwYkRjdFVECi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K" - tls.key: "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBemJCc1kveGN5ZzRteVNaVHk5ZVE1elhTQmVaMWNOVVhVenpMQi9CMVRSQkxiOVRHClI4Z1ZkY2ZDT1h4SUZGVG5Ud3o2dGVOVllzNEtyU0tzdXp4UUJCSjhpRUowOFNqdmpBMXBxc1RYT056a0NUdWUKYUs4ZXZYazRJUG9SYnY1aDJCSVVrNkFoZXFrTElUTVNXRWJPd0Njd0hzeWlDSnl0OXNOTENJSmxjdFc5SCtuZwpMSEZ5UjZqL1ByT2RSZWgvbU1GQXZhNUpsY040dEVPZ3F0UWM2d2pZdHExUnNKTHNGUStzZXhVMWFRa2FCNnBUClFJK1JyVzZMVTh1TUJuQmY5ZmhNRlR2N0IwM29qN3IvK3hXUkpaMWl0UjJ4SlFySGRKeStzVjJ2amo0aDl0c0MKc3RkU3FOZ1g0cDVFU1BEM0tnNEdKQlh6NDcwbUg3U3U3cHFNc1FJREFRQUJBb0lCQURyQmwrVGo5Um1lKzBOZwptSFZWU2NaU1lJRmcrTkZYZmNkQVNYc21IRXY4U0tCVWRxT1FxMWl1ekhPaFpmR3c0elo0cmJHQmxDV2FXQUJuCk5GSjBBeU4ycUc1QUZhbkNHTk80RFNSRUFIcjAxb3N3cGFxZnc3YzZSbWRkSjllK0FQTTVEdm13dDMrVGhHTmkKZEc0VkpBQk44WGdLMm9wOVAxQ0xMd2JxUU5LUmFzc2prd1ZjeG45T3h3ZXl6d0Ivd1dSOVBSRjdpODZKTVRPVwpTQXVHbTNKUUQ4RHp5eUZwcGE5QkpWTWR4V211dnRuKzBVallFbkFodHJwZVRYYVJVVHNVWjRHbUxKYkhvaXlkCmVxR0R2dFpDSWVEQk5oTk5TT2YxSXFVOWRqQWsxdjBZVlJzQmZQWVoreUtZaDlKTzIxWHM0YndCblc5bk1wSWoKa3lyeTYrVUNnWUVBNFhzQjF2cklOR3JvZE1SS25sek1GUlNCZ24xMXVIek1ZSnRpVklYemg2cTNwN2VUQnBRdApFYktER0lYU25Td1lxaVZJRHJlOUdTUXdPRi9QMG84QTFDbjhiQnhBN1pRSWI2b3gwUWhJUEV1VW04VGY0Sm1MCmJwMmFkcG9uMDdxZks3ZHF5bEJKVVl2OGpRc1dKSWhxVG81dkxCRzBhZjZEQlRrR2VKSlRxNThDZ1lFQTZZZWoKVWNkdFJHeklIS3BoNXh6ZlN1bFplSTVMT243ekU5SHhwTHJnbjltZFpmd2tPODV0MHU4SGgrOUJkMVMraTVRawptd3M3RnloR2p0aWV5QVNadFErYjlEeklleVhKNlFZai9TVmtmQUJ1d25EcXlSWFdWMXdXb25sUFJoR3daU0tVCnIvYTFxU24vNHNuT243dlhEa2ZaQUJvaE1iVmJrNkFhd1pZOTVhOENnWUVBaDdOU0RpSHI3N0FQcW9hZ0tlTEwKYUR4cEhUR0ljYm1aL3VKRk1YMVViV2ZQRS84bFd5WStZWkkvMTdoaVl2a3c5dVZ0RW41K0xlMWJuL0g1ejAwRgpRS3JzSWR4M0x3U1NkekhFdlhyd2pta21UUUVWZzhTazU3T3VUSWJHUldUaGVwdnVoMGYrZURkNWpTRUkrSCtwCkN4SXAwaW50bklUeU1XaDZmb0lDSFIwQ2dZRUEzT01jR3MwOFVEMW9wcHlPa0JFaUwvUTZXYXFXQTVWeWpHdkgKV2Q0ZGUzVlZ5TkpPMzNicE1GeEJUbFdESWNFNW5rS1l3VUpGT1NreVhBa1BYdmZpLzN6dE1YNlF6dEsyZ2IvNgpLSWJHM2ZkMnpGb0w2Zm5Lek1UZzcvczRmWGxiMUwxNTBGcldCMVVmb1Q3clB2Rm9nQ3g3Vi9wZkxXcHlYVmRTCkY0dnByaWNDZ1lCNVdzMHdHMUIxUm9jdFZYMnZMZk1ON0ROUXU4ampRd1FUTW5ucWtkbVd1OUhzeG42aVM0d24KSmlwV1ZDQXlML0V1RTVyZlFyZkl2cFRCdVQ2T2xIUHYrdnBCRzJGODdlK2FyUGJvWFhVMmd3MEpPSnVTL2kvVAp4cjRVRW5RQndFUHRmb0R0V3IrbTVWdXZQTXBQQjFlTC9QK3FrK1BvV0JLOG9vcnZmVWtwcXc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=" ---- -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: package-server - namespace: kube-system - labels: - app: package-server -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: package-server - template: - metadata: - labels: - app: package-server - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: package-server - command: - - /bin/package-server - - -v=4 - - --debug - image: quay.io/coreos/package-server@sha256:66513e76ac0443b6ecec3138a88fa6850a98b1db95400f2f83f6012bee693c6f - imagePullPolicy: Always - ports: - - containerPort: 443 - volumeMounts: - - name: certs - mountPath: /apiserver.local.config/certificates - readOnly: true - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 443 - volumes: - - name: certs - secret: - secretName: package-server-certs - items: - - key: tls.crt - path: apiserver.crt - - key: tls.key - path: apiserver.key - imagePullSecrets: - - name: coreos-pull-secret ---- -apiVersion: v1 -kind: Service -metadata: - name: package-server - namespace: kube-system -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 443 - selector: - app: package-server diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_00-namespace.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_00-namespace.yaml deleted file mode 100644 index d0d4a7fd83..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_00-namespace.yaml +++ /dev/null @@ -1,6 +0,0 @@ -##--- -# Source: olm/templates/0000_30_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_01-olm-operator.serviceaccount.yaml deleted file mode 100644 index e75e22e51b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,31 +0,0 @@ -##--- -# Source: olm/templates/0000_30_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] ---- -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-olm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_02-clusterserviceversion.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_02-clusterserviceversion.crd.yaml deleted file mode 100644 index 8bdc8d3dc2..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_02-clusterserviceversion.crd.yaml +++ /dev/null @@ -1,694 +0,0 @@ -##--- -# Source: olm/templates/0000_30_02-clusterserviceversion.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterserviceversions.operators.coreos.com - annotations: - displayName: Operator Version - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. -spec: - names: - plural: clusterserviceversions - singular: clusterserviceversion - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - shortNames: - - csv - categories: - - all - - olm - additionalPrinterColumns: - - name: Display - type: string - description: The name of the CSV - JSONPath: .spec.displayName - - name: Version - type: string - description: The version of the CSV - JSONPath: .spec.version - - name: Replaces - type: string - description: The name of a CSV that this one replaces - JSONPath: .spec.replaces - - name: Phase - type: string - JSONPath: .status.phase - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for a ClusterServiceVersion - required: - - displayName - - install - properties: - displayName: - type: string - description: Human readable name of the application that will be displayed in the ALM UI - - description: - type: string - description: Human readable description of what the application does - - keywords: - type: array - description: List of keywords which will be used to discover and categorize app types - items: - type: string - - maintainers: - type: array - description: Those responsible for the creation of this specific app type - items: - type: object - description: Information for a single maintainer - required: - - name - - email - properties: - name: - type: string - description: Maintainer's name - email: - type: string - description: Maintainer's email address - format: email - optionalProperties: - type: string - description: "Any additional key-value metadata you wish to expose about the maintainer, e.g. github: " - - links: - type: array - description: Interesting links to find more information about the project, such as marketing page, documentation, or github page - items: - type: object - description: A single link to describe one aspect of the project - required: - - name - - url - properties: - name: - type: string - description: Name of the link type, e.g. homepage or github url - url: - type: string - description: URL to which the link should point - format: uri - - icon: - type: array - description: Icon which should be rendered with the application information - required: - - base64data - - mediatype - properties: - base64data: - type: string - description: Base64 binary representation of the icon image - pattern: ^(?:[A-Za-z0-9+/]{4}){0,16250}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$ - mediatype: - type: string - description: Mediatype for the binary data specified in the base64data property - enum: - - image/gif - - image/jpeg - - image/png - - image/svg+xml - version: - type: string - description: Version string, recommended that users use semantic versioning - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - replaces: - type: string - description: Name of the ClusterServiceVersion custom resource that this version replaces - - maturity: - type: string - description: What level of maturity the software has achieved at this version - enum: - - planning - - pre-alpha - - alpha - - beta - - stable - - mature - - inactive - - deprecated - labels: - type: object - description: Labels that will be applied to associated resources created by the operator. - selector: - type: object - description: Label selector to find resources associated with or managed by the operator - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - apiservicedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the APIService (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the APIService - required: - - kind - - version - properties: - name: - type: string - description: If a APIService, the fully qualified name of the APIService (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this status is the same for all instances of the API resource and can be found here instead of on the API resource. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the APIService resource. - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this spec is the same for all instances of the API Resource and can be found here instead of on the API resource. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - type: object - description: If present, the value of this action is the same for all instances of the API resource and can be found here instead of on the API resource. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the APIService (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the APIService - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API Resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this status is the same for all instances of the API Resource and can be found here instead of on the API Resource. - - customresourcedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the CRD - required: - - kind - - version - properties: - name: - type: string - description: If a CRD, the fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this spec is the same for all instances of the CRD and can be found here instead of on the CR. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - type: object - description: If present, the value of this action is the same for all instances of the CRD and can be found here instead of on the CR. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - - - install: - type: object - description: Information required to install this specific version of the operator software - oneOf: - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['image'] - spec: - type: object - required: - - image - properties: - image: - type: string - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['deployment'] - spec: - type: object - required: - - deployments - properties: - deployments: - type: array - description: List of deployments to create - items: - type: object - description: A name and deployment to create in the cluster - required: - - name - - spec - properties: - name: - type: string - description: the consistent name of the deployment - spec: - type: object - description: The deployment spec to create in the cluster - permissions: - type: array - description: Permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - get - - list - - watch - - create - - update - - patch - - delete - - deletecollection - clusterPermissions: - type: array - description: Cluster permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - get - - list - - watch - - create - - update - - patch - - delete - - deletecollection - status: - type: object - description: Status for a ClusterServiceVersion diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_03-installplan.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_03-installplan.crd.yaml deleted file mode 100644 index 8742215dca..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_03-installplan.crd.yaml +++ /dev/null @@ -1,78 +0,0 @@ -##--- -# Source: olm/templates/0000_30_03-installplan.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: installplans.operators.coreos.com - annotations: - displayName: Install Plan - description: Represents a plan to install and resolve dependencies for Cluster Services -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: installplans - singular: installplan - kind: InstallPlan - listKind: InstallPlanList - categories: - - all - - olm - additionalPrinterColumns: - - name: CSV - type: string - description: The first CSV in the list of clusterServiceVersionNames - JSONPath: .spec.clusterServiceVersionNames[0] - - name: Source - type: string - description: The catalog source for the specified CSVs. - JSONPath: .spec.source - - name: Approval - type: string - description: The approval mode - JSONPath: .spec.approval - - name: Approved - type: boolean - JSONPath: .spec.approved - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for an InstallPlan - required: - - clusterServiceVersionNames - - approval - properties: - source: - type: string - description: Name of the preferred CatalogSource - sourceNamespace: - type: string - description: Namespace that contains the preffered CatalogSource - clusterServiceVersionNames: - type: array - description: A list of the names of the Cluster Services - items: - type: string - anyOf: - - properties: - approval: - enum: - - Manual - approved: - type: boolean - required: - - approved - - properties: - approval: - enum: - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_04-subscription.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_04-subscription.crd.yaml deleted file mode 100644 index 35f0c24a15..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_04-subscription.crd.yaml +++ /dev/null @@ -1,72 +0,0 @@ -##--- -# Source: olm/templates/0000_30_04-subscription.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.operators.coreos.com - annotations: - displayName: Subscription - description: Subcribes service catalog to a source and channel to recieve updates for packages. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: subscriptions - singular: subscription - kind: Subscription - listKind: SubscriptionList - categories: - - all - - olm - additionalPrinterColumns: - - name: Package - type: string - description: The package subscribed to - JSONPath: .spec.name - - name: Source - type: string - description: The catalog source for the specified package - JSONPath: .spec.source - - name: Channel - type: string - description: The channel of updates to subscribe to - JSONPath: .spec.channel - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for a Subscription - required: - - source - - name - properties: - source: - type: string - description: Name of a CatalogSource that defines where and how to find the channel - sourceNamespace: - type: string - description: The Kubernetes namespace where the CatalogSource used is located - name: - type: string - description: Name of the package that defines the application - channel: - type: string - description: Name of the channel to track - startingCSV: - type: string - description: Name of the AppType that this subscription tracks - installPlanApproval: - type: string - description: Approval mode for emitted InstallPlans - enum: - - Manual - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_05-catalogsource.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_05-catalogsource.crd.yaml deleted file mode 100644 index 8facb62fbd..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_05-catalogsource.crd.yaml +++ /dev/null @@ -1,81 +0,0 @@ -##--- -# Source: olm/templates/0000_30_05-catalogsource.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: catalogsources.operators.coreos.com - annotations: - displayName: CatalogSource - description: A source configured to find packages and updates. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: catalogsources - singular: catalogsource - kind: CatalogSource - listKind: CatalogSourceList - categories: - - all - - olm - additionalPrinterColumns: - - name: Name - type: string - description: The pretty name of the catalog - JSONPath: .spec.displayName - - name: Type - type: string - description: The type of the catalog - JSONPath: .spec.sourceType - - name: Publisher - type: string - description: The publisher of the catalog - JSONPath: .spec.publisher - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Represents a subscription to a source and channel - required: - - spec - type: object - description: Spec for a catalog source. - required: - - sourceType - properties: - sourceType: - type: string - description: The type of the source. Currently the only supported type is "internal". - enum: - - internal - - configMap: - type: string - description: The name of a ConfigMap that holds the entries for an in-memory catalog. - - displayName: - type: string - description: Pretty name for display - - publisher: - type: string - description: The name of an entity that publishes this catalog - - secrets: - type: array - description: A set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. - items: - type: string - description: A name of a secret in the namespace where the CatalogSource is defined. diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_06-rh-operators.configmap.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_06-rh-operators.configmap.yaml deleted file mode 100644 index 3b5db473b6..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_06-rh-operators.configmap.yaml +++ /dev/null @@ -1,11364 +0,0 @@ -##--- -# Source: olm/templates/0000_30_06-rh-operators.configmap.yaml - -kind: ConfigMap -apiVersion: v1 -metadata: - name: rh-operators - namespace: olm - -data: - customResourceDefinitions: |- - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: alertmanagers.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: Alertmanager - plural: alertmanagers - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: 'Specification of the desired behavior of the Alertmanager - cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - affinity: - description: Affinity is a group of affinity scheduling rules. - properties: - nodeAffinity: - description: Node affinity is a group of node affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). - properties: - preference: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - preference - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: A node selector represents the union of the results - of one or more label queries over a set of nodes; that is, - it represents the OR of the selectors represented by the node - selector terms. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - type: array - required: - - nodeSelectorTerms - podAffinity: - description: Pod affinity is a group of inter pod affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - podAntiAffinity: - description: Pod anti affinity is a group of inter pod anti affinity - scheduling rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more - of the expressions. The node that is most preferred is the - one with the greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field - and adding "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - baseImage: - description: Base image that is used to deploy pods, without tag. - type: string - containers: - description: Containers allows injecting additional containers. This - is meant to allow adding an authentication proxy to an Alertmanager - pod. - items: - description: A single application container that you want to run within - a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be - updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The - docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: EnvVarSource represents a source for the value - of an EnvVar. - properties: - configMapKeyRef: - description: Selects a key from a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap or it's - key must be defined - type: boolean - required: - - key - fieldRef: - description: ObjectFieldSelector selects an APIVersioned - field of an object. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - resourceFieldRef: - description: ResourceFieldSelector represents container - resources (cpu, memory) and their output format - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: {} - resource: - description: 'Required: resource to select' - type: string - required: - - resource - secretKeyRef: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's - key must be defined - type: boolean - required: - - key - required: - - name - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be a - C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of - ConfigMaps - properties: - configMapRef: - description: |- - ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. - - The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: |- - SecretEnvSource selects a Secret to populate the environment variables with. - - The contents of the target Secret's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle describes actions that the management system - should take in response to container lifecycle events. For the - PostStart and PreStop lifecycle handlers, management of the - container blocks until the action is complete, unless the container - process fails, in which case the handler is aborted. - properties: - postStart: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - preStop: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - livenessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - name: - description: Name of the container specified as a DNS_LABEL. Each - container in a pod must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about the - network connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Cannot be updated. - items: - description: ContainerPort represents a network port in a single - container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod must - have a unique name. Name for the port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. Must be UDP or TCP. Defaults - to "TCP". - type: string - required: - - containerPort - type: array - readinessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - securityContext: - description: SecurityContext holds security configuration that - will be applied to a container. Some fields are present in both - SecurityContext and PodSecurityContext. When both are set, - the values in SecurityContext take precedence. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: Adds and removes POSIX capabilities from running - containers. - properties: - add: - description: Added capabilities - items: - type: string - type: array - drop: - description: Removed capabilities - items: - type: string - type: array - privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. - type: boolean - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to - the container - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - stdin: - description: Whether this container should allocate a buffer for - stdin in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default is - false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin - channel after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container - start, is empty until the first client attaches to stdin, and - then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container - is restarted. If this flag is false, a container processes that - reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s - termination message will be written is mounted into the container''s - filesystem. Message written is intended to be brief final status, - such as an assertion failure message. Will be truncated by the - node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. - File will use the contents of terminationMessagePath to populate - the container status message on both success and failure. FallbackToLogsOnError - will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. This is an alpha feature and may change - in the future. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - name - - devicePath - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationHostToContainer - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - required: - - name - - mountPath - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might be - configured in the container image. Cannot be updated. - type: string - required: - - name - type: array - externalUrl: - description: The external URL the Alertmanager instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Alertmanager is not served from root of a DNS name. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same namespace - to use for pulling prometheus and alertmanager images from registries - see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to let - you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - type: array - listenLocal: - description: ListenLocal makes the Alertmanager server listen on loopback, - so that it does not bind against the Pod IP. Note this is only for - the Alertmanager UI, not the gossip communication. - type: boolean - logLevel: - description: Log level for Alertmanager to be configured with. - type: string - nodeSelector: - description: Define which Nodes the Pods are scheduled on. - type: object - paused: - description: If set to true all actions on the underlaying managed objects - are not goint to be performed, except for delete actions. - type: boolean - podMetadata: - description: ObjectMeta is metadata that all persisted resources must - have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs to. - This is used to distinguish resources with same name and namespace - in different clusters. This field is not set anywhere right now - and apiserver is going to ignore it if set in create or update - request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to gracefully - terminate before it will be removed from the system. Only set - when deletionTimestamp is also set. May only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted from the - registry. Each entry is an identifier for the responsible component - that will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that must execute - in order before this object is visible. When the last pending - initializer is removed, and no failing result is set, the - initializers struct will be set to nil and the object is considered - as initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible for - initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that don't return - other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of - this representation of an object. Servers should convert - recognized schemas to the latest internal value, and may - reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this status, - 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional properties - that MAY be set by the server to provide additional information - about a response. The Reason field of a Status object - defines what attributes will be set. Clients must ignore - fields that do not match the defined type of each attribute, - and should assume that any attribute may be empty, invalid, - or under defined. - properties: - causes: - description: The Causes array includes more details - associated with the StatusReason failure. Not all - StatusReasons may provide detailed causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases when - multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description of the - cause of the error. This field may be presented - as-is to a reader. - type: string - reason: - description: A machine-readable description of - the cause of the error. If this value is empty - there is no information available. - type: string - type: array - group: - description: The group attribute of the resource associated - with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource associated - with the status StatusReason. On some operations may - differ from the requested resource Kind. More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource associated - with the status StatusReason (when there is a single - name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds before - the operation should be retried. Some errors may indicate - the client must take an alternate action - for those - errors this field may indicate how long to wait before - taking the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there is a - single resource which can be described). More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the status - of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various status - objects. A resource may have only one of {ObjectMeta, - ListMeta}. - properties: - continue: - description: continue may be set if the user set a limit - on the number of items returned, and indicates that - the server has more data available. The value is opaque - and may be used to issue another request to the endpoint - that served this list to retrieve the next set of - available objects. Continuing a list may not be possible - if the server configuration has changed or more than - a few minutes have passed. The resourceVersion field - returned when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s internal - version of this object that can be used by clients - to determine when objects have changed. Value must - be treated as opaque by clients and passed unmodified - back to the server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why this - operation is in the "Failure" status. If this value is - empty there is no information available. A Reason clarifies - an HTTP status code but does not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a client - to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If ALL objects - in the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this - list will point to this controller, with the controller field - set to true. There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information to let - you identify an owning object. Currently, an owning object must - be in the same namespace, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the key-value - store until this reference is removed. Defaults to false. - To set this field, a user needs "delete" permission of the - owner, otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. Populated - by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - replicas: - description: Size is the expected size of the alertmanager cluster. - The controller will eventually make the size of the running cluster - equal to the expected size. - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - routePrefix: - description: The route prefix Alertmanager registers HTTP handlers for. - This is useful, if using ExternalURL and a proxy is rewriting HTTP - routes of a request, and the actual ExternalURL is still true, but - the server serves requests under a different route prefix. For example - for use with `kubectl proxy`. - type: string - secrets: - description: Secrets is a list of Secrets in the same namespace as the - Alertmanager object, which shall be mounted into the Alertmanager - Pods. The Secrets are mounted into /etc/alertmanager/secrets/. - items: - type: string - type: array - securityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in container.securityContext. Field - values of container.securityContext take precedence over field values - of PodSecurityContext. - properties: - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - format: int64 - type: integer - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to the - container - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - supplementalGroups: - description: A list of groups applied to the first process run in - each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: array - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to - use to run the Prometheus Pods. - type: string - storage: - description: StorageSpec defines the configured storage for a group - Prometheus servers. - properties: - class: - description: 'Name of the StorageClass to use when requesting storage - provisioning. More info: https://kubernetes.io/docs/user-guide/persistent-volumes/#storageclasses - DEPRECATED' - type: string - emptyDir: - description: Represents an empty directory for a pod. Empty directory - volumes support ownership management and SELinux relabeling. - properties: - medium: - description: 'What type of storage medium should back this directory. - The default is "" which means to use the node''s default medium. - Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: {} - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - volumeClaimTemplate: - description: PersistentVolumeClaim is a user's request for and claim - to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - description: ObjectMeta is metadata that all persisted resources - must have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs - to. This is used to distinguish resources with same name - and namespace in different clusters. This field is not - set anywhere right now and apiserver is going to ignore - it if set in create or update request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to - gracefully terminate before it will be removed from the - system. Only set when deletionTimestamp is also set. May - only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted - from the registry. Each entry is an identifier for the - responsible component that will remove the entry from - the list. If the deletionTimestamp of the object is non-nil, - entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that - must execute in order before this object is visible. - When the last pending initializer is removed, and - no failing result is set, the initializers struct - will be set to nil and the object is considered as - initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible - for initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that - don't return other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal - value, and may reject unrecognized values. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this - status, 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional - properties that MAY be set by the server to provide - additional information about a response. The Reason - field of a Status object defines what attributes - will be set. Clients must ignore fields that do - not match the defined type of each attribute, - and should assume that any attribute may be empty, - invalid, or under defined. - properties: - causes: - description: The Causes array includes more - details associated with the StatusReason failure. - Not all StatusReasons may provide detailed - causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases - when multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description - of the cause of the error. This field - may be presented as-is to a reader. - type: string - reason: - description: A machine-readable description - of the cause of the error. If this value - is empty there is no information available. - type: string - type: array - group: - description: The group attribute of the resource - associated with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource - associated with the status StatusReason. On - some operations may differ from the requested - resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource - associated with the status StatusReason (when - there is a single name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds - before the operation should be retried. Some - errors may indicate the client must take an - alternate action - for those errors this field - may indicate how long to wait before taking - the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there - is a single resource which can be described). - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing - the REST resource this object represents. Servers - may infer this from the endpoint the client submits - requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the - status of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various - status objects. A resource may have only one of - {ObjectMeta, ListMeta}. - properties: - continue: - description: continue may be set if the user - set a limit on the number of items returned, - and indicates that the server has more data - available. The value is opaque and may be - used to issue another request to the endpoint - that served this list to retrieve the next - set of available objects. Continuing a list - may not be possible if the server configuration - has changed or more than a few minutes have - passed. The resourceVersion field returned - when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s - internal version of this object that can be - used by clients to determine when objects - have changed. Value must be treated as opaque - by clients and passed unmodified back to the - server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing - this object. Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why - this operation is in the "Failure" status. If - this value is empty there is no information available. - A Reason clarifies an HTTP status code but does - not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is - required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If - ALL objects in the list have been deleted, this object - will be garbage collected. If this object is managed by - a controller, then an entry in this list will point to - this controller, with the controller field set to true. - There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. Currently, an - owning object must be in the same namespace, so there - is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from - the key-value store until this reference is removed. - Defaults to false. To set this field, a user needs - "delete" permission of the owner, otherwise 422 - (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the - managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - spec: - description: PersistentVolumeClaimSpec describes the common - attributes of storage devices and allows a Source for provider-specific - attributes - properties: - accessModes: - description: 'AccessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - resources: - description: ResourceRequirements describes the compute - resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set - of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - storageClassName: - description: 'Name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not - included in claim spec. This is an alpha feature and may - change in the future. - type: string - volumeName: - description: VolumeName is the binding reference to the - PersistentVolume backing this claim. - type: string - status: - description: PersistentVolumeClaimStatus is the current status - of a persistent volume claim. - properties: - accessModes: - description: 'AccessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - capacity: - description: Represents the actual resources of the underlying - volume. - type: object - conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails details - about state of pvc - properties: - lastProbeTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - lastTransitionTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - message: - description: Human-readable message indicating details - about last transition. - type: string - reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is being - resized. - type: string - status: - type: string - type: - type: string - required: - - type - - status - type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string - tag: - description: Tag of Alertmanager container image to be deployed. Defaults - to the value of `version`. - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: array - version: - description: Version the cluster should be on. - type: string - status: - description: 'Most recent observed status of the Alertmanager cluster. Read-only. - Not included when requesting from the apiserver, only from the Prometheus - Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this Alertmanager cluster. - format: int32 - type: integer - paused: - description: Represents whether any actions on the underlaying managed - objects are being performed. Only delete actions will be performed. - type: boolean - replicas: - description: Total number of non-terminated pods targeted by this Alertmanager - cluster (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: Total number of unavailable pods targeted by this Alertmanager - cluster. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted by this Alertmanager - cluster that have the desired version spec. - format: int32 - type: integer - required: - - paused - - replicas - - updatedReplicas - - availableReplicas - - unavailableReplicas - version: v1 - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkas.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: Kafka - listKind: KafkaList - singular: kafka - plural: kafkas - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - kafka: - type: object - properties: - replicas: - type: integer - minimum: 1 - image: - type: string - storage: - type: object - properties: - class: - type: string - deleteClaim: - type: boolean - selector: - type: object - size: - type: string - type: - type: string - listeners: - type: object - properties: - plain: - type: object - properties: {} - tls: - type: object - properties: - authentication: - type: object - properties: - type: - type: string - authorization: - type: object - properties: - superUsers: - type: array - items: - type: string - type: - type: string - config: - type: object - rack: - type: object - properties: - topologyKey: - type: string - example: failure-domain.beta.kubernetes.io/zone - required: - - topologyKey - brokerRackInitImage: - type: string - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - metrics: - type: object - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - required: - - replicas - - storage - - listeners - zookeeper: - type: object - properties: - replicas: - type: integer - minimum: 1 - image: - type: string - storage: - type: object - properties: - class: - type: string - deleteClaim: - type: boolean - selector: - type: object - size: - type: string - type: - type: string - config: - type: object - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - metrics: - type: object - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - required: - - replicas - - storage - topicOperator: - type: object - properties: - watchedNamespace: - type: string - image: - type: string - reconciliationIntervalSeconds: - type: integer - minimum: 0 - zookeeperSessionTimeoutSeconds: - type: integer - minimum: 0 - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - topicMetadataMaxAttempts: - type: integer - minimum: 0 - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - entityOperator: - type: object - properties: - topicOperator: - type: object - properties: - watchedNamespace: - type: string - image: - type: string - reconciliationIntervalSeconds: - type: integer - minimum: 0 - zookeeperSessionTimeoutSeconds: - type: integer - minimum: 0 - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - topicMetadataMaxAttempts: - type: integer - minimum: 0 - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - userOperator: - type: object - properties: - watchedNamespace: - type: string - image: - type: string - reconciliationIntervalSeconds: - type: integer - minimum: 0 - zookeeperSessionTimeoutSeconds: - type: integer - minimum: 0 - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - required: - - kafka - - zookeeper - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkaconnects.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaConnect - listKind: KafkaConnectList - singular: kafkaconnect - plural: kafkaconnects - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - replicas: - type: integer - image: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - metrics: - type: object - authentication: - type: object - properties: - certificateAndKey: - type: object - properties: - certificate: - type: string - key: - type: string - secretName: - type: string - required: - - certificate - - key - - secretName - type: - type: string - required: - - certificateAndKey - bootstrapServers: - type: string - config: - type: object - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - tls: - type: object - properties: - trustedCertificates: - type: array - items: - type: object - properties: - certificate: - type: string - secretName: - type: string - required: - - certificate - - secretName - required: - - trustedCertificates - required: - - bootstrapServers - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkaconnects2is.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaConnectS2I - listKind: KafkaConnectS2IList - singular: kafkaconnects2i - plural: kafkaconnects2is - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - replicas: - type: integer - image: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - metrics: - type: object - authentication: - type: object - properties: - certificateAndKey: - type: object - properties: - certificate: - type: string - key: - type: string - secretName: - type: string - required: - - certificate - - key - - secretName - type: - type: string - required: - - certificateAndKey - bootstrapServers: - type: string - config: - type: object - insecureSourceRepository: - type: boolean - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - tls: - type: object - properties: - trustedCertificates: - type: array - items: - type: object - properties: - certificate: - type: string - secretName: - type: string - required: - - certificate - - secretName - required: - - trustedCertificates - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - required: - - bootstrapServers - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkatopics.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaTopic - listKind: KafkaTopicList - singular: kafkatopic - plural: kafkatopics - shortNames: - - kt - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - partitions: - type: integer - minimum: 1 - replicas: - type: integer - minimum: 1 - maximum: 32767 - config: - type: object - topicName: - type: string - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkausers.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaUser - listKind: KafkaUserList - singular: kafkauser - plural: kafkausers - shortNames: - - ku - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - authentication: - type: object - properties: - type: - type: string - authorization: - type: object - properties: - acls: - type: array - items: - type: object - properties: - host: - type: string - operation: - type: string - enum: - - Read - - Write - - Create - - Delete - - Alter - - Describe - - ClusterAction - - AlterConfigs - - DescribeConfigs - - IdempotentWrite - - All - resource: - type: object - properties: - name: - type: string - patternType: - type: string - enum: - - literal - - prefix - type: - type: string - type: - type: string - enum: - - allow - - deny - required: - - operation - - resource - type: - type: string - required: - - acls - required: - - authentication - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdbackups.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - kind: EtcdBackup - listKind: EtcdBackupList - plural: etcdbackups - singular: etcdbackup - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdclusters.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - plural: etcdclusters - singular: etcdcluster - kind: EtcdCluster - listKind: EtcdClusterList - shortNames: - - etcdclus - - etcd - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdrestores.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - kind: EtcdRestore - listKind: EtcdRestoreList - plural: etcdrestores - singular: etcdrestore - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: "" - kubebuilder.k8s.io: 0.1.10 - name: clusters.clusterregistry.k8s.io - spec: - group: clusterregistry.k8s.io - names: - kind: Cluster - plural: clusters - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - authInfo: - properties: - controller: - properties: - kind: - type: string - name: - type: string - namespace: - type: string - type: object - user: - properties: - kind: - type: string - name: - type: string - namespace: - type: string - type: object - type: object - kubernetesApiEndpoints: - properties: - caBundle: - items: - type: byte - type: string - serverEndpoints: - items: - properties: - clientCIDR: - type: string - serverAddress: - type: string - type: object - type: array - type: object - type: object - status: - properties: - conditions: - items: - properties: - lastHeartbeatTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: dnsendpoints.multiclusterdns.federation.k8s.io - spec: - group: multiclusterdns.federation.k8s.io - names: - kind: DNSEndpoint - plural: dnsendpoints - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - endpoints: - items: - properties: - dnsName: - type: string - labels: - type: object - recordTTL: - format: int64 - type: integer - recordType: - type: string - targets: - items: - type: string - type: array - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedclusters.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedCluster - plural: federatedclusters - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterRef: - type: object - secretRef: - type: object - type: object - status: - properties: - conditions: - items: - properties: - lastProbeTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - - status - type: object - type: array - region: - type: string - zone: - type: string - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedconfigmaps.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedConfigMap - plural: federatedconfigmaps - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedconfigmapoverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedConfigMapOverride - plural: federatedconfigmapoverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - data: - type: object - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedconfigmapplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedConfigMapPlacement - plural: federatedconfigmapplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federateddeployments.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedDeployment - plural: federateddeployments - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federateddeploymentoverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedDeploymentOverride - plural: federateddeploymentoverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - replicas: - format: int32 - type: integer - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federateddeploymentplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedDeploymentPlacement - plural: federateddeploymentplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedingresses.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedIngress - plural: federatedingresses - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedingressplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedIngressPlacement - plural: federatedingressplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedjobs.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedJob - plural: federatedjobs - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedjoboverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedJobOverride - plural: federatedjoboverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - parallelism: - format: int32 - type: integer - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedjobplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedJobPlacement - plural: federatedjobplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatednamespaceplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedNamespacePlacement - plural: federatednamespaceplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedreplicasets.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedReplicaSet - plural: federatedreplicasets - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedreplicasetoverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedReplicaSetOverride - plural: federatedreplicasetoverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - replicas: - format: int32 - type: integer - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedreplicasetplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedReplicaSetPlacement - plural: federatedreplicasetplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedsecrets.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedSecret - plural: federatedsecrets - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedsecretoverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedSecretOverride - plural: federatedsecretoverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - data: - type: object - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedsecretplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedSecretPlacement - plural: federatedsecretplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedservices.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedService - plural: federatedservices - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedserviceaccounts.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedServiceAccount - plural: federatedserviceaccounts - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedserviceaccountplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedServiceAccountPlacement - plural: federatedserviceaccountplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedserviceplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedServicePlacement - plural: federatedserviceplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedtypeconfigs.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedTypeConfig - plural: federatedtypeconfigs - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - comparisonField: - type: string - namespaced: - type: boolean - override: - properties: - group: - type: string - kind: - type: string - pluralName: - type: string - version: - type: string - required: - - kind - type: object - overridePath: - items: - type: string - type: array - placement: - properties: - group: - type: string - kind: - type: string - pluralName: - type: string - version: - type: string - required: - - kind - type: object - propagationEnabled: - type: boolean - target: - properties: - group: - type: string - kind: - type: string - pluralName: - type: string - version: - type: string - required: - - kind - type: object - template: - properties: - group: - type: string - kind: - type: string - pluralName: - type: string - version: - type: string - required: - - kind - type: object - required: - - target - - namespaced - - comparisonField - - propagationEnabled - - template - - placement - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: multiclusteringressdnsrecords.multiclusterdns.federation.k8s.io - spec: - group: multiclusterdns.federation.k8s.io - names: - kind: MultiClusterIngressDNSRecord - plural: multiclusteringressdnsrecords - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - hosts: - items: - type: string - type: array - recordTTL: - format: int64 - type: integer - type: object - status: - properties: - dns: - items: - properties: - cluster: - type: string - loadBalancer: - type: object - type: object - type: array - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: multiclusterservicednsrecords.multiclusterdns.federation.k8s.io - spec: - group: multiclusterdns.federation.k8s.io - names: - kind: MultiClusterServiceDNSRecord - plural: multiclusterservicednsrecords - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - dnsSuffix: - type: string - federationName: - type: string - recordTTL: - format: int64 - type: integer - type: object - status: - properties: - dns: - items: - properties: - cluster: - type: string - loadBalancer: - type: object - region: - type: string - zone: - type: string - type: object - type: array - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: propagatedversions.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: PropagatedVersion - plural: propagatedversions - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - status: - properties: - clusterVersions: - items: - properties: - clusterName: - type: string - version: - type: string - type: object - type: array - overridesVersion: - type: string - templateVersion: - type: string - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: replicaschedulingpreferences.scheduling.federation.k8s.io - spec: - group: scheduling.federation.k8s.io - names: - kind: ReplicaSchedulingPreference - plural: replicaschedulingpreferences - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusters: - type: object - rebalance: - type: boolean - targetKind: - type: string - totalReplicas: - format: int32 - type: integer - required: - - targetKind - - totalReplicas - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: prometheuses.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: Prometheus - plural: prometheuses - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: 'Specification of the desired behavior of the Prometheus cluster. - More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - additionalAlertManagerConfigs: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must be defined - type: boolean - required: - - key - additionalScrapeConfigs: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must be defined - type: boolean - required: - - key - affinity: - description: Affinity is a group of affinity scheduling rules. - properties: - nodeAffinity: - description: Node affinity is a group of node affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). - properties: - preference: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - preference - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: A node selector represents the union of the results - of one or more label queries over a set of nodes; that is, - it represents the OR of the selectors represented by the node - selector terms. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - type: array - required: - - nodeSelectorTerms - podAffinity: - description: Pod affinity is a group of inter pod affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - podAntiAffinity: - description: Pod anti affinity is a group of inter pod anti affinity - scheduling rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more - of the expressions. The node that is most preferred is the - one with the greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field - and adding "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - alerting: - description: AlertingSpec defines parameters for alerting configuration - of Prometheus servers. - properties: - alertmanagers: - description: AlertmanagerEndpoints Prometheus should fire alerts - against. - items: - description: AlertmanagerEndpoints defines a selection of a single - Endpoints object containing alertmanager IPs to fire alerts - against. - properties: - bearerTokenFile: - description: BearerTokenFile to read from filesystem to use - when authenticating to Alertmanager. - type: string - name: - description: Name of Endpoints object in Namespace. - type: string - namespace: - description: Namespace of Endpoints object. - type: string - pathPrefix: - description: Prefix for the HTTP path alerts are pushed to. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use when firing alerts. - type: string - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - required: - - namespace - - name - - port - type: array - required: - - alertmanagers - baseImage: - description: Base image to use for a Prometheus deployment. - type: string - containers: - description: Containers allows injecting additional containers. This - is meant to allow adding an authentication proxy to a Prometheus pod. - items: - description: A single application container that you want to run within - a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be - updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The - docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: EnvVarSource represents a source for the value - of an EnvVar. - properties: - configMapKeyRef: - description: Selects a key from a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap or it's - key must be defined - type: boolean - required: - - key - fieldRef: - description: ObjectFieldSelector selects an APIVersioned - field of an object. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - resourceFieldRef: - description: ResourceFieldSelector represents container - resources (cpu, memory) and their output format - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: {} - resource: - description: 'Required: resource to select' - type: string - required: - - resource - secretKeyRef: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's - key must be defined - type: boolean - required: - - key - required: - - name - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be a - C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of - ConfigMaps - properties: - configMapRef: - description: |- - ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. - The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: |- - SecretEnvSource selects a Secret to populate the environment variables with. - The contents of the target Secret's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle describes actions that the management system - should take in response to container lifecycle events. For the - PostStart and PreStop lifecycle handlers, management of the - container blocks until the action is complete, unless the container - process fails, in which case the handler is aborted. - properties: - postStart: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - preStop: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - livenessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - name: - description: Name of the container specified as a DNS_LABEL. Each - container in a pod must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about the - network connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Cannot be updated. - items: - description: ContainerPort represents a network port in a single - container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod must - have a unique name. Name for the port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. Must be UDP or TCP. Defaults - to "TCP". - type: string - required: - - containerPort - type: array - readinessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - securityContext: - description: SecurityContext holds security configuration that - will be applied to a container. Some fields are present in both - SecurityContext and PodSecurityContext. When both are set, - the values in SecurityContext take precedence. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: Adds and removes POSIX capabilities from running - containers. - properties: - add: - description: Added capabilities - items: - type: string - type: array - drop: - description: Removed capabilities - items: - type: string - type: array - privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. - type: boolean - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to - the container - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - stdin: - description: Whether this container should allocate a buffer for - stdin in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default is - false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin - channel after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container - start, is empty until the first client attaches to stdin, and - then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container - is restarted. If this flag is false, a container processes that - reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s - termination message will be written is mounted into the container''s - filesystem. Message written is intended to be brief final status, - such as an assertion failure message. Will be truncated by the - node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. - File will use the contents of terminationMessagePath to populate - the container status message on both success and failure. FallbackToLogsOnError - will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. This is an alpha feature and may change - in the future. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - name - - devicePath - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationHostToContainer - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - required: - - name - - mountPath - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might be - configured in the container image. Cannot be updated. - type: string - required: - - name - type: array - evaluationInterval: - description: Interval between consecutive evaluations. - type: string - externalLabels: - description: The labels to add to any time series or alerts when communicating - with external systems (federation, remote storage, Alertmanager). - type: object - externalUrl: - description: The external URL the Prometheus instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Prometheus is not served from root of a DNS name. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same namespace - to use for pulling prometheus and alertmanager images from registries - see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to let - you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - type: array - listenLocal: - description: ListenLocal makes the Prometheus server listen on loopback, - so that it does not bind against the Pod IP. - type: boolean - logLevel: - description: Log level for Prometheus to be configured with. - type: string - nodeSelector: - description: Define which Nodes the Pods are scheduled on. - type: object - paused: - description: When a Prometheus deployment is paused, no actions except - for deletion will be performed on the underlying objects. - type: boolean - podMetadata: - description: ObjectMeta is metadata that all persisted resources must - have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs to. - This is used to distinguish resources with same name and namespace - in different clusters. This field is not set anywhere right now - and apiserver is going to ignore it if set in create or update - request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to gracefully - terminate before it will be removed from the system. Only set - when deletionTimestamp is also set. May only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted from the - registry. Each entry is an identifier for the responsible component - that will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that must execute - in order before this object is visible. When the last pending - initializer is removed, and no failing result is set, the - initializers struct will be set to nil and the object is considered - as initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible for - initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that don't return - other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of - this representation of an object. Servers should convert - recognized schemas to the latest internal value, and may - reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this status, - 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional properties - that MAY be set by the server to provide additional information - about a response. The Reason field of a Status object - defines what attributes will be set. Clients must ignore - fields that do not match the defined type of each attribute, - and should assume that any attribute may be empty, invalid, - or under defined. - properties: - causes: - description: The Causes array includes more details - associated with the StatusReason failure. Not all - StatusReasons may provide detailed causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases when - multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description of the - cause of the error. This field may be presented - as-is to a reader. - type: string - reason: - description: A machine-readable description of - the cause of the error. If this value is empty - there is no information available. - type: string - type: array - group: - description: The group attribute of the resource associated - with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource associated - with the status StatusReason. On some operations may - differ from the requested resource Kind. More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource associated - with the status StatusReason (when there is a single - name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds before - the operation should be retried. Some errors may indicate - the client must take an alternate action - for those - errors this field may indicate how long to wait before - taking the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there is a - single resource which can be described). More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the status - of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various status - objects. A resource may have only one of {ObjectMeta, - ListMeta}. - properties: - continue: - description: continue may be set if the user set a limit - on the number of items returned, and indicates that - the server has more data available. The value is opaque - and may be used to issue another request to the endpoint - that served this list to retrieve the next set of - available objects. Continuing a list may not be possible - if the server configuration has changed or more than - a few minutes have passed. The resourceVersion field - returned when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s internal - version of this object that can be used by clients - to determine when objects have changed. Value must - be treated as opaque by clients and passed unmodified - back to the server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why this - operation is in the "Failure" status. If this value is - empty there is no information available. A Reason clarifies - an HTTP status code but does not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a client - to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If ALL objects - in the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this - list will point to this controller, with the controller field - set to true. There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information to let - you identify an owning object. Currently, an owning object must - be in the same namespace, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the key-value - store until this reference is removed. Defaults to false. - To set this field, a user needs "delete" permission of the - owner, otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. Populated - by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - remoteRead: - description: If specified, the remote_read spec. This is an experimental - feature, it may change in any upcoming release in a breaking way. - items: - description: RemoteReadSpec defines the remote_read configuration - for prometheus. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - username: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bearerToken: - description: bearer token for remote read. - type: string - bearerTokenFile: - description: File to read bearer token for remote read. - type: string - proxyUrl: - description: Optional ProxyURL - type: string - readRecent: - description: Whether reads should be made for queries for time - ranges that the local storage should have complete data for. - type: boolean - remoteTimeout: - description: Timeout for requests to the remote read endpoint. - type: string - requiredMatchers: - description: An optional list of equality matchers which have - to be present in a selector to query the remote read endpoint. - type: object - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - url: - description: The URL of the endpoint to send samples to. - type: string - required: - - url - type: array - remoteWrite: - description: If specified, the remote_write spec. This is an experimental - feature, it may change in any upcoming release in a breaking way. - items: - description: RemoteWriteSpec defines the remote_write configuration - for prometheus. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - username: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bearerToken: - description: File to read bearer token for remote write. - type: string - bearerTokenFile: - description: File to read bearer token for remote write. - type: string - proxyUrl: - description: Optional ProxyURL - type: string - queueConfig: - description: QueueConfig allows the tuning of remote_write queue_config - parameters. This object is referenced in the RemoteWriteSpec - object. - properties: - batchSendDeadline: - description: BatchSendDeadline is the maximum time a sample - will wait in buffer. - type: string - capacity: - description: Capacity is the number of samples to buffer per - shard before we start dropping them. - format: int32 - type: integer - maxBackoff: - description: MaxBackoff is the maximum retry delay. - type: string - maxRetries: - description: MaxRetries is the maximum number of times to - retry a batch on recoverable errors. - format: int32 - type: integer - maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number of samples - per send. - format: int32 - type: integer - maxShards: - description: MaxShards is the maximum number of shards, i.e. - amount of concurrency. - format: int32 - type: integer - minBackoff: - description: MinBackoff is the initial retry delay. Gets doubled - for every retry. - type: string - remoteTimeout: - description: Timeout for requests to the remote write endpoint. - type: string - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - url: - description: The URL of the endpoint to send samples to. - type: string - writeRelabelConfigs: - description: The list of remote write relabel configurations. - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It defines - ``-section of Prometheus configuration. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - description: Action to perform based on regex matching. - Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label - values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. defailt is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular expression - for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: array - required: - - url - type: array - replicas: - description: Number of instances to deploy for a Prometheus deployment. - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - retention: - description: Time duration Prometheus shall retain data for. - type: string - routePrefix: - description: The route prefix Prometheus registers HTTP handlers for. - This is useful, if using ExternalURL and a proxy is rewriting HTTP - routes of a request, and the actual ExternalURL is still true, but - the server serves requests under a different route prefix. For example - for use with `kubectl proxy`. - type: string - ruleNamespaceSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - ruleSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - scrapeInterval: - description: Interval between consecutive scrapes. - type: string - secrets: - description: Secrets is a list of Secrets in the same namespace as the - Prometheus object, which shall be mounted into the Prometheus Pods. - The Secrets are mounted into /etc/prometheus/secrets/. - Secrets changes after initial creation of a Prometheus object are - not reflected in the running Pods. To change the secrets mounted into - the Prometheus Pods, the object must be deleted and recreated with - the new list of secrets. - items: - type: string - type: array - securityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in container.securityContext. Field - values of container.securityContext take precedence over field values - of PodSecurityContext. - properties: - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. - format: int64 - type: integer - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to the - container - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - supplementalGroups: - description: A list of groups applied to the first process run in - each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: array - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to - use to run the Prometheus Pods. - type: string - serviceMonitorNamespaceSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - serviceMonitorSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - storage: - description: StorageSpec defines the configured storage for a group - Prometheus servers. - properties: - class: - description: 'Name of the StorageClass to use when requesting storage - provisioning. More info: https://kubernetes.io/docs/user-guide/persistent-volumes/#storageclasses - DEPRECATED' - type: string - emptyDir: - description: Represents an empty directory for a pod. Empty directory - volumes support ownership management and SELinux relabeling. - properties: - medium: - description: 'What type of storage medium should back this directory. - The default is "" which means to use the node''s default medium. - Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: {} - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - volumeClaimTemplate: - description: PersistentVolumeClaim is a user's request for and claim - to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - description: ObjectMeta is metadata that all persisted resources - must have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs - to. This is used to distinguish resources with same name - and namespace in different clusters. This field is not - set anywhere right now and apiserver is going to ignore - it if set in create or update request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to - gracefully terminate before it will be removed from the - system. Only set when deletionTimestamp is also set. May - only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted - from the registry. Each entry is an identifier for the - responsible component that will remove the entry from - the list. If the deletionTimestamp of the object is non-nil, - entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that - must execute in order before this object is visible. - When the last pending initializer is removed, and - no failing result is set, the initializers struct - will be set to nil and the object is considered as - initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible - for initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that - don't return other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal - value, and may reject unrecognized values. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this - status, 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional - properties that MAY be set by the server to provide - additional information about a response. The Reason - field of a Status object defines what attributes - will be set. Clients must ignore fields that do - not match the defined type of each attribute, - and should assume that any attribute may be empty, - invalid, or under defined. - properties: - causes: - description: The Causes array includes more - details associated with the StatusReason failure. - Not all StatusReasons may provide detailed - causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases - when multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description - of the cause of the error. This field - may be presented as-is to a reader. - type: string - reason: - description: A machine-readable description - of the cause of the error. If this value - is empty there is no information available. - type: string - type: array - group: - description: The group attribute of the resource - associated with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource - associated with the status StatusReason. On - some operations may differ from the requested - resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource - associated with the status StatusReason (when - there is a single name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds - before the operation should be retried. Some - errors may indicate the client must take an - alternate action - for those errors this field - may indicate how long to wait before taking - the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there - is a single resource which can be described). - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing - the REST resource this object represents. Servers - may infer this from the endpoint the client submits - requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the - status of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various - status objects. A resource may have only one of - {ObjectMeta, ListMeta}. - properties: - continue: - description: continue may be set if the user - set a limit on the number of items returned, - and indicates that the server has more data - available. The value is opaque and may be - used to issue another request to the endpoint - that served this list to retrieve the next - set of available objects. Continuing a list - may not be possible if the server configuration - has changed or more than a few minutes have - passed. The resourceVersion field returned - when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s - internal version of this object that can be - used by clients to determine when objects - have changed. Value must be treated as opaque - by clients and passed unmodified back to the - server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing - this object. Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why - this operation is in the "Failure" status. If - this value is empty there is no information available. - A Reason clarifies an HTTP status code but does - not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is - required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If - ALL objects in the list have been deleted, this object - will be garbage collected. If this object is managed by - a controller, then an entry in this list will point to - this controller, with the controller field set to true. - There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. Currently, an - owning object must be in the same namespace, so there - is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from - the key-value store until this reference is removed. - Defaults to false. To set this field, a user needs - "delete" permission of the owner, otherwise 422 - (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the - managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - spec: - description: PersistentVolumeClaimSpec describes the common - attributes of storage devices and allows a Source for provider-specific - attributes - properties: - accessModes: - description: 'AccessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - resources: - description: ResourceRequirements describes the compute - resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set - of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - storageClassName: - description: 'Name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not - included in claim spec. This is an alpha feature and may - change in the future. - type: string - volumeName: - description: VolumeName is the binding reference to the - PersistentVolume backing this claim. - type: string - status: - description: PersistentVolumeClaimStatus is the current status - of a persistent volume claim. - properties: - accessModes: - description: 'AccessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - capacity: - description: Represents the actual resources of the underlying - volume. - type: object - conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails details - about state of pvc - properties: - lastProbeTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - lastTransitionTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - message: - description: Human-readable message indicating details - about last transition. - type: string - reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is being - resized. - type: string - status: - type: string - type: - type: string - required: - - type - - status - type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string - tag: - description: Tag of Prometheus container image to be deployed. Defaults - to the value of `version`. - type: string - thanos: - description: ThanosSpec defines parameters for a Prometheus server within - a Thanos deployment. - properties: - baseImage: - description: Thanos base image if other than default. - type: string - gcs: - description: ThanosGCSSpec defines parameters for use of Google - Cloud Storage (GCS) with Thanos. - properties: - bucket: - description: Google Cloud Storage bucket name for stored blocks. - If empty it won't store any block inside Google Cloud Storage. - type: string - peers: - description: Peers is a DNS name for Thanos to discover peers through. - type: string - s3: - description: ThanosSpec defines parameters for of AWS Simple Storage - Service (S3) with Thanos. (S3 compatible services apply as well) - properties: - accessKey: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bucket: - description: S3-Compatible API bucket name for stored blocks. - type: string - endpoint: - description: S3-Compatible API endpoint for stored blocks. - type: string - insecure: - description: Whether to use an insecure connection with an S3-Compatible - API. - type: boolean - secretKey: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - signatureVersion2: - description: Whether to use S3 Signature Version 2; otherwise - Signature Version 4 will be used. - type: boolean - tag: - description: Tag of Thanos sidecar container image to be deployed. - Defaults to the value of `version`. - type: string - version: - description: Version describes the version of Thanos to use. - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: array - version: - description: Version of Prometheus to be deployed. - type: string - status: - description: 'Most recent observed status of the Prometheus cluster. Read-only. - Not included when requesting from the apiserver, only from the Prometheus - Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this Prometheus deployment. - format: int32 - type: integer - paused: - description: Represents whether any actions on the underlaying managed - objects are being performed. Only delete actions will be performed. - type: boolean - replicas: - description: Total number of non-terminated pods targeted by this Prometheus - deployment (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: Total number of unavailable pods targeted by this Prometheus - deployment. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted by this Prometheus - deployment that have the desired version spec. - format: int32 - type: integer - required: - - paused - - replicas - - updatedReplicas - - availableReplicas - - unavailableReplicas - version: v1 - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: prometheusrules.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: PrometheusRule - plural: prometheusrules - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: PrometheusRuleSpec contains specification parameters for a - Rule. - properties: - groups: - description: Content of Prometheus rule file - items: - description: RuleGroup is a list of sequentially evaluated recording - and alerting rules. - properties: - interval: - type: string - name: - type: string - rules: - items: - description: Rule describes an alerting or recording rule. - properties: - alert: - type: string - annotations: - type: object - expr: - type: string - for: - type: string - labels: - type: object - record: - type: string - required: - - expr - type: array - required: - - name - - rules - type: array - version: v1 - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: servicemonitors.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: ServiceMonitor - plural: servicemonitors - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: ServiceMonitorSpec contains specification parameters for a - ServiceMonitor. - properties: - endpoints: - description: A list of endpoints allowed as part of this ServiceMonitor. - items: - description: Endpoint defines a scrapeable endpoint serving Prometheus - metrics. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - username: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bearerTokenFile: - description: File to read bearer token for scraping targets. - type: string - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - interval: - description: Interval at which metrics should be scraped - type: string - metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It defines - ``-section of Prometheus configuration. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - description: Action to perform based on regex matching. - Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label - values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. defailt is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular expression - for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: array - params: - description: Optional HTTP URL parameters - type: object - path: - description: HTTP path to scrape for metrics. - type: string - port: - description: Name of the service port this endpoint refers to. - Mutually exclusive with targetPort. - type: string - proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. - type: string - scheme: - description: HTTP scheme to use for scraping. - type: string - scrapeTimeout: - description: Timeout after which the scrape is ended - type: string - targetPort: - anyOf: - - type: string - - type: integer - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: array - jobLabel: - description: The label to use to retrieve the job name from. - type: string - namespaceSelector: - description: A selector for selecting namespaces either selecting all - namespaces or a list of namespaces. - properties: - any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. - type: boolean - matchNames: - description: List of namespace names. - items: - type: string - type: array - selector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - targetLabels: - description: TargetLabels transfers labels on the Kubernetes Service - onto the target. - items: - type: string - type: array - required: - - endpoints - - selector - version: v1 - - clusterServiceVersions: |- - - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: amqstreams.v1.0.0.beta - namespace: placeholder - annotations: - alm-examples: '[{"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"Kafka","metadata":{"name":"my-cluster"},"spec":{"kafka":{"replicas":3,"listeners":{"plain":{},"tls":{}},"config":{"offsets.topic.replication.factor":3,"transaction.state.log.replication.factor":3,"transaction.state.log.min.isr":2},"storage":{"type":"ephemeral"}},"zookeeper":{"replicas":3,"storage":{"type":"ephemeral"}},"entityOperator":{"topicOperator":{},"userOperator":{}}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaConnect","metadata":{"name":"my-connect-cluster"},"spec":{"replicas":1,"bootstrapServers":"my-cluster-kafka-bootstrap:9093","tls":{"trustedCertificates":[{"secretName":"my-cluster-cluster-ca-cert","certificate":"ca.crt"}]}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaConnectS2I","metadata":{"name":"my-connect-cluster"},"spec":{"replicas":1,"bootstrapServers":"my-cluster-kafka-bootstrap:9093","tls":{"trustedCertificates":[{"secretName":"my-cluster-cluster-ca-cert","certificate":"ca.crt"}]}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaTopic","metadata":{"name":"my-topic","labels":{"strimzi.io/cluster":"my-cluster"}},"spec":{"partitions":10,"replicas":3,"config":{"retention.ms":604800000,"segment.bytes":1073741824}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaUser","metadata":{"name":"my-user","labels":{"strimzi.io/cluster":"my-cluster"}},"spec":{"authentication":{"type":"tls"},"authorization":{"type":"simple","acls":[{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Read","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Describe","host":"*"},{"resource":{"type":"group","name":"my-group","patternType":"literal"},"operation":"Read","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Write","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Create","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Describe","host":"*"}]}}}]' - spec: - displayName: AMQ Streams - description: | - **Red Hat AMQ Streams** is a massively scalable, distributed, and high performance data streaming platform based on the Apache Kafka project. - AMQ Streams provides an event streaming backbone that allows microservices and other application components to exchange data with extremely high throughput and low latency. - - **The core capabilities include** - * A pub/sub messaging model, similar to a traditional enterprise messaging system, in which application components publish and consume events to/from an ordered stream - * The long term, fault-tolerant storage of events - * The ability for a consumer to replay streams of events - * The ability to partition topics for horizontal scalability - - # Before you start - - 1\. Create AMQ Streams Cluster Roles - ``` - $ oc apply -f http://amq.io/amqstreams/rbac.yaml - ``` - 2\. Create following bindings - ``` - $ oc adm policy add-cluster-role-to-user strimzi-cluster-operator -z strimzi-cluster-operator --namespace - $ oc adm policy add-cluster-role-to-user strimzi-kafka-broker -z strimzi-cluster-operator --namespace - ``` - keywords: ['amq', 'streams', 'messaging', 'kafka', 'streaming'] - version: 1.0.0-Beta - maturity: beta - maintainers: - - name: Red Hat, Inc. - email: customerservice@redhat.com - provider: - name: Red Hat, Inc. - links: - - name: Product Page - url: https://access.redhat.com/products/red-hat-amq-streams - - name: Documentation - url: https://access.redhat.com/documentation/en-us/red_hat_amq_streams/1.0-beta/html-single/using_amq_streams/ - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAlywAAJcsBGkdkZgAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7d13nBx3ff/x13d29/aK6kmyyjXJlnVqLpJV3ABL2GAnuIANJAZDjGkmIWCn0H4ktCTEgfwI5AeEOPyMSRwTmktiwJIlGVu2ZEkWtnxFXbrbu1M9lWtb55s/7k7tdu+2zMx3y+f5ePDgbnZn5i1Zn8/07yhEQWuvpWLAx+yETb22qFM2FwHVKKYA1RqqFVQD5UAQqByatRyoGPp5AAgP/dwHRIEBBd02dCtFNzbdQLe2OKxs2i0fbZVxDtaFGPDsDyscp0wHEGPbehWBiqNc6oNFGhYDC4E5KOrRTDMc7zDQBhwAmhQ0KYs3Og+wZxXEzUYTY5EGkGd2zyUYi7PEslmpFSvRXAbMA8pMZ8tQFEUrmh0KXlE2m+IT+d2iJqKmg4mzpAEYtnsG02IBVqO4RmlWoljC4K56MQoDr6LYrDQv6QTrF3Rw3HSoUiYNwGPrwT+jniuAW4F3AEsAy2wqY2xgu4K1NqytsHhxzoEz5yKEB6QBeGDPJVwUi3GH1tyhFDdw9uSbOF8fsEErfumL8WRjJ8dMByp20gBcsmMWdX4/tzC4pb8Z8BuOVGgSwCYFP1U2P2sM0WE6UDGSBuCgvRczMRrnvcAfAVcjf79OsTW8hOKRQICfXrqH06YDFQv5B5ojDdaueq614R7gfUCV6UxFLgw8Dfx4fhvPqME9BZElaQBZ2nMJF0XjfEzZfBhFvek8JeqA0jzsi/GDSw9x1HSYQiQNIENNs7nSsrmfwS2+nMzLDxEF/4XNN+aHeN10mEIiDSANGqzWBu5A8yngzabziFGtU5pvN7bztBq8zChGIQ1gFBqsnfXcacOXFSwwnUdkpFnD3y9o4z/kPEFq0gCSGC58DV8FGk3nETnZB/z9oTZ+KM8mjCQN4BwarNZ67tHwRQWXmM4jHKTYpTRfbWzjMTk0OEsawJCmet7qg29ouNJ0FuGqV5Xiz+cfZL3pIPmg5BvAztnMt22+ArzbdBbhqbVa88DCdt4wHcSkkm0Au2cwLV7GV4H7kNt0S1UMzQ9szV8tCtFtOowJJdcANKiWeu5Rim/kwWAaIj90A5+b38a/KtCmw3ippBpAUy1zLYvvATeaziLy0m99io/PO0iL6SBeKYkGsPUqApVHeVDBlynewTaEM2IK/tFXxl9fuoeI6TBuK/oG0FLPVRp+LDfyiAy9Yfl4f+N+XjMdxE1FOxKNBl9zPZ8BXpLiF1lYbCfY0lLPlzT4TIdxS1HuAbTMZjY2P0Lu2xfOeNm2+cCiEHtMB3Fa0e0BNDdwHzY7kOIXzrnGstjWXM8HTAdxWtHsAeyfTXkkwT9rxX2ms4jipeDHvXE+vqyTftNZnFAUDaCplrmWj5+judx0FlEStvvgrnlt7DMdJFcFfwjQUs87LItXpPiFh5YkYHtzA+80HSRXBdsANFgt9fwd8BQw2XQeUXImKM3PWur5si7gPemCDP7adKoCQf5Dwe2mswiB5hd9Ce4pxPMCBdcAmhuYqTRPActMZxHiDMXmuMXtl+3nsOkomSioBtBcx2Kl+G+gwXQWIZLYb8M7FrXRbDpIugrmHEBLHW9Xio1I8Yv8NccHG1sbWG06SLoKogE01/FeFE8DE0xnEWI0GiZpza9a67nLdJZ05H0DaK3n/Urx70DAdBYh0lSm4fHWOu41HWQsed0AWuu4X8OPkBF7ROHxacW/tdbzKdNBRpO3DaC5ns9oxXfJ44xCjEFp+FZzA180HSSVvLwK0FrHV7TK3780ITIV1vxoSTt/ZDrHhfKuATTX8YBS/KPpHEI4pc+GfhuC8JuVndxsOs+58mr3uqWBP5HiF8VkuPgBIvD2TbX83Gyi8+XNHkBLPR8EfkieNSUhsnVu8Z8rqHh0ZQcf9D7RSHlRbC0N3Ak8TJ7kESJXqYofIKL5wNZa/snbRMkZ3wNoqePtQzf5yHV+URT67cEGMJYKi88sD/GQ+4lSM9oAmupZ6IONGiaZzCGEU0bb8l9IgQ5a3LUixC/cTTVqBjOaZjPDstmE3NsvikQmxT9MQSJYxrIVB/idO6lGZ+SYu72WCkvzBFL8okhkU/wwOHx9PMaLv51h5jV1njcADVav4j/QrPR63UK4IdviHxbXVPl9vLbVwHkwzxtAaz1/gyr8sdSEgMHCz6X4h8U1MxO1PJf7kjLjaQNoqedW4DNerlMIt/SlebY/XRGbN71Sw1edW+LYPDsJOPRm3q3ARK/WKYRbct3tT8UCXWWxekmIDc4vfSRPGkB7LRW9FhuBJV6sTwg3uVX8w3wQrlbULujguHtrGeTJIUCvxXeR4hdFwO3iB0hA+UnY5O5aBrneAJobuA/y7zFIITLl1Am/dMQ0c7fU8i9ur8fVQ4Bd9VycgN8B491cjxBu82LLfyELtGWx6toQz7u4DndosBLw/5HiFwXORPED2KCweaoJytxah2sNYGcDn0de0S0KnKniHxaHCb01/NKt5btyCNDcwFKleRkXO5cQbjNd/OeqtHjfshCPOb1cxxvA7rkEY1G2K1jg9LKF8Eq6j/R6xacI63FcdP1OepxcruOHAPEon5fiF4XM6Tv8nJDQlAd6nT8UcHQPoKWGefh4DSh3crmidCl/AFVZ5dn6eqMx+nr7PFtfJhQQgLdf3cmzTi3TsRduaFCtPr6HFP9ZPh/THvgyE+68B6tKLoZkyo5G6T64D6thrmfrnAzEDnVw5Oufo2fDrz1bbzo0YCse1zBFDf6aM8f2AFob+JDW/JtTyysGk+/9U6Z/KS+Gfis4diTM0abXsermGFm/Dg+w55alJE64fjduxip8fH95O/c7sSxHzgHsnsE0rc2ObZaPxt2QV0PAFww7EuZos7niB1DlFZQvutLY+kcTSfDRjXVc4sSyHGkA8TK+BkxxYllFxS/jnGbKjkYGt/y15op/mMrT/342WH7bmfcL5NwAdjWwAPiQA1lEibOjEY6+8ZrRLX+hiGiu2DqD3891OTk3gLjNN5G394ocSfFnLmrxcK7LyKkBtDawWiluyTWEKG2Du/1S/JmKw4wtNTyQyzKybgAaLK35h1xWLsSZ4s+DY/5CFNX8jc5hDzzrGVvruQdYmu38QtjRCEebd2RU/InOdnr37kTrs5fBA8EgVSveBOr8q9p2z2l6XtuCtgdv67MZfL528tKVWJXjHPkzmJaAii2z+Bad/Ek282fVADT4WhWfd+ZWBFGK7GiEY807sGoyezVEZ9PrHKmeMWL6ZbubKZu36Lxpp7dvYm/VyItTeusmpr75xswC57GY4iNN8OAiiGY6b1aHAK31vB/NvGzmFWJ4t19lWPwAWiW/d03HRv7bt+3kN/TbdiLj9eazhKasdxbfzGbejPcANPha4XPZrEyMLXHqBD1NvyMeiVBWNY5xly3Fqqgce0at6dy4gZOhNnzBINMXLGbS/MXuB86Q6Tv8ilVc8dGt8OAyiGUyX8YNYGc9fwg0ZjqfGNuJjeto81WQKJ945omKwLYtzKkqZ9yS1C9S6m0/wLZ1axmYXguTpgOwf387U15+kaXvuxdfWdCL+GPyuviLazs/uoSmzK7jIdozuyqQ0SGABp+GL2QWTaSj59VN7C+fSOKCYo1VjmdPVBPZtzPpfIlImC3Pbxgs/nMpxfGZs3n1sUdcSpwZE7f32iV2jipmc3+mVwQyagCtDdwOzM8olUhLx6meEWexh9mBMg7tbEn62f5fPUlk6siTYsO6p9dzet8uRzJm60zxy6U+VyU0wc01/HUm82TUAJTm05lFEumwe3vonzj6oxSnxk9OOr37xIlR59NKceSN17LOlispfm9p+EQm30+7ATQ1sETDmzKPJMaUYst/Lq2S/6dKdVb8vO8YOustxe+9mKZ6aw3vTvf7aTcAS/Op7CKJsVhV4yjvH32ot/Gnu5NOn1A19mg51XO9P2rzuvjzbAQvo+Kk/4LRtBrA7hlMA96bdSIxppnWKGesbJvpNTVJP7rk5tvw95xMOeuEroNMWeztc+0mtvyldsJvNDFN49ZZ6Z2rS6sBxIJ8HBnqy1WTr72BmpOHRwzRZCXizOk/QdXly5LOVzZ+Aksa5+E/NXIPoepIB0tvfacLaVOT3X7zNJCwSGsoqjEvGWiwWm0+7N2LxEvX9NW3MOnAHk7t3UU0FiPos5i08HICNStGnW/K5Uu54ZJ57F/zDKdOdmNpmFpbR/377wXLk/e/AsPFn9m9/cIdMZvVGnxqjNshxmwALfWsVlDvXDQxmuDsuVw0O/NBMP1V47j0jve4kCg9djTC0ZY3sGpnG8sgzrLBv6WWPybEt0f73pibB6W517lYohglImGOtTZl/GBPVlLtiaa4SpL0qxl8t5AlNJ8c6zuj7gHsvZiJ0Th3OBdJFJtEJMzxnc2omXWerG/arFp8HaHzpvksReXlbx3x3eoFlxFPcg/EpCtK4yn2hOaSrVOZuewYXam+M2oDiMb5AyCNJ1FEKbKjEY61vOHNln9IxYLLqVlweVrfDcyooWZG8qsnpcAGlSjna8B9qb4z1r7QB52NJIpFIhLm2M5mT4tfZC6huXO0z1M2gN011AJXO55IFLxEJMzxXS2oGbVjf1kYFddM3NqQeuSulA0g4eNOXHp9uChcg8XfKsVfQOJx/iLVZykbgIZ3uRNHFKqzxV+6x9WFSMPbUn2WtAHsmMN04DrXEpUKXTz3pybCw7v9JVT88bjpBI6Iaao31yQfwi9pA/AnuAPwuZqqBERTDOJRaBLhMMd3l9Yxv45FCe98w3QM5yg+k2xy0gagNbe7m6Y0HP/u14kd3Gs6Rk5KsfjtgX4OffXPiR89ZDqKY2w7+WvERpzk2z+b8rDNceT6vyNUeQWVV12LNanadJSsxI8dIRI64Mm6Jj76LNbE5AOfZOPkzx7l+CPfyXi++KFOdDyjsTXzngIdn8yEVU30njt9xI1AAzbXKyl+x+jwAH0bnzMdI+/12TAh4dzAJaeeeIxDf/uXkGJo8FKjQY0/xb3AeR1xxCGABTd5lkoIBou/38E6PfXEY3R95UEp/gvENSOeFhvRALQ0AOEhx4v/yf+U4k/BhhEjw5zXAHbOYipwhWeJRElzvPifepyuLz8gxZ9CXDNuSz0XnzvtvAag/ay+cJoQbuh3o/i/9Gkp/jHYcT527u/nnQTUcvOP8IDTW/7Tv/4lh2TLnx7FqnN/tS74MPX7p4RwgOPF/5sn6Po/f4x28ApCMUvo81/rd6YB7J5LED3yJIEQTnGl+L/wCXSR3LLrhThM2Drr7GX+Mw0gHmMpkB9vkRRFx/Hif/ZJKf4sxdXZMQLONABty7P/wh2uFP/n75fiz5KCW4d/PtMAlMVyM3FEMXP6bH/Pmqek+HOkFVcN/3z2KoDmMiNpRNFyesvfs/ZpOj/3cSn+HCVsZg7/bAFsvYoAJH9eWIhsuFL8n/2YFL8DbKhogjIYagAVR5nH0AQhcuV88f83nZ+VLb9TNBCZxZthqAH4YJHRRKJoOF78z/3P0Ja/uB7PNc1WrIahBqClAQgHuFL8n/moFL8L4rAMzp4EXGgwyxmBmgamfOqLBOctRvnHfG1hehIJEr2nnVlWnosdPczAxGrwBzxbp338CJGnH+fkmqdzLn5tn72br3fdM1L8LtJD5/yGq8z461ytikrqf7KeQJ3xKAUp3Laf3mk1+Kuner7usutv4tTA++G3z+a0nJO/+HemfviBwTv8vvhJKX4X2ZpqGBoSrKWeo4D3/3LOUXn1DdT/ZL3JCAUr3LafUwNhLAPFP+zUMz+n6/P3G1u/yIwFies78VtD9wUbLX4A38RJpiMUpEhHG6cGBowWP4Bv3Hij6xeZscG3aS4TrPFl1JsOI7IT6WjjZG8vVvU001FEAfKFWWrZCeTtjgVIil/kSimWWijZAyg0UvzCCVqz0FKai0wHEemT4hdOsTUz/dqimuJ5hV1Ry6b47eNHSJzsPjvBsgjUzobAyDu/dW8P8cMd503zT69ByQm+oqSh2s/Q9UCR37Ip/sTRQ7y+/yC27/ybqmbsXUPNjSPfFNX66lb6qyacN62iaxsLr78hq8wiv2mYZIE0gHyX7W6/ffrkiOIHiFjJ7xQMV47c0g9UjC+qtxyL84y3gCmmU+TEtol1hYgd6cp41oGjhzmxu4Vob48LwZwRbtsnx/zCFTZU+QHn3sbosRMvP0+HVUY0MDiUYXD3bmpUgknXrhp9vl0t7Nj0Ev0XDb3rfvc+Jh3t5Iqb30HF9JmjzuulcNs+TvUPYE2R87TCBZpyiwJ9EejhF9ayPzj+TPEDRCrGsa98IsfWPZNyvpN7drKlZefZ4gewfJycXsdL69YS7j7mZuy0SfELt2mFz6IABwKJHNxLZ1XqUxft46cST3FIsOPF57GD5Uk/i02eRuszTzqSMRdS/MITGlWQDeDUvt2jXrnUPj89O5tGTI+e7KZ/et2oy+72mR0Z3WTxy6m+0qLBKsgGkEjjLTCxgf4R0yInutFKjb7s8oqsc+VKtvzCY4W5BxAsT74Lf953KqtGTKusqUNFI6POV9ZzIutcuZDiF15TDA4JVnANYOKiK/GNMlhE4PQJxi9ZMWK6ryzI1O5Doy57ZuXYzcVpUvzCBHtoD6Dg+CZPYQ4xVGLkKLG+yABzxldiVSW/fXXx7XdRfqQj6WeTQnuZ9667Hc06Fil+YZIfiALeb/ZyNGHF9SzY1cyRPTvpq5yATsQZ13+a6YuvIDgn9SsOgpOncN0dd7Hr6Z9xNAGJsnICfT3MmjyBuR+6f+i0iDek+IVJFuiCbQAA5fMWUj8v8/FMAxMmsuh997mQKH2RjjZjxS8v0hYweNXHYrABCA9FOto42dNjbMsvl/vEkDN7AMIjXha/f0YtE9teYqB83JlpWttMspK3gOoThzk97vw7wyf0nYAxLp2KwqTAlgbgIa+3/KpqHHNXvS3t78++aeQjwqJ4WQrbAvpMBykFpnf7hbiQ1iQsBd1jf1XkQopf5COlCFu2NABXSfGLfKUUfRaa46aDFCspfpHnTsshgEsiHW2cPC3FL/KXBSf9gJmnXy4QP3rYdATHhNv2caqvH2vqdNNRPBM/3Gk6gsjcCUtbHDGdAiD8+hYGtm8yHSNnpVj8id7TnHjsX03HEBlS0OVXNm3kwX0eOh6n/Q/fyqS7P0rZJfMzvvlk3E234Z82w8E8Mbr/9R8znEnT130Myr0fZS2mIW7gFr/4scP0PPc/xA4lf8BK5C+taVatc2jUCVpNh8lV2cWN1D++Dv/0WY4sz+7vY9eCcWN/MQ/02dBvm04hCk25xQ1WVYw2iuD28Oi+nbT9weqSOxaV4hfZ6pvINqsuxACK/BgKN0el1gSk+EW2FCRWNdE7+PC75qDhPI4plSYgxS9y4YN+GHwcGA37zMZxVrE3gX4pfpEjyxrc67cAFLSYjeO8Ym0Cffbg/4TIhYLdcLYBvGE2jjuKrQnIbr9wiqXZCkMNwFKMfItGkSiWJiDFLxylWANDDaDjILuB0QfML2CF3gSk+IXTVIiNMNQAVkEc2GU0kcsKtQlI8Qun+RX9yyAGQw1gyOuG8nim0JqAnO0XblBwpgCscya+YiaOtwqlCcjZfuEWv2LL8M9nG4BN4T+Kl6Z8bwKy2y9cpXhq+MczDaBnOtuBASOBDMjXJiDFL9zW284Twz+faQDLthEDthtJZEi+NQEpfuE2v+LkKggP/37+i/BU6RwGDMuXJiDFL7xgcf6j//5zf1Galwv+ueAsRPftpO3uGwfHE3BwUBGASe+9jwnvugerKvXYAjZgl+Jf/Fi05ljLDnwz67xbpW0T6zjIsR98k+jenZ6t1ys+WHfu7+cNu9NSwxR8HOHCPYMSUTZ3wZkmEGl5nf03X5HT8ia+6x5m/t9HHUpXYrQmtO5XBC9fbmT18eNH2X/HtSR6ThlZv1vGBZm9dP/Zp3/PK/QFHRwHXvU8VZ6I7mnh4G0rOfS5j9H+gZtzXt74W+50IFUJ0pqOdb82VvwA/inTqLjqGmPrd4MPes4tfki+pV/jUZ68FOts4+RjPyB+pCvnZanKKgcSlRit6Vj3K8ouX2Y6yaiHbYXIr0Zu3Ec0AKVKuwEIg84Uv7ktfzFT8JMLp41oAIlxbEReGCq8NrTbL8XvDgXamsGPLpw+ogEsaiIKbPAilBDAOcVvfre/WAUUh5ZtGxwG7FxJz/ZrxS/djyQEg8W/XorfbZbi6WTT/ckmqjhP4OP7qT4XwhFa07HhWcouS7/4dSRMOHTgvGm+iirKZiW5V0Brwvt3o/XZO6wsn59gwyUZv3im0CmLv082PWmBL+jgeEs9LwCrXE0lSpfWdDy/hrLFSzOaLfTCcxyZfMHNWid6WRyNEpx9yXmTu19az/7yiSOWcXHXb5l8zVsyjlyoAopjy9uSD/yb+oYfxS9cS1QiEnJ3X3Ja07H+N5QtWpLxrFGdZMutFPHe0yMmx6LRpMuIRcJJpxcrBb9O9VnKBmAl+CWDd6mKLPTZ2f/lRQ510tP8OtEM35gc6+vl8PYtHHvjNexono7wpjWd639D2WVXmU5SMvxBHkr5WaoPGkN0NNfzkoLr3YlVvLIdyadv707a9++jv3rozcIH2xn3ykvUX7GU8tqGlPPZsSjbHnuE7snT0WVBAFRzM3U+zcI7787mj+Cazg3PEpDi94xfcWLZPnak+nz0e/7VyOuGYnTZjuQzcGAvu492ny1+AMuid2YDu3bvIXY89VvcNz76Q45Prz9T/AB6wmTaqqrZ8ZMfZx7GJZ3rf0Mgw2N+kRu/4qejfT5qA9D9PA70OpqoiOXySG/7rlbscwr4XPGJk+nY9GLSzw5uWENfzeyUy+0oH09/hocSbpDi954FOhbji2N8J7VFR+lVyD0B6cil+O3wAH1TRn8M+XTlhKTTO/ftGX3hwXI6trycXTCHdG54VorfAL9i93WHSb3rSDqP/SoecSpQscp1MA87EkGPcV3aLq9MOj3O2Nezo2FzZ707NzxLIIuz/SJ3Ps23x/rOmA2g8SDrKbKXhzrJiZF8/BMn4YuNftY+cPpE0umVwbIxlz9hurODnKSrc8MaKX5DfIrYsk6+N9b3xmwACrTS/NCZWMXFyXH7p/SNPvDEtIrk5wcufdMqiCW/3g3gP36E2qvflFO2bHQ+v4bAois9X68Y5IO1Ko0r0WmN/KMS/AslNGJwOpwet3/W9asYd+Jo0s8mH+3gojffmPSzCfVzmOPTkIiP+Ez1nuaKK69E+XzOBU1D5/NrCCyU4jfJVvxpOt9LqwE0dnJMaR7LLVLxcGMAT6ssyLxVN1EX6WHcyWOU9/cw/lgXs+MDzHn7raPO2/h7t7N0dj3jD7fjP3GMwLHDVB/t4Pq3vIVpiy53NugYun67VorfsCA0XRtijLPDg9J+2MeGbyn4EKRx1qmIuTp6r2Ux7Zq3MC2LWS9adDkXeVzsF+p6YR3+BbmNoyhyZ/n4QtrfTfeLC9t5gxIfJ0CG7k6t68X1+OdfZi5AJk/3FfGTgAHFseXtPJnu9zN63Fdp/kmr0nxCUF7UmVrXxg34Gxd7sq7JleWEe06COrvtCsTClC9bOeK746bPpPLwUWzr7DkQlYgzvq7Wk6wm+BTfyeT7GTWAxnaeaq1nB2Cw1XtPtvypdb2wztMtf/V1q6lO87tVC69gwUJX4+QVnyK8PMTfZDJPRuP/K9Ba87eZxSpsUvypdb3obfGL0fkV31GQyGSejF8AsqCd/wLeyHS+QiTFn1rXi+vwN0rx5wtLEVkR4vMZz5fpDApspfh6pvMVGin+1KT480/A4rsKRt4MMoasXgHWeJDHgeJ7cdoQKf7Uul5cL8WfZ3yKyIp2/jKbebNqAAoSCr6Wzbz5Ts72p+bl2X6RvoDi+9ls/SGHl4A2tvEYsDXb+fOR07f3Ro8ccm5hhh3a/CL+eYtMx/BU/FCH6Qhj8kPv8hAPZjt/1g1AgY3Nn2c7f75xY7e/85H/hx7lQZ1C0fXy8/gubjQdw1N9r7xA//bNpmOMKQCfTeehn1RyviWqpZ4ngdtyXY5Jbh7zV81fzNRb30PZ1OljfzkPhY8eou/4MU/WNfUjD2I5+ELVeFeI07/ObDwbnUgQ2dtKz5qn0fGYY1ncELAIXRMiyQsR0pdzA2idQ6NOsAMI5LosE+SEX/64dF0zvuqpjiwr1hWi7SPvJBY6OPaXC1QF3LS8k7W5LCPrQ4Bh8/ezE80Pcl2OCVL8xakUir8MtuVa/OBAAwCwNX8Fo489lm+k+ItTKRS/BbYu4y6HlpW7RSG6NfyFE8vyghR/cSqF4gcos/jONQc44MSyHGkAAAvbeBRy3yVxmxR/cSqV4g8ojq0I8WmnludYAwDQNp8A8vbFa1L8xalUih+gXPFuJ5fnaANYGGI38HdOLtMpUvzFqcSK/1dLQs4OyuNoAwCwx/N18uxpQbm9tziVUvH7YMCa4cyJv3M53gAWNRG14Q/Ik0MBp2/vFfmhlIpfAWUW9yzbRr/Ty3a8AQAsaqNJw1+7sexMyG5/cSql4gcos3hieYifu7FsVxoAwII2voE2N4ioFH9xKrXi9ytOrgg5v+s/zLUGoMD229wDJH+nlYuk+ItTqRW/BdqCWzId5ivDdbjn0g5CGueuWaZDTvgVp1IrfoAA/PPVHWxycx2uNgAYvEFIwcNurwfkhF+xKsXiL1PsWNmZ3uu9cuF6AwAIWnwS2ObmOmS3vziVYvH7FX3xcVznxbo8aQBzDhDWPu4EXHmwXIq/OJVi8SvQQZtbrt9Jjxfr86QBACzcz0ENd+PwCQ0p/uIU7wrRdt/tJVX8ABWKv7qqixe8Wp9nDQBgYRtrILM3l4xGTvgVl/CuJgBine0cvO92Yp3thhN5q1zx3LIObwfb9fwtiRpUax3/juLuXJYjW/7iY1VUUrnsOgZe30rilOdXj40KKNqv7mCOm5f8kjHyXdGzvgAABdxJREFUmtT9sykP26wDrslmfil+UUx8it7xPuovb/P+nhlPDwGGzTlA2IpzG7An03ml+EUxsSBebrPCRPEPrd+Mxk6OWRa3ksGdglL8opgohQ7Y3HFVFy2mMhhrAACNB2hViruAMQfPlxN+otgEFZ9eeYj/MZnBaAMAmH+QdVrzXkZ5tZHc4SeKTdDioRUhvm06h5GTgMm01vN+DT/igqYku/2i2JQrfrCig4+ZzgF51AAAWhv4kNY8zFAuKX5RbMotHlsR4n2mcwzLqwYA0FrPpzR8S4pfFJug4pmVHfy+6RznyrsGALC9jkd6EnzQdA4hnFKmWHd1B281neNCedkAAF6p4cmwLuyXjgoBELT4zcoQN5vOkYzxqwCprOjg9qDFf5rOIUQuyhSP52vxQx43AICVIe4uh++aziFENsotHr66gz80nWM0ed0AAFZ08sdBi4dM5xAiExV+/mFFiI+YzjGWvD0HcKHNNTwQ03zTLqDMovQo0AHFg1d38C3TWdJRUMW0ZQa3RH08mdAETGcR4kI+RaxMccfyEM+YzpKugmoAAC/PZIG22BzXjDedRYhhfugJalaafLAnGwXXAAC2XszEWITXYpoG01mECChCExRXLArRbTpLpgqyAQBo8G2exfoovMl0FlG6yhXPLe/gbQoK8r7VvL8KkIqCxNWdvLnCxxcUaNN5RGmxQFcovrCigxsLtfihgPcAzrWphqttWBvXVJnOIoqfX9EftLnZy9F73VIUDQCGzgtEeTFms9h0FlG8Aha7A2UsX7aPU6azOKFoGsCwLbX8S1jzEa2L788mzLFAB+CfvXhdl5eKskhebeCacJxn4ppJprOIwudXnKrQ/N6STl4yncVpRdkAADRYr8ziZ1F4p5whFNlQQFDxq+Ud3KZGGbKukBXsVYCxKLBXdvKuCsV7fIqw6TyisPhgoMzHO1d08HvFWvxQxA1g2LIOfqoU1eWKp01nEYUhqHhej2f6ynaeMJ3FbUV7CJDM9lpuCGt+GtNMNZ1F5B8/HA8q3nNVB+tMZ/FKSTWAYVtq+XrE5i/sEtgDEmOzwA5aPLw8lB8j9XqpJBsAwMY6LvHb/DyiucJ0FmFO0GKbr4x3LdtHm+ksJpRsAxi2ZRY3xRU/jGlqTWcR3gnA4TLF3aW0u59MyTeAYZtm8Qlb8ZDcTlzc/Io+n+ZzKzv5juks+UAawDk0+LbM4tsxxYcTmjLTeYRzfIpIQPH95SEeLOSHd5wmDSAJDf6ttXwtqvlUQlNuOo/InqWIBBU/qgzxyUVpvIS21EgDGIUG35YavhSHB+OaStN5RPr8inBA8agK8SfLIGY6T76SBpAGDb7NNXxJwydimmrTeURqAcVxn+Lby0N8TXb1xyYNIENbZ/G2uOKhqFw+zBsKCFjs8yv+bFkJ3L3nJGkAWdpcwzwU34nZrLbBbzpPKbIUMT+sTVh88rp29prOU4ikAeRIg7W1lnsTmj+La+bLewvcF4CDfovvLgvxDdnNz438Y3XQ1qnMTJTztYTmzrhmouk8xcSvOOFX/DQW44vXHeaI6TzFQhqASzbXMM9S/Fnc5vYYTDedpxD54bQPnisr4ytLDvA703mKkTQAD2yq5VIFn7Vtfj8BF8lhQnIWaL/ikKX4b+3j71YeZL/pTMVO/iF6bDcET9TybjR3x2FlvMQvK/oU/X543VL8MlLF967fSY/pTKVEGoBhmxuYQ4yPoVid0DTGYYLpTG4KKE4paPXBc7qc76/YS7vpTKVMGkCeeamWCgvuVJrbtOKqhGamrakoxHEN/Yp+BZ0+2KosnprUzi8uhYjpXOIsaQAFoAnKIrN4cwxu1IqlGubZmmoNlTb4TGZTkPBBv1IctzS7lGKbD9bqDl6QW3DznzSAAvdiI+MrelmuLa5MaBagmQVUa5ikYbwNVWjKUYONQmt8eui/+/D/K4Ue+kUrRYLBDxNKMaCgX8Fp4JRSHFfQqTUtlmJ770S2rmqi19AfXTjgfwFVFcHePttw0QAAAABJRU5ErkJggg== - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: strimzi-cluster-operator - rules: - - apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - create - - delete - - patch - - update - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - rolebindings - verbs: - - get - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - kafka.strimzi.io - resources: - - kafkas - - kafkaconnects - - kafkaconnects2is - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - delete - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - deployments - - deployments/scale - - replicasets - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - apps - resources: - - deployments - - deployments/scale - - deployments/status - - statefulsets - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - events - verbs: - - create - - apiGroups: - - extensions - resources: - - replicationcontrollers - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - apps.openshift.io - resources: - - deploymentconfigs - - deploymentconfigs/scale - - deploymentconfigs/status - - deploymentconfigs/finalizers - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - build.openshift.io - resources: - - buildconfigs - - builds - verbs: - - create - - delete - - get - - list - - patch - - watch - - update - - apiGroups: - - image.openshift.io - resources: - - imagestreams - - imagestreams/status - verbs: - - create - - delete - - get - - list - - watch - - patch - - update - - apiGroups: - - "" - resources: - - replicationcontrollers - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - kafka.strimzi.io - resources: - - kafkatopics - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - apiGroups: - - kafka.strimzi.io - resources: - - kafkausers - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - deployments: - - name: strimzi-cluster-operator - spec: - replicas: 1 - selector: - matchLabels: - name: strimzi-cluster-operator-alm-owned - template: - metadata: - name: strimzi-cluster-operator-alm-owned - labels: - name: strimzi-cluster-operator-alm-owned - spec: - serviceAccountName: strimzi-cluster-operator - containers: - - name: cluster-operator - image: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-clusteroperator-openshift:1.0.0-beta - env: - - name: STRIMZI_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: STRIMZI_FULL_RECONCILIATION_INTERVAL_MS - value: "120000" - - name: STRIMZI_OPERATION_TIMEOUT_MS - value: "300000" - - name: STRIMZI_DEFAULT_ZOOKEEPER_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-zookeeper-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafka-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_CONNECT_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkaconnect-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_CONNECT_S2I_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkaconnects2i-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TOPIC_OPERATOR_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-topicoperator-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_USER_OPERATOR_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-useroperator-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_INIT_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkainit-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TLS_SIDECAR_ZOOKEEPER_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-zookeeperstunnel-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TLS_SIDECAR_KAFKA_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkastunnel-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TLS_SIDECAR_ENTITY_OPERATOR_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-entityoperatorstunnel-openshift:1.0.0-beta - - name: STRIMZI_LOG_LEVEL - value: INFO - customresourcedefinitions: - owned: - - name: kafkas.kafka.strimzi.io - version: v1alpha1 - kind: Kafka - displayName: Kafka - description: Represents a Kafka cluster - specDescriptors: - - description: The desired number of Kafka brokers. - displayName: Kafka Brokers - path: kafka.replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: The type of storage used by Kafka brokers - displayName: Kafka storage - path: kafka.storage.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Kafka Resource Requirements - path: kafka.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - description: The desired number of Zookeeper nodes. - displayName: Zookeeper Nodes - path: zookeeper.replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: The type of storage used by Zookeeper nodes - displayName: Zookeeper storage - path: zookeeper.storage.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Zookeeper Resource Requirements - path: zookeeper.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: kafkaconnects.kafka.strimzi.io - version: v1alpha1 - kind: KafkaConnect - displayName: Kafka Connect - description: Represents a Kafka Connect cluster - specDescriptors: - - description: The desired number of Kafka Connect nodes. - displayName: Connect nodes - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: The address of the bootstrap server - displayName: Bootstrap server - path: bootstrapServers - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: kafkaconnects2is.kafka.strimzi.io - version: v1alpha1 - kind: KafkaConnectS2I - displayName: Kafka Connect S2I - description: Represents a Kafka Connect cluster with Source 2 Image support - specDescriptors: - - description: The desired number of Kafka Connect nodes. - displayName: Connect nodes - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: The address of the bootstrap server - displayName: Bootstrap server - path: bootstrapServers - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: kafkatopics.kafka.strimzi.io - version: v1alpha1 - kind: KafkaTopic - displayName: Kafka Topic - description: Represents a topic inside a Kafka cluster - specDescriptors: - - description: The number of partitions - displayName: Partitions - path: partitions - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: The number of replicas - displayName: Replication factor - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - name: kafkausers.kafka.strimzi.io - version: v1alpha1 - kind: KafkaUser - displayName: Kafka User - description: Represents a user inside a Kafka cluster - specDescriptors: - - description: Authentication type - displayName: Authentication type - path: authentication.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Authorization type - displayName: Authorization type - path: authorization.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: etcdoperator.v0.6.1 - namespace: placeholder - annotations: - tectonic-visibility: ocs - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - **High availability** - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - **Automated updates** - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - **Backups included** - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.6.1 - maturity: alpha - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-status-descriptors: etcdoperator.v0.6.1 - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - verbs: - - "*" - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:bd944a211eaf8f31da5e6d69e8541e7cada8f16a9f7a5a570b22478997819943 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: service - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: etcdoperator.v0.9.0 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdCluster","metadata":{"name":"example","namespace":"default"},"spec":{"size":3,"version":"3.2.13"}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdRestore","metadata":{"name":"example-etcd-cluster"},"spec":{"etcdCluster":{"name":"example-etcd-cluster"},"backupStorageType":"S3","s3":{"path":"","awsSecret":""}}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdBackup","metadata":{"name":"example-etcd-cluster-backup"},"spec":{"etcdEndpoints":[""],"storageType":"S3","s3":{"path":"","awsSecret":""}}}]' - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - - - **Automated updates** - - - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - - - **Backups included** - - - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.9.0 - maturity: alpha - replaces: etcdoperator.v0.6.1 - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - - etcdbackups - - etcdrestores - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-backup-operator - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - command: - - etcd-backup-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-restore-operator - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - command: - - etcd-restore-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: pod.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdbackups.etcd.database.coreos.com - version: v1beta2 - kind: EtcdBackup - displayName: etcd Backup - description: Represents the intent to backup an etcd cluster. - specDescriptors: - - description: Specifies the endpoints of an etcd cluster. - displayName: etcd Endpoint(s) - path: etcdEndpoints - x-descriptors: - - 'urn:alm:descriptor:etcd:endpoint' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the backup was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any backup related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdrestores.etcd.database.coreos.com - version: v1beta2 - kind: EtcdRestore - displayName: etcd Restore - description: Represents the intent to restore an etcd cluster from a backup. - specDescriptors: - - description: References the EtcdCluster which should be restored, - displayName: etcd Cluster - path: etcdCluster.name - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:EtcdCluster' - - 'urn:alm:descriptor:text' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the restore was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any restore related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: etcdoperator.v0.9.2 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdCluster","metadata":{"name":"example","namespace":"default"},"spec":{"size":3,"version":"3.2.13"}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdRestore","metadata":{"name":"example-etcd-cluster"},"spec":{"etcdCluster":{"name":"example-etcd-cluster"},"backupStorageType":"S3","s3":{"path":"","awsSecret":""}}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdBackup","metadata":{"name":"example-etcd-cluster-backup"},"spec":{"etcdEndpoints":[""],"storageType":"S3","s3":{"path":"","awsSecret":""}}}]' - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - - - **Automated updates** - - - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - - - **Backups included** - - - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.9.2 - maturity: alpha - replaces: etcdoperator.v0.9.0 - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - - etcdbackups - - etcdrestores - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-backup-operator - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - command: - - etcd-backup-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-restore-operator - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - command: - - etcd-restore-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: pod.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdbackups.etcd.database.coreos.com - version: v1beta2 - kind: EtcdBackup - displayName: etcd Backup - description: Represents the intent to backup an etcd cluster. - specDescriptors: - - description: Specifies the endpoints of an etcd cluster. - displayName: etcd Endpoint(s) - path: etcdEndpoints - x-descriptors: - - 'urn:alm:descriptor:etcd:endpoint' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the backup was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any backup related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdrestores.etcd.database.coreos.com - version: v1beta2 - kind: EtcdRestore - displayName: etcd Restore - description: Represents the intent to restore an etcd cluster from a backup. - specDescriptors: - - description: References the EtcdCluster which should be restored, - displayName: etcd Cluster - path: etcdCluster.name - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:EtcdCluster' - - 'urn:alm:descriptor:text' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the restore was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any restore related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: federationv2.v0.0.2 - spec: - displayName: FederationV2 - description: | - Kubernetes Federation V2 namespace-scoped installation - version: 0.0.2 - maturity: alpha - labels: - alm-owner-federationv2: federationv2 - alm-status-descriptors: federationv2.v0.0.2 - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: federation-controller-manager - rules: - - apiGroups: - - clusterregistry.k8s.io - resources: - - clusters - verbs: - - "*" - - apiGroups: - - core.federation.k8s.io - resources: - - "*" - verbs: - - "*" - - apiGroups: - - multiclusterdns.federation.k8s.io - resources: - - "*" - verbs: - - "*" - - apiGroups: - - scheduling.federation.k8s.io - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - "*" - # TODO(font): use statefulset - deployments: - - name: federation-controller-manager - spec: - replicas: 1 - selector: - matchLabels: - app: federation-controller-manager - template: - metadata: - labels: - app: federation-controller-manager - spec: - containers: - - name: controller-manager - image: quay.io/kubernetes-multicluster/federation-v2:v0.0.2-rc.1 - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 64Mi - command: - - /root/controller-manager - args: - - --federation-namespace=$(FEDERATION_NAMESPACE) - - --install-crds=false - - --limited-scope=true - - --registry-namespace=$(CLUSTER_REGISTRY_NAMESPACE) - imagePullPolicy: Always - env: - - name: FEDERATION_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CLUSTER_REGISTRY_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - restartPolicy: Always - terminationGracePeriodSeconds: 5 - serviceAccountName: federation-controller-manager - serviceAccount: federation-controller-manager - customresourcedefinitions: - owned: - # TODO(font): Move Cluster CRD to required once OLM supports CSVs - # without a deployment. - - description: Represents an instance of a Cluster Registry - displayName: Cluster Registry Application - kind: Cluster - name: clusters.clusterregistry.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedCluster resource - displayName: FederatedCluster Resource - kind: FederatedCluster - name: federatedclusters.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedConfigMap resource - displayName: FederatedConfigMap Resource - kind: FederatedConfigMap - name: federatedconfigmaps.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedConfigMapOverride resource - displayName: FederatedConfigMapOverride Resource - kind: FederatedConfigMapOverride - name: federatedconfigmapoverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedConfigMapPlacement resource - displayName: FederatedConfigMapPlacement Resource - kind: FederatedConfigMapPlacement - name: federatedconfigmapplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedDeployment resource - displayName: FederatedDeployment Resource - kind: FederatedDeployment - name: federateddeployments.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedDeploymentOverride resource - displayName: FederatedDeploymentOverride Resource - kind: FederatedDeploymentOverride - name: federateddeploymentoverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedDeploymentPlacement resource - displayName: FederatedDeploymentPlacement Resource - kind: FederatedDeploymentPlacement - name: federateddeploymentplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedIngress resource - displayName: FederatedIngress Resource - kind: FederatedIngress - name: federatedingresses.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedIngressPlacement resource - displayName: FederatedIngressPlacement Resource - kind: FederatedIngressPlacement - name: federatedingressplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedJob resource - displayName: FederatedJob Resource - kind: FederatedJob - name: federatedjobs.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedJobOverride resource - displayName: FederatedJobOverride Resource - kind: FederatedJobOverride - name: federatedjoboverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedJobPlacement resource - displayName: FederatedJobPlacement Resource - kind: FederatedJobPlacement - name: federatedjobplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedNamespacePlacement resource - displayName: FederatedNamespacePlacement Resource - kind: FederatedNamespacePlacement - name: federatednamespaceplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedReplicaSet resource - displayName: FederatedReplicaSet Resource - kind: FederatedReplicaSet - name: federatedreplicasets.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedReplicaSetOverride resource - displayName: FederatedReplicaSetOverride Resource - kind: FederatedReplicaSetOverride - name: federatedreplicasetoverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedReplicaSetPlacement resource - displayName: FederatedReplicaSetPlacement Resource - kind: FederatedReplicaSetPlacement - name: federatedreplicasetplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedSecret resource - displayName: FederatedSecret Resource - kind: FederatedSecret - name: federatedsecrets.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedSecretOverride resource - displayName: FederatedSecretOverride Resource - kind: FederatedSecretOverride - name: federatedsecretoverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedSecretPlacement resource - displayName: FederatedSecretPlacement Resource - kind: FederatedSecretPlacement - name: federatedsecretplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedService resource - displayName: FederatedService Resource - kind: FederatedService - name: federatedservices.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedServiceAccount resource - displayName: FederatedServiceAccount Resource - kind: FederatedServiceAccount - name: federatedserviceaccounts.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedServiceAccountPlacement resource - displayName: FederatedServiceAccountPlacement Resource - kind: FederatedServiceAccountPlacement - name: federatedserviceaccountplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedServicePlacement resource - displayName: FederatedServicePlacement Resource - kind: FederatedServicePlacement - name: federatedserviceplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederationV2 sync controller - displayName: FederationV2 Push Reconciler Application - kind: FederatedTypeConfig - name: federatedtypeconfigs.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a PropagatedVersion resource - displayName: PropagatedVersion Resource - kind: PropagatedVersion - name: propagatedversions.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a DNSEndpoint resource - displayName: DNSEndpoint Resource - kind: DNSEndpoint - name: dnsendpoints.multiclusterdns.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a MultiClusterIngressDNSRecord resource - displayName: MultiClusterIngressDNSRecord Resource - kind: MultiClusterIngressDNSRecord - name: multiclusteringressdnsrecords.multiclusterdns.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a MultiClusterServiceDNSRecord resource - displayName: MultiClusterServiceDNSRecord Resource - kind: MultiClusterServiceDNSRecord - name: multiclusterservicednsrecords.multiclusterdns.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a ReplicaSchedulingPreference resource - displayName: ReplicaSchedulingPreference Resource - kind: ReplicaSchedulingPreference - name: replicaschedulingpreferences.scheduling.federation.k8s.io - version: v1alpha1 - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: prometheusoperator.0.14.0 - namespace: placeholder - spec: - displayName: Prometheus - description: | - An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. - - _The Prometheus Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Monitoring applications - - Prometheus scrapes your application metrics based on targets maintained in a ServiceMonitor object. When alerts need to be sent, they are processsed by an AlertManager. - - [Read the complete guide to monitoring applications with the Prometheus Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/prometheus-ocs.html) - - ## Supported Features - - **High availability** - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - **Updates via automated operations** - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - **Handles the dynamic nature of containers** - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator Source Code - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.14.0 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-14-0 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: ["get", "list"] - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - servicemonitors - verbs: - - "*" - - apiGroups: - - apps - resources: - - statefulsets - verbs: ["*"] - - apiGroups: [""] - resources: - - configmaps - - secrets - verbs: ["*"] - - apiGroups: [""] - resources: - - pods - verbs: ["list", "delete"] - - apiGroups: [""] - resources: - - services - - endpoints - verbs: ["get", "create", "update"] - - apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] - - apiGroups: [""] - resources: - - namespaces - verbs: ['list'] - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-14-0 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:5037b4e90dbb03ebdefaa547ddf6a1f748c8eeebeedf6b9d9f0913ad662b5731 - command: - - sh - - -c - - > - /bin/operator --namespace=$K8S_NAMESPACE --crd-apigroup monitoring.coreos.com - --labels alm-status-descriptors=prometheusoperator.0.14.0,alm-owner-prometheus=prometheusoperator - --kubelet-service=kube-system/kubelet - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - maturity: alpha - version: 0.14.0 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:monitoring.coreos.com:v1:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Define resources requests and limits for single Pods - displayName: Resource Request - path: resources.requests - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The current number of Pods for the cluster - displayName: Cluster Size - path: replicas - - path: prometheusSelector - displayName: Prometheus Service Selector - description: Label selector to find the service that routes to this prometheus - x-descriptors: - - 'urn:alm:descriptor:label:selector' - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Selector to select which namespaces the Endpoints objects are discovered from - displayName: Monitoring Namespaces - path: namespaceSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:namespaceSelector' - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alert Manager - description: Configures an Alert Manager for the namespace - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: prometheusoperator.0.15.0 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v1.7.0","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' - spec: - replaces: prometheusoperator.0.14.0 - displayName: Prometheus - description: | - An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. - - _The Prometheus Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Monitoring applications - - Prometheus scrapes your application metrics based on targets maintained in a ServiceMonitor object. When alerts need to be sent, they are processsed by an AlertManager. - - [Read the complete guide to monitoring applications with the Prometheus Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/prometheus-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - - - **Updates via automated operations** - - - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - - - **Handles the dynamic nature of containers** - - - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator Source Code - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.15.0 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-14-0 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: ["get", "list"] - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - servicemonitors - verbs: - - "*" - - apiGroups: - - apps - resources: - - statefulsets - verbs: ["*"] - - apiGroups: [""] - resources: - - configmaps - - secrets - verbs: ["*"] - - apiGroups: [""] - resources: - - pods - verbs: ["list", "delete"] - - apiGroups: [""] - resources: - - services - - endpoints - verbs: ["get", "create", "update"] - - apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] - - apiGroups: [""] - resources: - - namespaces - verbs: ['list'] - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-14-0 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:0e92dd9b5789c4b13d53e1319d0a6375bcca4caaf0d698af61198061222a576d - command: - - sh - - -c - - > - /bin/operator --namespace=$K8S_NAMESPACE --crd-apigroup monitoring.coreos.com - --labels alm-status-descriptors=prometheusoperator.0.15.0,alm-owner-prometheus=prometheusoperator - --kubelet-service=kube-system/kubelet - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - maturity: alpha - version: 0.15.0 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:monitoring.coreos.com:v1:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The current number of Pods for the cluster - displayName: Cluster Size - path: replicas - - path: prometheusSelector - displayName: Prometheus Service Selector - description: Label selector to find the service that routes to this prometheus - x-descriptors: - - 'urn:alm:descriptor:label:selector' - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Selector to select which namespaces the Endpoints objects are discovered from - displayName: Monitoring Namespaces - path: namespaceSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:namespaceSelector' - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alert Manager - description: Configures an Alert Manager for the namespace - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: prometheusoperator.0.22.2 - namespace: placeholder - annotations: - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","securityContext": {}, "serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus"}},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3, "securityContext": {}}}]' - spec: - replaces: prometheusoperator.0.15.0 - displayName: Prometheus Operator - description: | - The Prometheus Operator for Kubernetes provides easy monitoring definitions for Kubernetes services and deployment and management of Prometheus instances. - - Once installed, the Prometheus Operator provides the following features: - - * **Create/Destroy**: Easily launch a Prometheus instance for your Kubernetes namespace, a specific application or team easily using the Operator. - - * **Simple Configuration**: Configure the fundamentals of Prometheus like versions, persistence, retention policies, and replicas from a native Kubernetes resource. - - * **Target Services via Labels**: Automatically generate monitoring target configurations based on familiar Kubernetes label queries; no need to learn a Prometheus specific configuration language. - - ### Other Supported Features - - **High availability** - - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - - **Updates via automated operations** - - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - - **Handles the dynamic nature of containers** - - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - - provider: - name: Red Hat - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.22.2 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-22-2 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - '*' - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - prometheuses/finalizers - - alertmanagers/finalizers - - servicemonitors - - prometheusrules - verbs: - - '*' - - apiGroups: - - apps - resources: - - statefulsets - verbs: - - '*' - - apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - '*' - - apiGroups: - - "" - resources: - - pods - verbs: - - list - - delete - - apiGroups: - - "" - resources: - - services - - endpoints - verbs: - - get - - create - - update - - apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - list - - watch - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-22-2 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:3daa69a8c6c2f1d35dcf1fe48a7cd8b230e55f5229a1ded438f687debade5bcf - args: - - -namespace=$(K8S_NAMESPACE) - - -manage-crds=false - - -logtostderr=true - - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - - --prometheus-config-reloader=quay.io/coreos/prometheus-config-reloader:v0.22.2 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - nodeSelector: - beta.kubernetes.io/os: linux - maturity: beta - version: 0.22.2 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:monitoring.coreos.com:v1:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: prometheusrules.monitoring.coreos.com - version: v1 - kind: PrometheusRule - displayName: Prometheus Rule - description: A Prometheus Rule configures groups of sequentially evaluated recording and alerting rules. - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alertmanager - description: Configures an Alertmanager for the namespace - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - packages: |- - - #! package-manifest: ./deploy/chart/catalog_resources/rh-operators/amq-streams.v1.0.0-clusterserviceversion - packageName: amq-streams - channels: - - name: preview - currentCSV: amqstreams.v1.0.0.beta - - - #! package-manifest: ./deploy/chart/catalog_resources/rh-operators/etcdoperator.v0.9.2.clusterserviceversion.yaml - packageName: etcd - channels: - - name: alpha - currentCSV: etcdoperator.v0.9.2 - - - packageName: federationv2 - channels: - - name: alpha - currentCSV: federationv2.v0.0.2 - - - #! package-manifest: ./deploy/chart/catalog_resources/rh-operators/prometheusoperator.0.22.2.clusterserviceversion.yaml - packageName: prometheus - channels: - - name: preview - currentCSV: prometheusoperator.0.22.2 - - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_09-rh-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_09-rh-operators.catalogsource.yaml deleted file mode 100644 index cf3f008840..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_09-rh-operators.catalogsource.yaml +++ /dev/null @@ -1,16 +0,0 @@ -##--- -# Source: olm/templates/0000_30_09-rh-operators.catalogsource.yaml - -#! validate-crd: ./deploy/chart/templates/05-catalogsource.crd.yaml -#! parse-kind: CatalogSource -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: rh-operators - namespace: olm -spec: - sourceType: internal - configMap: rh-operators - displayName: Red Hat Operators - publisher: Red Hat - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_10-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_10-olm-operator.deployment.yaml deleted file mode 100644 index 56144dee5e..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_10-olm-operator.deployment.yaml +++ /dev/null @@ -1,47 +0,0 @@ -##--- -# Source: olm/templates/0000_30_10-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: olm - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - image: quay.io/coreos/olm@sha256:058731fac9ecad9a35276612ec79bed76f506aaecd80c8c1fe9d68a262edcddb - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - env: - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator - imagePullSecrets: - - name: coreos-pull-secret diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_11-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_11-catalog-operator.deployment.yaml deleted file mode 100644 index 6ff3e2c569..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_11-catalog-operator.deployment.yaml +++ /dev/null @@ -1,43 +0,0 @@ -##--- -# Source: olm/templates/0000_30_11-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: olm - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - - '-namespace' - - olm - - '-debug' - image: quay.io/coreos/catalog@sha256:57eb45f2a519c65041d3fad0d7a5199f2ce5ba6a72992606ec4839d3307c5b5f - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - imagePullSecrets: - - name: coreos-pull-secret diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_12-aggregated.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_12-aggregated.clusterrole.yaml deleted file mode 100644 index e91d70cb0a..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_12-aggregated.clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -##--- -# Source: olm/templates/0000_30_12-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "packagemanifests"] - verbs: ["create", "update", "patch", "delete"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "view" default roles - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "packagemanifests"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_13-packageserver.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_13-packageserver.yaml deleted file mode 100644 index 3b0d8292dd..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.1/0000_30_13-packageserver.yaml +++ /dev/null @@ -1,149 +0,0 @@ -##--- -# Source: olm/templates/0000_30_13-packageserver.yaml -apiVersion: apiregistration.k8s.io/v1beta1 -kind: APIService -metadata: - name: v1alpha1.packages.apps.redhat.com -spec: - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM5VENDQWQyZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFjTVJvd0dBWURWUVFERXhGd1lXTnIKWVdkbExYTmxjblpsY2kxallUQWVGdzB4T0RFd01EZ3hPREk0TXpSYUZ3MHlPREV3TURVeE9ESTRNelJhTUJ3eApHakFZQmdOVkJBTVRFWEJoWTJ0aFoyVXRjMlZ5ZG1WeUxXTmhNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUF3NFhxbnFjejcwZWVlaExpYjlhbzJvTkpBUzRqQ2ZCVE00QjN4b0RiR2gyNjF3djcKUnlqSHJVYVluMGVNMFk1WlhzVnBwanU2djZtMVB3bUVXT2tiNEFYaFNzMlBrZEtrNmhwa1NkS2hEQlRxMSsyWQpvOTg0UFErUFNBaGRKV2ptTjcrMklNMU44am9ETXNmb1kyaVU3a1oxbW9kZ2ZmdE5iaXdlTC9NZytScTJpNzAxCm9aZ0NVNmF4Yk1ZUnJQZkFYNVhmdXhaSi95RkhnN3lCcjd3WnZoUDhNcjM1N2lMNnFxanhpRHV1YlBNOG51TVkKbDBtbVQ5dDZRREVRQjd4MTY5ZmRaTlBEMWpRbUUvS2R5dElJcXRxRElrZ3JCemJSUFlZM0swN3dXVUl2RlFjaApteXd1VUlWK2s0ZXNQamNKYjkxS1pNVFk5N0NRNTJ2MmdTYkdIUUlEQVFBQm8wSXdRREFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBQ3p5OVlGT2RWSUlScE5rcEJvZEhhUmd0OE4zR2MyUQo1MlY3a0xSZm12TkNEbUJhT04rdGRUMVhiWXNyd3lZQmh1OHZ1SFJXY3JrQkF2YzhXQ1VpUXdpK01yM2Zra2piCkRza2pPNCtrTnRMRDBqZFdFUjZSamNaR21sN2NWVkZCOGlsbURPSFZ3cHBxNTZGUkRRWkw5VC9zMWJ6Wlh2WU0KWWdMRkErKzBIak9xTHJ5L1Yxc3B4S2NsQWUvUDUrUC9rbDNSekQ2QmR4U0UzUkdmTEMwZnpPVU53a3czQVJwdgpWVDd4SXYwcElXcmdLWlQzMXcvLzRzbVY2Q29tdUZGZ2RKa29jMnJFMUh6SFE1VTlhV3FsVTUxOFV5dkM4emVrCkFBRnhGVHk2Vks2RnZkeW90U3N4dHczUXdObHIwK3V2TGRzOFFLR1JZY2FHTTdyMEk1RCs3Q009Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - group: packages.apps.redhat.com - groupPriorityMinimum: 2000 - versionPriority: 15 - service: - name: package-server - namespace: olm - version: v1alpha1 ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: packagemanifest:system:auth-delegator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: packagemanifest-auth-reader - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: packagemanifest-view -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: package-apiserver-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: aggregated-apiserver-clusterrole -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: v1 -kind: Secret -type: kubernetes.io/tls -metadata: - name: package-server-certs - namespace: olm - labels: - app: package-server -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKakNDQWc2Z0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFjTVJvd0dBWURWUVFERXhGd1lXTnIKWVdkbExYTmxjblpsY2kxallUQWVGdzB4T0RFd01EZ3hPREk0TXpSYUZ3MHhPVEV3TURneE9ESTRNelJhTUJreApGekFWQmdOVkJBTVREbkJoWTJ0aFoyVXRjMlZ5ZG1WeU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQThha3JlbFFvM2pTRkphMkc1ckZHVkhYQU9vRHlSZmdha1dSRk1tQk1SN2lFa21sN0I4Q0oKeEFmVGtab29hc2IxUjdpYU1tUnRYSEpWMzhzT0FkbGo3TWhqWFRoMjk1K05uY21nSGhsN1ZMMk54V0YrWTMwawp6cHBSZyt6ejdWa1ZlY2lLa2llZ08rSXJsaTV2U0hOWnQzakl5OTNxRnFBbGtINFNBVW01TmFScm0xMHhwbWNmCmxVa2JmYVcxQ2NETHNLZWp3akJtZkdmeDN0R2hFcW5XMnFLOUNXMGFEbWRBNVZZa1ZldjhoNzE4QXlvS0hlNHYKb0RVRUR4US90cGU4U3NjNkErV0N0Uk1laEZKRGJjS2RyTWVoWTNnRWZudUFnaklsY0lTbUZ2SFZmT2tWMzJCeApML2IzZy85Q3Y0Sk5Zb3Y0WHo4NHU2bGFTUHU2S1VxNXV3SURBUUFCbzNZd2REQU9CZ05WSFE4QkFmOEVCQU1DCkJhQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUF3R0ExVWRFd0VCL3dRQ01BQXcKTlFZRFZSMFJCQzR3TElJU2NHRmphMkZuWlMxelpYSjJaWEl1YjJ4dGdoWndZV05yWVdkbExYTmxjblpsY2k1dgpiRzB1YzNaak1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQmNrSDlHN2xHL0NnRmZhYmJuL2RFZDlYNDlZdnBNCjNSMzlCaDRIWkk2RWQ2QVAvVVZVYks4ZEg0OGlEb2JYem42NjJ2VkptcDFPMmFQV0VnUnc0ODQxQ3IzcTBpOVQKZ2Y4TmhrRnFKVTVVd1JVZUJnQWFXWTFZeWI4VkVmdnZkOXRBYXU3ZC9hdkFlMG82VWdxZmp1TFRQaHYvNXJ5Rgo2MlBCeldXYTJSYmRqNDNDbFk5VkJhNmJWYVBlMU1pWThlQ0xyS2F4SVdMR2c3N2tjdi9GNUhWeCtZdExDZFhNCkNjdmpRVVRKTGxqT2I4Y1pmZ2RCYXl3aUY5MHZoNHNFVUI1RWQxbXNpb0s4UWdKSkFKV2VlOGF2RWZRYkVnWUQKckZCeWsyRFZ6WXhjRHRJMW02R0xiblNnZEtmU1JWbXJmQ08wRkFIQVBHWGZUc3NUVm1xWTAreVEKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBOGFrcmVsUW8zalNGSmEyRzVyRkdWSFhBT29EeVJmZ2FrV1JGTW1CTVI3aUVrbWw3CkI4Q0p4QWZUa1pvb2FzYjFSN2lhTW1SdFhISlYzOHNPQWRsajdNaGpYVGgyOTUrTm5jbWdIaGw3VkwyTnhXRisKWTMwa3pwcFJnK3p6N1ZrVmVjaUtraWVnTytJcmxpNXZTSE5adDNqSXk5M3FGcUFsa0g0U0FVbTVOYVJybTEweApwbWNmbFVrYmZhVzFDY0RMc0tlandqQm1mR2Z4M3RHaEVxblcycUs5Q1cwYURtZEE1VllrVmV2OGg3MThBeW9LCkhlNHZvRFVFRHhRL3RwZThTc2M2QStXQ3RSTWVoRkpEYmNLZHJNZWhZM2dFZm51QWdqSWxjSVNtRnZIVmZPa1YKMzJCeEwvYjNnLzlDdjRKTllvdjRYejg0dTZsYVNQdTZLVXE1dXdJREFRQUJBb0lCQUEzOGZZQ3grRCtNQ0p5NgpvMUVjdDNaUjdsTTBmVkVoWCtCRVRtRHhBOWt1eTdWeGwyWkdkWEs4QlRtckUyWENxQldEa0tFVUFPUlYxYlNECkd3ZHVYb01vd2Q5MlVpUll2cWlBTDkwdUdsNDRMa2xiTUNadjZyNXVYZ05scG1SNVFHM3c5bHdwSVBQMlRoRisKRklDNzlGaFRERVFJVHZFS1NjSklHYUNyZEtXdkJxVFdmWnZJMWREUExkT01IUW81cDFCMzEyWllEWnZhejl0OQpTKzg2Z1VpN0lhZG5ZS2l3T0Jqc28rckkwd0c2S0lTUUVTbUQwcnhucHVtTlhtWmU1akJFR3FibjI3OHZwQkdPCkVaRGpSL0lJMWdNMTNEcG00cEF0Y2hNNVRna3ZxYlNwQnkzaUZGb01BQmJjSXRpV1J6Z0hyOGttckJRNXovQzEKSGM4cjE5RUNnWUVBK01Vb2Faall3SVZrNkVwVkE3YXllcXBCc1hXUjhxMTN4WnBydUtLem05RG1kQWthNXF6VApDeUhIcTh4Y2d5YVhOSXpOL3A2VzF0Ri9uVlhqRjJlb0p0c3g2Z1MzcE15ZytYOGVrODlFYlNrcU5GUjlxSFY5CitycHdoWXlDQTFTTzJxTExvTXl1cWdWTGhGRnZibTh5VE1FNW5FM1Fzb3h4MEFISjIzaDNJWU1DZ1lFQStLOGUKYVVaSm40cXBQR1hmRUErNEJqd2NxSVJucHNXSFBibzY0dTlieGNtRmx3M2lrRDhxZHAxZmt2ZEE3VG94OEZrWQpnTlA2WkhmakFVU2M4bFRzSzkyMkw5NmMrN3lkN2lLdjNWQ01rNlBCbVZTam1nc1RNS3J2dEgrT01Ya3RaZCtxCjNZN0wwSGpldkR2dG1MeCt1SFdwQ0dOV1Ixc0c3eVVLSmphd0tXa0NnWUVBb3BlcDdDcWNNR2gvSlZ1LzZPZDIKQzdwUHFYN2dYeTZGZzcrRC9HOUsyT0pXWFN5K1NscFdyWVhzalJyS3RHVjZtandWUHYvRU1xOUdxenpCYWtDegpwSUhMUTlyRmRJN1IvMy9ZS2w5anA3MHArbjNtaXo0UGt0cGNSTTByQktZMW9DeWF6b1E0L0tMdFVwUXZNb3kyCjRYZkJBYW5TWjRCbnVyNFFnc05maWFVQ2dZQUp5RW0zOW0zYStzZGhldGhsZDFqVDFmV0NvNEs0U3JqaE1yd3kKUlJ3bEVhSlJxTmdxdUhGaExSdWZXbDZSZG1LVWc4eTA5S0c2NWdSbC9sNzJJV1VRN0szSUFFZklsMGpYSDBJdgp3SVZuSVYveU9pUWRZU1ltR2ZOSDlHU1JpYVRCaHlUZmhraDZNT2NDSEpGaUdyZ1paWGQ2dnYyYjNQYk8zWFFpCndLLzVVUUtCZ0dpWHJ0Y0ZEQ0NQQU0wTVliWHdCMWNEaUZpNjhKQW0zSTdhYzJaUW1KZElIZnpWeWRyNjViOUcKK0EvdWIzcHlrQzBwMUZzZDdkdUVBL2d3SStjc3YyWFBjbE9qbTRyMjBVZWJXTHc4S1RFajZ5R0ttUHRJbW5GQwo0VHZFZXdialhlNmUwWkZlN29nQjBMWjVWcEIrdDl4MFVGK3dFdURKczUvU0J5bUNHVjYvCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== ---- -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: package-server - namespace: olm - labels: - app: package-server -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: package-server - template: - metadata: - labels: - app: package-server - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: package-server - command: - - /bin/package-server - - -v=4 - - --debug - image: quay.io/coreos/package-server@sha256:cc18b5711fb2126329c969f077f67f41981c87f800f6b2ceae5981422c14917b - imagePullPolicy: Always - ports: - - containerPort: 443 - volumeMounts: - - name: certs - mountPath: /apiserver.local.config/certificates - readOnly: true - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 443 - volumes: - - name: certs - secret: - secretName: package-server-certs - items: - - key: tls.crt - path: apiserver.crt - - key: tls.key - path: apiserver.key - imagePullSecrets: - - name: coreos-pull-secret ---- -apiVersion: v1 -kind: Service -metadata: - name: package-server - namespace: olm -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 443 - selector: - app: package-server diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_00-namespace.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_00-namespace.yaml deleted file mode 100644 index 1f2166b1a2..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_00-namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ -##--- -# Source: olm/templates/0000_30_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: olm - labels: - openshift.io/run-level: "1" diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_01-olm-operator.serviceaccount.yaml deleted file mode 100644 index e75e22e51b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,31 +0,0 @@ -##--- -# Source: olm/templates/0000_30_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] ---- -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-olm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_02-clusterserviceversion.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_02-clusterserviceversion.crd.yaml deleted file mode 100644 index e738495ba9..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_02-clusterserviceversion.crd.yaml +++ /dev/null @@ -1,709 +0,0 @@ -##--- -# Source: olm/templates/0000_30_02-clusterserviceversion.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterserviceversions.operators.coreos.com - annotations: - displayName: Operator Version - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. -spec: - names: - plural: clusterserviceversions - singular: clusterserviceversion - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - shortNames: - - csv - categories: - - all - - olm - additionalPrinterColumns: - - name: Display - type: string - description: The name of the CSV - JSONPath: .spec.displayName - - name: Version - type: string - description: The version of the CSV - JSONPath: .spec.version - - name: Replaces - type: string - description: The name of a CSV that this one replaces - JSONPath: .spec.replaces - - name: Phase - type: string - JSONPath: .status.phase - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for a ClusterServiceVersion - required: - - displayName - - install - properties: - displayName: - type: string - description: Human readable name of the application that will be displayed in the ALM UI - - description: - type: string - description: Human readable description of what the application does - - keywords: - type: array - description: List of keywords which will be used to discover and categorize app types - items: - type: string - - maintainers: - type: array - description: Those responsible for the creation of this specific app type - items: - type: object - description: Information for a single maintainer - required: - - name - - email - properties: - name: - type: string - description: Maintainer's name - email: - type: string - description: Maintainer's email address - format: email - optionalProperties: - type: string - description: "Any additional key-value metadata you wish to expose about the maintainer, e.g. github: " - - links: - type: array - description: Interesting links to find more information about the project, such as marketing page, documentation, or github page - items: - type: object - description: A single link to describe one aspect of the project - required: - - name - - url - properties: - name: - type: string - description: Name of the link type, e.g. homepage or github url - url: - type: string - description: URL to which the link should point - format: uri - - icon: - type: array - description: Icon which should be rendered with the application information - required: - - base64data - - mediatype - properties: - base64data: - type: string - description: Base64 binary representation of the icon image - pattern: ^(?:[A-Za-z0-9+/]{4}){0,16250}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$ - mediatype: - type: string - description: Mediatype for the binary data specified in the base64data property - enum: - - image/gif - - image/jpeg - - image/png - - image/svg+xml - version: - type: string - description: Version string, recommended that users use semantic versioning - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - replaces: - type: string - description: Name of the ClusterServiceVersion custom resource that this version replaces - - maturity: - type: string - description: What level of maturity the software has achieved at this version - enum: - - planning - - pre-alpha - - alpha - - beta - - stable - - mature - - inactive - - deprecated - labels: - type: object - description: Labels that will be applied to associated resources created by the operator. - selector: - type: object - description: Label selector to find resources associated with or managed by the operator - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - apiservicedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - deploymentName - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the APIService - required: - - kind - - version - properties: - name: - type: string - description: If a APIService, the fully qualified name of the APIService (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this status is the same for all instances of the API resource and can be found here instead of on the API resource. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the APIService resource. - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this spec is the same for all instances of the API Resource and can be found here instead of on the API resource. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - type: object - description: If present, the value of this action is the same for all instances of the API resource and can be found here instead of on the API resource. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the APIService - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API Resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this status is the same for all instances of the API Resource and can be found here instead of on the API Resource. - - customresourcedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the CRD - required: - - kind - - version - properties: - name: - type: string - description: If a CRD, the fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this spec is the same for all instances of the CRD and can be found here instead of on the CR. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - type: object - description: If present, the value of this action is the same for all instances of the CRD and can be found here instead of on the CR. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - - - install: - type: object - description: Information required to install this specific version of the operator software - oneOf: - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['image'] - spec: - type: object - required: - - image - properties: - image: - type: string - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['deployment'] - spec: - type: object - required: - - deployments - properties: - deployments: - type: array - description: List of deployments to create - items: - type: object - description: A name and deployment to create in the cluster - required: - - name - - spec - properties: - name: - type: string - description: the consistent name of the deployment - spec: - type: object - description: The deployment spec to create in the cluster - permissions: - type: array - description: Permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - get - - list - - watch - - create - - update - - patch - - delete - - deletecollection - - initialize - clusterPermissions: - type: array - description: Cluster permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - get - - list - - watch - - create - - update - - patch - - delete - - deletecollection - - initialize - status: - type: object - description: Status for a ClusterServiceVersion diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_03-installplan.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_03-installplan.crd.yaml deleted file mode 100644 index 8742215dca..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_03-installplan.crd.yaml +++ /dev/null @@ -1,78 +0,0 @@ -##--- -# Source: olm/templates/0000_30_03-installplan.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: installplans.operators.coreos.com - annotations: - displayName: Install Plan - description: Represents a plan to install and resolve dependencies for Cluster Services -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: installplans - singular: installplan - kind: InstallPlan - listKind: InstallPlanList - categories: - - all - - olm - additionalPrinterColumns: - - name: CSV - type: string - description: The first CSV in the list of clusterServiceVersionNames - JSONPath: .spec.clusterServiceVersionNames[0] - - name: Source - type: string - description: The catalog source for the specified CSVs. - JSONPath: .spec.source - - name: Approval - type: string - description: The approval mode - JSONPath: .spec.approval - - name: Approved - type: boolean - JSONPath: .spec.approved - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for an InstallPlan - required: - - clusterServiceVersionNames - - approval - properties: - source: - type: string - description: Name of the preferred CatalogSource - sourceNamespace: - type: string - description: Namespace that contains the preffered CatalogSource - clusterServiceVersionNames: - type: array - description: A list of the names of the Cluster Services - items: - type: string - anyOf: - - properties: - approval: - enum: - - Manual - approved: - type: boolean - required: - - approved - - properties: - approval: - enum: - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_04-subscription.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_04-subscription.crd.yaml deleted file mode 100644 index 35f0c24a15..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_04-subscription.crd.yaml +++ /dev/null @@ -1,72 +0,0 @@ -##--- -# Source: olm/templates/0000_30_04-subscription.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.operators.coreos.com - annotations: - displayName: Subscription - description: Subcribes service catalog to a source and channel to recieve updates for packages. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: subscriptions - singular: subscription - kind: Subscription - listKind: SubscriptionList - categories: - - all - - olm - additionalPrinterColumns: - - name: Package - type: string - description: The package subscribed to - JSONPath: .spec.name - - name: Source - type: string - description: The catalog source for the specified package - JSONPath: .spec.source - - name: Channel - type: string - description: The channel of updates to subscribe to - JSONPath: .spec.channel - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for a Subscription - required: - - source - - name - properties: - source: - type: string - description: Name of a CatalogSource that defines where and how to find the channel - sourceNamespace: - type: string - description: The Kubernetes namespace where the CatalogSource used is located - name: - type: string - description: Name of the package that defines the application - channel: - type: string - description: Name of the channel to track - startingCSV: - type: string - description: Name of the AppType that this subscription tracks - installPlanApproval: - type: string - description: Approval mode for emitted InstallPlans - enum: - - Manual - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_05-catalogsource.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_05-catalogsource.crd.yaml deleted file mode 100644 index 8facb62fbd..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_05-catalogsource.crd.yaml +++ /dev/null @@ -1,81 +0,0 @@ -##--- -# Source: olm/templates/0000_30_05-catalogsource.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: catalogsources.operators.coreos.com - annotations: - displayName: CatalogSource - description: A source configured to find packages and updates. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: catalogsources - singular: catalogsource - kind: CatalogSource - listKind: CatalogSourceList - categories: - - all - - olm - additionalPrinterColumns: - - name: Name - type: string - description: The pretty name of the catalog - JSONPath: .spec.displayName - - name: Type - type: string - description: The type of the catalog - JSONPath: .spec.sourceType - - name: Publisher - type: string - description: The publisher of the catalog - JSONPath: .spec.publisher - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Represents a subscription to a source and channel - required: - - spec - type: object - description: Spec for a catalog source. - required: - - sourceType - properties: - sourceType: - type: string - description: The type of the source. Currently the only supported type is "internal". - enum: - - internal - - configMap: - type: string - description: The name of a ConfigMap that holds the entries for an in-memory catalog. - - displayName: - type: string - description: Pretty name for display - - publisher: - type: string - description: The name of an entity that publishes this catalog - - secrets: - type: array - description: A set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. - items: - type: string - description: A name of a secret in the namespace where the CatalogSource is defined. diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_06-rh-operators.configmap.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_06-rh-operators.configmap.yaml deleted file mode 100644 index b09cd30e0c..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_06-rh-operators.configmap.yaml +++ /dev/null @@ -1,11748 +0,0 @@ -##--- -# Source: olm/templates/0000_30_06-rh-operators.configmap.yaml - -kind: ConfigMap -apiVersion: v1 -metadata: - name: rh-operators - namespace: olm - -data: - customResourceDefinitions: |- - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: alertmanagers.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: Alertmanager - plural: alertmanagers - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: 'Specification of the desired behavior of the Alertmanager - cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - affinity: - description: Affinity is a group of affinity scheduling rules. - properties: - nodeAffinity: - description: Node affinity is a group of node affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). - properties: - preference: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - preference - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: A node selector represents the union of the results - of one or more label queries over a set of nodes; that is, - it represents the OR of the selectors represented by the node - selector terms. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - type: array - required: - - nodeSelectorTerms - podAffinity: - description: Pod affinity is a group of inter pod affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - podAntiAffinity: - description: Pod anti affinity is a group of inter pod anti affinity - scheduling rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more - of the expressions. The node that is most preferred is the - one with the greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field - and adding "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - baseImage: - description: Base image that is used to deploy pods, without tag. - type: string - containers: - description: Containers allows injecting additional containers. This - is meant to allow adding an authentication proxy to an Alertmanager - pod. - items: - description: A single application container that you want to run within - a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be - updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The - docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: EnvVarSource represents a source for the value - of an EnvVar. - properties: - configMapKeyRef: - description: Selects a key from a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap or it's - key must be defined - type: boolean - required: - - key - fieldRef: - description: ObjectFieldSelector selects an APIVersioned - field of an object. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - resourceFieldRef: - description: ResourceFieldSelector represents container - resources (cpu, memory) and their output format - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: {} - resource: - description: 'Required: resource to select' - type: string - required: - - resource - secretKeyRef: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's - key must be defined - type: boolean - required: - - key - required: - - name - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be a - C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of - ConfigMaps - properties: - configMapRef: - description: |- - ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. - - The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: |- - SecretEnvSource selects a Secret to populate the environment variables with. - - The contents of the target Secret's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle describes actions that the management system - should take in response to container lifecycle events. For the - PostStart and PreStop lifecycle handlers, management of the - container blocks until the action is complete, unless the container - process fails, in which case the handler is aborted. - properties: - postStart: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - preStop: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - livenessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - name: - description: Name of the container specified as a DNS_LABEL. Each - container in a pod must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about the - network connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Cannot be updated. - items: - description: ContainerPort represents a network port in a single - container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod must - have a unique name. Name for the port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. Must be UDP or TCP. Defaults - to "TCP". - type: string - required: - - containerPort - type: array - readinessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - securityContext: - description: SecurityContext holds security configuration that - will be applied to a container. Some fields are present in both - SecurityContext and PodSecurityContext. When both are set, - the values in SecurityContext take precedence. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: Adds and removes POSIX capabilities from running - containers. - properties: - add: - description: Added capabilities - items: - type: string - type: array - drop: - description: Removed capabilities - items: - type: string - type: array - privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. - type: boolean - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to - the container - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - stdin: - description: Whether this container should allocate a buffer for - stdin in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default is - false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin - channel after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container - start, is empty until the first client attaches to stdin, and - then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container - is restarted. If this flag is false, a container processes that - reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s - termination message will be written is mounted into the container''s - filesystem. Message written is intended to be brief final status, - such as an assertion failure message. Will be truncated by the - node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. - File will use the contents of terminationMessagePath to populate - the container status message on both success and failure. FallbackToLogsOnError - will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. This is an alpha feature and may change - in the future. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - name - - devicePath - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationHostToContainer - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - required: - - name - - mountPath - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might be - configured in the container image. Cannot be updated. - type: string - required: - - name - type: array - externalUrl: - description: The external URL the Alertmanager instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Alertmanager is not served from root of a DNS name. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same namespace - to use for pulling prometheus and alertmanager images from registries - see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to let - you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - type: array - listenLocal: - description: ListenLocal makes the Alertmanager server listen on loopback, - so that it does not bind against the Pod IP. Note this is only for - the Alertmanager UI, not the gossip communication. - type: boolean - logLevel: - description: Log level for Alertmanager to be configured with. - type: string - nodeSelector: - description: Define which Nodes the Pods are scheduled on. - type: object - paused: - description: If set to true all actions on the underlaying managed objects - are not goint to be performed, except for delete actions. - type: boolean - podMetadata: - description: ObjectMeta is metadata that all persisted resources must - have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs to. - This is used to distinguish resources with same name and namespace - in different clusters. This field is not set anywhere right now - and apiserver is going to ignore it if set in create or update - request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to gracefully - terminate before it will be removed from the system. Only set - when deletionTimestamp is also set. May only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted from the - registry. Each entry is an identifier for the responsible component - that will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that must execute - in order before this object is visible. When the last pending - initializer is removed, and no failing result is set, the - initializers struct will be set to nil and the object is considered - as initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible for - initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that don't return - other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of - this representation of an object. Servers should convert - recognized schemas to the latest internal value, and may - reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this status, - 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional properties - that MAY be set by the server to provide additional information - about a response. The Reason field of a Status object - defines what attributes will be set. Clients must ignore - fields that do not match the defined type of each attribute, - and should assume that any attribute may be empty, invalid, - or under defined. - properties: - causes: - description: The Causes array includes more details - associated with the StatusReason failure. Not all - StatusReasons may provide detailed causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases when - multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description of the - cause of the error. This field may be presented - as-is to a reader. - type: string - reason: - description: A machine-readable description of - the cause of the error. If this value is empty - there is no information available. - type: string - type: array - group: - description: The group attribute of the resource associated - with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource associated - with the status StatusReason. On some operations may - differ from the requested resource Kind. More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource associated - with the status StatusReason (when there is a single - name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds before - the operation should be retried. Some errors may indicate - the client must take an alternate action - for those - errors this field may indicate how long to wait before - taking the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there is a - single resource which can be described). More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the status - of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various status - objects. A resource may have only one of {ObjectMeta, - ListMeta}. - properties: - continue: - description: continue may be set if the user set a limit - on the number of items returned, and indicates that - the server has more data available. The value is opaque - and may be used to issue another request to the endpoint - that served this list to retrieve the next set of - available objects. Continuing a list may not be possible - if the server configuration has changed or more than - a few minutes have passed. The resourceVersion field - returned when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s internal - version of this object that can be used by clients - to determine when objects have changed. Value must - be treated as opaque by clients and passed unmodified - back to the server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why this - operation is in the "Failure" status. If this value is - empty there is no information available. A Reason clarifies - an HTTP status code but does not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a client - to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If ALL objects - in the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this - list will point to this controller, with the controller field - set to true. There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information to let - you identify an owning object. Currently, an owning object must - be in the same namespace, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the key-value - store until this reference is removed. Defaults to false. - To set this field, a user needs "delete" permission of the - owner, otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. Populated - by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - replicas: - description: Size is the expected size of the alertmanager cluster. - The controller will eventually make the size of the running cluster - equal to the expected size. - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - routePrefix: - description: The route prefix Alertmanager registers HTTP handlers for. - This is useful, if using ExternalURL and a proxy is rewriting HTTP - routes of a request, and the actual ExternalURL is still true, but - the server serves requests under a different route prefix. For example - for use with `kubectl proxy`. - type: string - secrets: - description: Secrets is a list of Secrets in the same namespace as the - Alertmanager object, which shall be mounted into the Alertmanager - Pods. The Secrets are mounted into /etc/alertmanager/secrets/. - items: - type: string - type: array - securityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in container.securityContext. Field - values of container.securityContext take precedence over field values - of PodSecurityContext. - properties: - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - format: int64 - type: integer - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to the - container - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - supplementalGroups: - description: A list of groups applied to the first process run in - each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: array - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to - use to run the Prometheus Pods. - type: string - storage: - description: StorageSpec defines the configured storage for a group - Prometheus servers. - properties: - class: - description: 'Name of the StorageClass to use when requesting storage - provisioning. More info: https://kubernetes.io/docs/user-guide/persistent-volumes/#storageclasses - DEPRECATED' - type: string - emptyDir: - description: Represents an empty directory for a pod. Empty directory - volumes support ownership management and SELinux relabeling. - properties: - medium: - description: 'What type of storage medium should back this directory. - The default is "" which means to use the node''s default medium. - Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: {} - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - volumeClaimTemplate: - description: PersistentVolumeClaim is a user's request for and claim - to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - description: ObjectMeta is metadata that all persisted resources - must have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs - to. This is used to distinguish resources with same name - and namespace in different clusters. This field is not - set anywhere right now and apiserver is going to ignore - it if set in create or update request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to - gracefully terminate before it will be removed from the - system. Only set when deletionTimestamp is also set. May - only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted - from the registry. Each entry is an identifier for the - responsible component that will remove the entry from - the list. If the deletionTimestamp of the object is non-nil, - entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that - must execute in order before this object is visible. - When the last pending initializer is removed, and - no failing result is set, the initializers struct - will be set to nil and the object is considered as - initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible - for initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that - don't return other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal - value, and may reject unrecognized values. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this - status, 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional - properties that MAY be set by the server to provide - additional information about a response. The Reason - field of a Status object defines what attributes - will be set. Clients must ignore fields that do - not match the defined type of each attribute, - and should assume that any attribute may be empty, - invalid, or under defined. - properties: - causes: - description: The Causes array includes more - details associated with the StatusReason failure. - Not all StatusReasons may provide detailed - causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases - when multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description - of the cause of the error. This field - may be presented as-is to a reader. - type: string - reason: - description: A machine-readable description - of the cause of the error. If this value - is empty there is no information available. - type: string - type: array - group: - description: The group attribute of the resource - associated with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource - associated with the status StatusReason. On - some operations may differ from the requested - resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource - associated with the status StatusReason (when - there is a single name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds - before the operation should be retried. Some - errors may indicate the client must take an - alternate action - for those errors this field - may indicate how long to wait before taking - the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there - is a single resource which can be described). - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing - the REST resource this object represents. Servers - may infer this from the endpoint the client submits - requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the - status of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various - status objects. A resource may have only one of - {ObjectMeta, ListMeta}. - properties: - continue: - description: continue may be set if the user - set a limit on the number of items returned, - and indicates that the server has more data - available. The value is opaque and may be - used to issue another request to the endpoint - that served this list to retrieve the next - set of available objects. Continuing a list - may not be possible if the server configuration - has changed or more than a few minutes have - passed. The resourceVersion field returned - when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s - internal version of this object that can be - used by clients to determine when objects - have changed. Value must be treated as opaque - by clients and passed unmodified back to the - server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing - this object. Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why - this operation is in the "Failure" status. If - this value is empty there is no information available. - A Reason clarifies an HTTP status code but does - not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is - required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If - ALL objects in the list have been deleted, this object - will be garbage collected. If this object is managed by - a controller, then an entry in this list will point to - this controller, with the controller field set to true. - There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. Currently, an - owning object must be in the same namespace, so there - is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from - the key-value store until this reference is removed. - Defaults to false. To set this field, a user needs - "delete" permission of the owner, otherwise 422 - (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the - managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - spec: - description: PersistentVolumeClaimSpec describes the common - attributes of storage devices and allows a Source for provider-specific - attributes - properties: - accessModes: - description: 'AccessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - resources: - description: ResourceRequirements describes the compute - resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set - of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - storageClassName: - description: 'Name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not - included in claim spec. This is an alpha feature and may - change in the future. - type: string - volumeName: - description: VolumeName is the binding reference to the - PersistentVolume backing this claim. - type: string - status: - description: PersistentVolumeClaimStatus is the current status - of a persistent volume claim. - properties: - accessModes: - description: 'AccessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - capacity: - description: Represents the actual resources of the underlying - volume. - type: object - conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails details - about state of pvc - properties: - lastProbeTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - lastTransitionTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - message: - description: Human-readable message indicating details - about last transition. - type: string - reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is being - resized. - type: string - status: - type: string - type: - type: string - required: - - type - - status - type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string - tag: - description: Tag of Alertmanager container image to be deployed. Defaults - to the value of `version`. - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: array - version: - description: Version the cluster should be on. - type: string - status: - description: 'Most recent observed status of the Alertmanager cluster. Read-only. - Not included when requesting from the apiserver, only from the Prometheus - Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this Alertmanager cluster. - format: int32 - type: integer - paused: - description: Represents whether any actions on the underlaying managed - objects are being performed. Only delete actions will be performed. - type: boolean - replicas: - description: Total number of non-terminated pods targeted by this Alertmanager - cluster (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: Total number of unavailable pods targeted by this Alertmanager - cluster. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted by this Alertmanager - cluster that have the desired version spec. - format: int32 - type: integer - required: - - paused - - replicas - - updatedReplicas - - availableReplicas - - unavailableReplicas - version: v1 - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkas.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: Kafka - listKind: KafkaList - singular: kafka - plural: kafkas - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - kafka: - type: object - properties: - replicas: - type: integer - minimum: 1 - image: - type: string - storage: - type: object - properties: - class: - type: string - deleteClaim: - type: boolean - selector: - type: object - size: - type: string - type: - type: string - listeners: - type: object - properties: - plain: - type: object - properties: {} - tls: - type: object - properties: - authentication: - type: object - properties: - type: - type: string - authorization: - type: object - properties: - superUsers: - type: array - items: - type: string - type: - type: string - config: - type: object - rack: - type: object - properties: - topologyKey: - type: string - example: failure-domain.beta.kubernetes.io/zone - required: - - topologyKey - brokerRackInitImage: - type: string - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - metrics: - type: object - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - required: - - replicas - - storage - - listeners - zookeeper: - type: object - properties: - replicas: - type: integer - minimum: 1 - image: - type: string - storage: - type: object - properties: - class: - type: string - deleteClaim: - type: boolean - selector: - type: object - size: - type: string - type: - type: string - config: - type: object - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - metrics: - type: object - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - required: - - replicas - - storage - topicOperator: - type: object - properties: - watchedNamespace: - type: string - image: - type: string - reconciliationIntervalSeconds: - type: integer - minimum: 0 - zookeeperSessionTimeoutSeconds: - type: integer - minimum: 0 - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - topicMetadataMaxAttempts: - type: integer - minimum: 0 - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - entityOperator: - type: object - properties: - topicOperator: - type: object - properties: - watchedNamespace: - type: string - image: - type: string - reconciliationIntervalSeconds: - type: integer - minimum: 0 - zookeeperSessionTimeoutSeconds: - type: integer - minimum: 0 - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - topicMetadataMaxAttempts: - type: integer - minimum: 0 - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - userOperator: - type: object - properties: - watchedNamespace: - type: string - image: - type: string - reconciliationIntervalSeconds: - type: integer - minimum: 0 - zookeeperSessionTimeoutSeconds: - type: integer - minimum: 0 - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - required: - - kafka - - zookeeper - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkaconnects.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaConnect - listKind: KafkaConnectList - singular: kafkaconnect - plural: kafkaconnects - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - replicas: - type: integer - image: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - metrics: - type: object - authentication: - type: object - properties: - certificateAndKey: - type: object - properties: - certificate: - type: string - key: - type: string - secretName: - type: string - required: - - certificate - - key - - secretName - type: - type: string - required: - - certificateAndKey - bootstrapServers: - type: string - config: - type: object - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - tls: - type: object - properties: - trustedCertificates: - type: array - items: - type: object - properties: - certificate: - type: string - secretName: - type: string - required: - - certificate - - secretName - required: - - trustedCertificates - required: - - bootstrapServers - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkaconnects2is.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaConnectS2I - listKind: KafkaConnectS2IList - singular: kafkaconnects2i - plural: kafkaconnects2is - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - replicas: - type: integer - image: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - metrics: - type: object - authentication: - type: object - properties: - certificateAndKey: - type: object - properties: - certificate: - type: string - key: - type: string - secretName: - type: string - required: - - certificate - - key - - secretName - type: - type: string - required: - - certificateAndKey - bootstrapServers: - type: string - config: - type: object - insecureSourceRepository: - type: boolean - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - tls: - type: object - properties: - trustedCertificates: - type: array - items: - type: object - properties: - certificate: - type: string - secretName: - type: string - required: - - certificate - - secretName - required: - - trustedCertificates - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - required: - - bootstrapServers - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkatopics.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaTopic - listKind: KafkaTopicList - singular: kafkatopic - plural: kafkatopics - shortNames: - - kt - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - partitions: - type: integer - minimum: 1 - replicas: - type: integer - minimum: 1 - maximum: 32767 - config: - type: object - topicName: - type: string - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkausers.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaUser - listKind: KafkaUserList - singular: kafkauser - plural: kafkausers - shortNames: - - ku - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - authentication: - type: object - properties: - type: - type: string - authorization: - type: object - properties: - acls: - type: array - items: - type: object - properties: - host: - type: string - operation: - type: string - enum: - - Read - - Write - - Create - - Delete - - Alter - - Describe - - ClusterAction - - AlterConfigs - - DescribeConfigs - - IdempotentWrite - - All - resource: - type: object - properties: - name: - type: string - patternType: - type: string - enum: - - literal - - prefix - type: - type: string - type: - type: string - enum: - - allow - - deny - required: - - operation - - resource - type: - type: string - required: - - acls - required: - - authentication - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdbackups.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - kind: EtcdBackup - listKind: EtcdBackupList - plural: etcdbackups - singular: etcdbackup - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdclusters.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - plural: etcdclusters - singular: etcdcluster - kind: EtcdCluster - listKind: EtcdClusterList - shortNames: - - etcdclus - - etcd - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdrestores.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - kind: EtcdRestore - listKind: EtcdRestoreList - plural: etcdrestores - singular: etcdrestore - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: "" - kubebuilder.k8s.io: 0.1.10 - name: clusters.clusterregistry.k8s.io - spec: - group: clusterregistry.k8s.io - names: - kind: Cluster - plural: clusters - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - authInfo: - properties: - controller: - properties: - kind: - type: string - name: - type: string - namespace: - type: string - type: object - user: - properties: - kind: - type: string - name: - type: string - namespace: - type: string - type: object - type: object - kubernetesApiEndpoints: - properties: - caBundle: - items: - type: byte - type: string - serverEndpoints: - items: - properties: - clientCIDR: - type: string - serverAddress: - type: string - type: object - type: array - type: object - type: object - status: - properties: - conditions: - items: - properties: - lastHeartbeatTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: dnsendpoints.multiclusterdns.federation.k8s.io - spec: - group: multiclusterdns.federation.k8s.io - names: - kind: DNSEndpoint - plural: dnsendpoints - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - endpoints: - items: - properties: - dnsName: - type: string - labels: - type: object - recordTTL: - format: int64 - type: integer - recordType: - type: string - targets: - items: - type: string - type: array - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedclusters.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedCluster - plural: federatedclusters - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterRef: - type: object - secretRef: - type: object - type: object - status: - properties: - conditions: - items: - properties: - lastProbeTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - - status - type: object - type: array - region: - type: string - zone: - type: string - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedconfigmaps.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedConfigMap - plural: federatedconfigmaps - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedconfigmapoverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedConfigMapOverride - plural: federatedconfigmapoverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - data: - type: object - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedconfigmapplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedConfigMapPlacement - plural: federatedconfigmapplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federateddeployments.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedDeployment - plural: federateddeployments - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federateddeploymentoverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedDeploymentOverride - plural: federateddeploymentoverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - replicas: - format: int32 - type: integer - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federateddeploymentplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedDeploymentPlacement - plural: federateddeploymentplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedingresses.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedIngress - plural: federatedingresses - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedingressplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedIngressPlacement - plural: federatedingressplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedjobs.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedJob - plural: federatedjobs - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedjoboverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedJobOverride - plural: federatedjoboverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - parallelism: - format: int32 - type: integer - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedjobplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedJobPlacement - plural: federatedjobplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatednamespaceplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedNamespacePlacement - plural: federatednamespaceplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedreplicasets.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedReplicaSet - plural: federatedreplicasets - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedreplicasetoverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedReplicaSetOverride - plural: federatedreplicasetoverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - replicas: - format: int32 - type: integer - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedreplicasetplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedReplicaSetPlacement - plural: federatedreplicasetplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedsecrets.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedSecret - plural: federatedsecrets - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedsecretoverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedSecretOverride - plural: federatedsecretoverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - data: - type: object - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedsecretplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedSecretPlacement - plural: federatedsecretplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedservices.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedService - plural: federatedservices - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedserviceaccounts.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedServiceAccount - plural: federatedserviceaccounts - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedserviceaccountplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedServiceAccountPlacement - plural: federatedserviceaccountplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedserviceplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedServicePlacement - plural: federatedserviceplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedtypeconfigs.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedTypeConfig - plural: federatedtypeconfigs - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - comparisonField: - type: string - namespaced: - type: boolean - override: - properties: - group: - type: string - kind: - type: string - pluralName: - type: string - version: - type: string - required: - - kind - type: object - overridePath: - items: - type: string - type: array - placement: - properties: - group: - type: string - kind: - type: string - pluralName: - type: string - version: - type: string - required: - - kind - type: object - propagationEnabled: - type: boolean - target: - properties: - group: - type: string - kind: - type: string - pluralName: - type: string - version: - type: string - required: - - kind - type: object - template: - properties: - group: - type: string - kind: - type: string - pluralName: - type: string - version: - type: string - required: - - kind - type: object - required: - - target - - namespaced - - comparisonField - - propagationEnabled - - template - - placement - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: multiclusteringressdnsrecords.multiclusterdns.federation.k8s.io - spec: - group: multiclusterdns.federation.k8s.io - names: - kind: MultiClusterIngressDNSRecord - plural: multiclusteringressdnsrecords - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - hosts: - items: - type: string - type: array - recordTTL: - format: int64 - type: integer - type: object - status: - properties: - dns: - items: - properties: - cluster: - type: string - loadBalancer: - type: object - type: object - type: array - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: multiclusterservicednsrecords.multiclusterdns.federation.k8s.io - spec: - group: multiclusterdns.federation.k8s.io - names: - kind: MultiClusterServiceDNSRecord - plural: multiclusterservicednsrecords - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - dnsSuffix: - type: string - federationName: - type: string - recordTTL: - format: int64 - type: integer - type: object - status: - properties: - dns: - items: - properties: - cluster: - type: string - loadBalancer: - type: object - region: - type: string - zone: - type: string - type: object - type: array - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: propagatedversions.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: PropagatedVersion - plural: propagatedversions - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - status: - properties: - clusterVersions: - items: - properties: - clusterName: - type: string - version: - type: string - type: object - type: array - overridesVersion: - type: string - templateVersion: - type: string - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: replicaschedulingpreferences.scheduling.federation.k8s.io - spec: - group: scheduling.federation.k8s.io - names: - kind: ReplicaSchedulingPreference - plural: replicaschedulingpreferences - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusters: - type: object - rebalance: - type: boolean - targetKind: - type: string - totalReplicas: - format: int32 - type: integer - required: - - targetKind - - totalReplicas - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: prometheuses.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: Prometheus - plural: prometheuses - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: 'Specification of the desired behavior of the Prometheus cluster. - More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - additionalAlertManagerConfigs: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must be defined - type: boolean - required: - - key - additionalScrapeConfigs: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must be defined - type: boolean - required: - - key - affinity: - description: Affinity is a group of affinity scheduling rules. - properties: - nodeAffinity: - description: Node affinity is a group of node affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). - properties: - preference: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - preference - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: A node selector represents the union of the results - of one or more label queries over a set of nodes; that is, - it represents the OR of the selectors represented by the node - selector terms. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - type: array - required: - - nodeSelectorTerms - podAffinity: - description: Pod affinity is a group of inter pod affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - podAntiAffinity: - description: Pod anti affinity is a group of inter pod anti affinity - scheduling rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more - of the expressions. The node that is most preferred is the - one with the greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field - and adding "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - alerting: - description: AlertingSpec defines parameters for alerting configuration - of Prometheus servers. - properties: - alertmanagers: - description: AlertmanagerEndpoints Prometheus should fire alerts - against. - items: - description: AlertmanagerEndpoints defines a selection of a single - Endpoints object containing alertmanager IPs to fire alerts - against. - properties: - bearerTokenFile: - description: BearerTokenFile to read from filesystem to use - when authenticating to Alertmanager. - type: string - name: - description: Name of Endpoints object in Namespace. - type: string - namespace: - description: Namespace of Endpoints object. - type: string - pathPrefix: - description: Prefix for the HTTP path alerts are pushed to. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use when firing alerts. - type: string - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - required: - - namespace - - name - - port - type: array - required: - - alertmanagers - baseImage: - description: Base image to use for a Prometheus deployment. - type: string - containers: - description: Containers allows injecting additional containers. This - is meant to allow adding an authentication proxy to a Prometheus pod. - items: - description: A single application container that you want to run within - a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be - updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The - docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: EnvVarSource represents a source for the value - of an EnvVar. - properties: - configMapKeyRef: - description: Selects a key from a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap or it's - key must be defined - type: boolean - required: - - key - fieldRef: - description: ObjectFieldSelector selects an APIVersioned - field of an object. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - resourceFieldRef: - description: ResourceFieldSelector represents container - resources (cpu, memory) and their output format - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: {} - resource: - description: 'Required: resource to select' - type: string - required: - - resource - secretKeyRef: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's - key must be defined - type: boolean - required: - - key - required: - - name - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be a - C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of - ConfigMaps - properties: - configMapRef: - description: |- - ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. - The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: |- - SecretEnvSource selects a Secret to populate the environment variables with. - The contents of the target Secret's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle describes actions that the management system - should take in response to container lifecycle events. For the - PostStart and PreStop lifecycle handlers, management of the - container blocks until the action is complete, unless the container - process fails, in which case the handler is aborted. - properties: - postStart: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - preStop: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - livenessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - name: - description: Name of the container specified as a DNS_LABEL. Each - container in a pod must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about the - network connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Cannot be updated. - items: - description: ContainerPort represents a network port in a single - container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod must - have a unique name. Name for the port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. Must be UDP or TCP. Defaults - to "TCP". - type: string - required: - - containerPort - type: array - readinessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - securityContext: - description: SecurityContext holds security configuration that - will be applied to a container. Some fields are present in both - SecurityContext and PodSecurityContext. When both are set, - the values in SecurityContext take precedence. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: Adds and removes POSIX capabilities from running - containers. - properties: - add: - description: Added capabilities - items: - type: string - type: array - drop: - description: Removed capabilities - items: - type: string - type: array - privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. - type: boolean - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to - the container - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - stdin: - description: Whether this container should allocate a buffer for - stdin in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default is - false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin - channel after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container - start, is empty until the first client attaches to stdin, and - then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container - is restarted. If this flag is false, a container processes that - reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s - termination message will be written is mounted into the container''s - filesystem. Message written is intended to be brief final status, - such as an assertion failure message. Will be truncated by the - node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. - File will use the contents of terminationMessagePath to populate - the container status message on both success and failure. FallbackToLogsOnError - will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. This is an alpha feature and may change - in the future. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - name - - devicePath - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationHostToContainer - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - required: - - name - - mountPath - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might be - configured in the container image. Cannot be updated. - type: string - required: - - name - type: array - evaluationInterval: - description: Interval between consecutive evaluations. - type: string - externalLabels: - description: The labels to add to any time series or alerts when communicating - with external systems (federation, remote storage, Alertmanager). - type: object - externalUrl: - description: The external URL the Prometheus instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Prometheus is not served from root of a DNS name. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same namespace - to use for pulling prometheus and alertmanager images from registries - see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to let - you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - type: array - listenLocal: - description: ListenLocal makes the Prometheus server listen on loopback, - so that it does not bind against the Pod IP. - type: boolean - logLevel: - description: Log level for Prometheus to be configured with. - type: string - nodeSelector: - description: Define which Nodes the Pods are scheduled on. - type: object - paused: - description: When a Prometheus deployment is paused, no actions except - for deletion will be performed on the underlying objects. - type: boolean - podMetadata: - description: ObjectMeta is metadata that all persisted resources must - have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs to. - This is used to distinguish resources with same name and namespace - in different clusters. This field is not set anywhere right now - and apiserver is going to ignore it if set in create or update - request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to gracefully - terminate before it will be removed from the system. Only set - when deletionTimestamp is also set. May only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted from the - registry. Each entry is an identifier for the responsible component - that will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that must execute - in order before this object is visible. When the last pending - initializer is removed, and no failing result is set, the - initializers struct will be set to nil and the object is considered - as initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible for - initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that don't return - other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of - this representation of an object. Servers should convert - recognized schemas to the latest internal value, and may - reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this status, - 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional properties - that MAY be set by the server to provide additional information - about a response. The Reason field of a Status object - defines what attributes will be set. Clients must ignore - fields that do not match the defined type of each attribute, - and should assume that any attribute may be empty, invalid, - or under defined. - properties: - causes: - description: The Causes array includes more details - associated with the StatusReason failure. Not all - StatusReasons may provide detailed causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases when - multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description of the - cause of the error. This field may be presented - as-is to a reader. - type: string - reason: - description: A machine-readable description of - the cause of the error. If this value is empty - there is no information available. - type: string - type: array - group: - description: The group attribute of the resource associated - with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource associated - with the status StatusReason. On some operations may - differ from the requested resource Kind. More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource associated - with the status StatusReason (when there is a single - name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds before - the operation should be retried. Some errors may indicate - the client must take an alternate action - for those - errors this field may indicate how long to wait before - taking the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there is a - single resource which can be described). More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the status - of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various status - objects. A resource may have only one of {ObjectMeta, - ListMeta}. - properties: - continue: - description: continue may be set if the user set a limit - on the number of items returned, and indicates that - the server has more data available. The value is opaque - and may be used to issue another request to the endpoint - that served this list to retrieve the next set of - available objects. Continuing a list may not be possible - if the server configuration has changed or more than - a few minutes have passed. The resourceVersion field - returned when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s internal - version of this object that can be used by clients - to determine when objects have changed. Value must - be treated as opaque by clients and passed unmodified - back to the server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why this - operation is in the "Failure" status. If this value is - empty there is no information available. A Reason clarifies - an HTTP status code but does not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a client - to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If ALL objects - in the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this - list will point to this controller, with the controller field - set to true. There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information to let - you identify an owning object. Currently, an owning object must - be in the same namespace, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the key-value - store until this reference is removed. Defaults to false. - To set this field, a user needs "delete" permission of the - owner, otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. Populated - by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - remoteRead: - description: If specified, the remote_read spec. This is an experimental - feature, it may change in any upcoming release in a breaking way. - items: - description: RemoteReadSpec defines the remote_read configuration - for prometheus. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - username: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bearerToken: - description: bearer token for remote read. - type: string - bearerTokenFile: - description: File to read bearer token for remote read. - type: string - proxyUrl: - description: Optional ProxyURL - type: string - readRecent: - description: Whether reads should be made for queries for time - ranges that the local storage should have complete data for. - type: boolean - remoteTimeout: - description: Timeout for requests to the remote read endpoint. - type: string - requiredMatchers: - description: An optional list of equality matchers which have - to be present in a selector to query the remote read endpoint. - type: object - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - url: - description: The URL of the endpoint to send samples to. - type: string - required: - - url - type: array - remoteWrite: - description: If specified, the remote_write spec. This is an experimental - feature, it may change in any upcoming release in a breaking way. - items: - description: RemoteWriteSpec defines the remote_write configuration - for prometheus. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - username: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bearerToken: - description: File to read bearer token for remote write. - type: string - bearerTokenFile: - description: File to read bearer token for remote write. - type: string - proxyUrl: - description: Optional ProxyURL - type: string - queueConfig: - description: QueueConfig allows the tuning of remote_write queue_config - parameters. This object is referenced in the RemoteWriteSpec - object. - properties: - batchSendDeadline: - description: BatchSendDeadline is the maximum time a sample - will wait in buffer. - type: string - capacity: - description: Capacity is the number of samples to buffer per - shard before we start dropping them. - format: int32 - type: integer - maxBackoff: - description: MaxBackoff is the maximum retry delay. - type: string - maxRetries: - description: MaxRetries is the maximum number of times to - retry a batch on recoverable errors. - format: int32 - type: integer - maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number of samples - per send. - format: int32 - type: integer - maxShards: - description: MaxShards is the maximum number of shards, i.e. - amount of concurrency. - format: int32 - type: integer - minBackoff: - description: MinBackoff is the initial retry delay. Gets doubled - for every retry. - type: string - remoteTimeout: - description: Timeout for requests to the remote write endpoint. - type: string - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - url: - description: The URL of the endpoint to send samples to. - type: string - writeRelabelConfigs: - description: The list of remote write relabel configurations. - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It defines - ``-section of Prometheus configuration. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - description: Action to perform based on regex matching. - Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label - values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. defailt is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular expression - for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: array - required: - - url - type: array - replicas: - description: Number of instances to deploy for a Prometheus deployment. - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - retention: - description: Time duration Prometheus shall retain data for. - type: string - routePrefix: - description: The route prefix Prometheus registers HTTP handlers for. - This is useful, if using ExternalURL and a proxy is rewriting HTTP - routes of a request, and the actual ExternalURL is still true, but - the server serves requests under a different route prefix. For example - for use with `kubectl proxy`. - type: string - ruleNamespaceSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - ruleSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - scrapeInterval: - description: Interval between consecutive scrapes. - type: string - secrets: - description: Secrets is a list of Secrets in the same namespace as the - Prometheus object, which shall be mounted into the Prometheus Pods. - The Secrets are mounted into /etc/prometheus/secrets/. - Secrets changes after initial creation of a Prometheus object are - not reflected in the running Pods. To change the secrets mounted into - the Prometheus Pods, the object must be deleted and recreated with - the new list of secrets. - items: - type: string - type: array - securityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in container.securityContext. Field - values of container.securityContext take precedence over field values - of PodSecurityContext. - properties: - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. - format: int64 - type: integer - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to the - container - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - supplementalGroups: - description: A list of groups applied to the first process run in - each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: array - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to - use to run the Prometheus Pods. - type: string - serviceMonitorNamespaceSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - serviceMonitorSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - storage: - description: StorageSpec defines the configured storage for a group - Prometheus servers. - properties: - class: - description: 'Name of the StorageClass to use when requesting storage - provisioning. More info: https://kubernetes.io/docs/user-guide/persistent-volumes/#storageclasses - DEPRECATED' - type: string - emptyDir: - description: Represents an empty directory for a pod. Empty directory - volumes support ownership management and SELinux relabeling. - properties: - medium: - description: 'What type of storage medium should back this directory. - The default is "" which means to use the node''s default medium. - Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: {} - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - volumeClaimTemplate: - description: PersistentVolumeClaim is a user's request for and claim - to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - description: ObjectMeta is metadata that all persisted resources - must have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs - to. This is used to distinguish resources with same name - and namespace in different clusters. This field is not - set anywhere right now and apiserver is going to ignore - it if set in create or update request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to - gracefully terminate before it will be removed from the - system. Only set when deletionTimestamp is also set. May - only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted - from the registry. Each entry is an identifier for the - responsible component that will remove the entry from - the list. If the deletionTimestamp of the object is non-nil, - entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that - must execute in order before this object is visible. - When the last pending initializer is removed, and - no failing result is set, the initializers struct - will be set to nil and the object is considered as - initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible - for initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that - don't return other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal - value, and may reject unrecognized values. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this - status, 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional - properties that MAY be set by the server to provide - additional information about a response. The Reason - field of a Status object defines what attributes - will be set. Clients must ignore fields that do - not match the defined type of each attribute, - and should assume that any attribute may be empty, - invalid, or under defined. - properties: - causes: - description: The Causes array includes more - details associated with the StatusReason failure. - Not all StatusReasons may provide detailed - causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases - when multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description - of the cause of the error. This field - may be presented as-is to a reader. - type: string - reason: - description: A machine-readable description - of the cause of the error. If this value - is empty there is no information available. - type: string - type: array - group: - description: The group attribute of the resource - associated with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource - associated with the status StatusReason. On - some operations may differ from the requested - resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource - associated with the status StatusReason (when - there is a single name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds - before the operation should be retried. Some - errors may indicate the client must take an - alternate action - for those errors this field - may indicate how long to wait before taking - the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there - is a single resource which can be described). - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing - the REST resource this object represents. Servers - may infer this from the endpoint the client submits - requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the - status of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various - status objects. A resource may have only one of - {ObjectMeta, ListMeta}. - properties: - continue: - description: continue may be set if the user - set a limit on the number of items returned, - and indicates that the server has more data - available. The value is opaque and may be - used to issue another request to the endpoint - that served this list to retrieve the next - set of available objects. Continuing a list - may not be possible if the server configuration - has changed or more than a few minutes have - passed. The resourceVersion field returned - when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s - internal version of this object that can be - used by clients to determine when objects - have changed. Value must be treated as opaque - by clients and passed unmodified back to the - server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing - this object. Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why - this operation is in the "Failure" status. If - this value is empty there is no information available. - A Reason clarifies an HTTP status code but does - not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is - required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If - ALL objects in the list have been deleted, this object - will be garbage collected. If this object is managed by - a controller, then an entry in this list will point to - this controller, with the controller field set to true. - There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. Currently, an - owning object must be in the same namespace, so there - is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from - the key-value store until this reference is removed. - Defaults to false. To set this field, a user needs - "delete" permission of the owner, otherwise 422 - (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the - managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - spec: - description: PersistentVolumeClaimSpec describes the common - attributes of storage devices and allows a Source for provider-specific - attributes - properties: - accessModes: - description: 'AccessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - resources: - description: ResourceRequirements describes the compute - resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set - of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - storageClassName: - description: 'Name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not - included in claim spec. This is an alpha feature and may - change in the future. - type: string - volumeName: - description: VolumeName is the binding reference to the - PersistentVolume backing this claim. - type: string - status: - description: PersistentVolumeClaimStatus is the current status - of a persistent volume claim. - properties: - accessModes: - description: 'AccessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - capacity: - description: Represents the actual resources of the underlying - volume. - type: object - conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails details - about state of pvc - properties: - lastProbeTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - lastTransitionTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - message: - description: Human-readable message indicating details - about last transition. - type: string - reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is being - resized. - type: string - status: - type: string - type: - type: string - required: - - type - - status - type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string - tag: - description: Tag of Prometheus container image to be deployed. Defaults - to the value of `version`. - type: string - thanos: - description: ThanosSpec defines parameters for a Prometheus server within - a Thanos deployment. - properties: - baseImage: - description: Thanos base image if other than default. - type: string - gcs: - description: ThanosGCSSpec defines parameters for use of Google - Cloud Storage (GCS) with Thanos. - properties: - bucket: - description: Google Cloud Storage bucket name for stored blocks. - If empty it won't store any block inside Google Cloud Storage. - type: string - peers: - description: Peers is a DNS name for Thanos to discover peers through. - type: string - s3: - description: ThanosSpec defines parameters for of AWS Simple Storage - Service (S3) with Thanos. (S3 compatible services apply as well) - properties: - accessKey: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bucket: - description: S3-Compatible API bucket name for stored blocks. - type: string - endpoint: - description: S3-Compatible API endpoint for stored blocks. - type: string - insecure: - description: Whether to use an insecure connection with an S3-Compatible - API. - type: boolean - secretKey: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - signatureVersion2: - description: Whether to use S3 Signature Version 2; otherwise - Signature Version 4 will be used. - type: boolean - tag: - description: Tag of Thanos sidecar container image to be deployed. - Defaults to the value of `version`. - type: string - version: - description: Version describes the version of Thanos to use. - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: array - version: - description: Version of Prometheus to be deployed. - type: string - status: - description: 'Most recent observed status of the Prometheus cluster. Read-only. - Not included when requesting from the apiserver, only from the Prometheus - Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this Prometheus deployment. - format: int32 - type: integer - paused: - description: Represents whether any actions on the underlaying managed - objects are being performed. Only delete actions will be performed. - type: boolean - replicas: - description: Total number of non-terminated pods targeted by this Prometheus - deployment (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: Total number of unavailable pods targeted by this Prometheus - deployment. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted by this Prometheus - deployment that have the desired version spec. - format: int32 - type: integer - required: - - paused - - replicas - - updatedReplicas - - availableReplicas - - unavailableReplicas - version: v1 - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: prometheusrules.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: PrometheusRule - plural: prometheusrules - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: PrometheusRuleSpec contains specification parameters for a - Rule. - properties: - groups: - description: Content of Prometheus rule file - items: - description: RuleGroup is a list of sequentially evaluated recording - and alerting rules. - properties: - interval: - type: string - name: - type: string - rules: - items: - description: Rule describes an alerting or recording rule. - properties: - alert: - type: string - annotations: - type: object - expr: - type: string - for: - type: string - labels: - type: object - record: - type: string - required: - - expr - type: array - required: - - name - - rules - type: array - version: v1 - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: servicemonitors.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: ServiceMonitor - plural: servicemonitors - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: ServiceMonitorSpec contains specification parameters for a - ServiceMonitor. - properties: - endpoints: - description: A list of endpoints allowed as part of this ServiceMonitor. - items: - description: Endpoint defines a scrapeable endpoint serving Prometheus - metrics. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - username: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bearerTokenFile: - description: File to read bearer token for scraping targets. - type: string - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - interval: - description: Interval at which metrics should be scraped - type: string - metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It defines - ``-section of Prometheus configuration. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - description: Action to perform based on regex matching. - Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label - values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. defailt is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular expression - for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: array - params: - description: Optional HTTP URL parameters - type: object - path: - description: HTTP path to scrape for metrics. - type: string - port: - description: Name of the service port this endpoint refers to. - Mutually exclusive with targetPort. - type: string - proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. - type: string - scheme: - description: HTTP scheme to use for scraping. - type: string - scrapeTimeout: - description: Timeout after which the scrape is ended - type: string - targetPort: - anyOf: - - type: string - - type: integer - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: array - jobLabel: - description: The label to use to retrieve the job name from. - type: string - namespaceSelector: - description: A selector for selecting namespaces either selecting all - namespaces or a list of namespaces. - properties: - any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. - type: boolean - matchNames: - description: List of namespace names. - items: - type: string - type: array - selector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - targetLabels: - description: TargetLabels transfers labels on the Kubernetes Service - onto the target. - items: - type: string - type: array - required: - - endpoints - - selector - version: v1 - - clusterServiceVersions: |- - - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: amqstreams.v1.0.0.beta - namespace: placeholder - annotations: - alm-examples: '[{"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"Kafka","metadata":{"name":"my-cluster"},"spec":{"kafka":{"replicas":3,"listeners":{"plain":{},"tls":{}},"config":{"offsets.topic.replication.factor":3,"transaction.state.log.replication.factor":3,"transaction.state.log.min.isr":2},"storage":{"type":"ephemeral"}},"zookeeper":{"replicas":3,"storage":{"type":"ephemeral"}},"entityOperator":{"topicOperator":{},"userOperator":{}}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaConnect","metadata":{"name":"my-connect-cluster"},"spec":{"replicas":1,"bootstrapServers":"my-cluster-kafka-bootstrap:9093","tls":{"trustedCertificates":[{"secretName":"my-cluster-cluster-ca-cert","certificate":"ca.crt"}]}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaConnectS2I","metadata":{"name":"my-connect-cluster"},"spec":{"replicas":1,"bootstrapServers":"my-cluster-kafka-bootstrap:9093","tls":{"trustedCertificates":[{"secretName":"my-cluster-cluster-ca-cert","certificate":"ca.crt"}]}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaTopic","metadata":{"name":"my-topic","labels":{"strimzi.io/cluster":"my-cluster"}},"spec":{"partitions":10,"replicas":3,"config":{"retention.ms":604800000,"segment.bytes":1073741824}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaUser","metadata":{"name":"my-user","labels":{"strimzi.io/cluster":"my-cluster"}},"spec":{"authentication":{"type":"tls"},"authorization":{"type":"simple","acls":[{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Read","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Describe","host":"*"},{"resource":{"type":"group","name":"my-group","patternType":"literal"},"operation":"Read","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Write","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Create","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Describe","host":"*"}]}}}]' - spec: - displayName: AMQ Streams - description: | - **Red Hat AMQ Streams** is a massively scalable, distributed, and high performance data streaming platform based on the Apache Kafka project. - AMQ Streams provides an event streaming backbone that allows microservices and other application components to exchange data with extremely high throughput and low latency. - - **The core capabilities include** - * A pub/sub messaging model, similar to a traditional enterprise messaging system, in which application components publish and consume events to/from an ordered stream - * The long term, fault-tolerant storage of events - * The ability for a consumer to replay streams of events - * The ability to partition topics for horizontal scalability - - # Before you start - - 1\. Create AMQ Streams Cluster Roles - ``` - $ oc apply -f http://amq.io/amqstreams/rbac.yaml - ``` - 2\. Create following bindings - ``` - $ oc adm policy add-cluster-role-to-user strimzi-cluster-operator -z strimzi-cluster-operator --namespace - $ oc adm policy add-cluster-role-to-user strimzi-kafka-broker -z strimzi-cluster-operator --namespace - ``` - keywords: ['amq', 'streams', 'messaging', 'kafka', 'streaming'] - version: 1.0.0-Beta - maturity: beta - maintainers: - - name: Red Hat, Inc. - email: customerservice@redhat.com - provider: - name: Red Hat, Inc. - links: - - name: Product Page - url: https://access.redhat.com/products/red-hat-amq-streams - - name: Documentation - url: https://access.redhat.com/documentation/en-us/red_hat_amq_streams/1.0-beta/html-single/using_amq_streams/ - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAlywAAJcsBGkdkZgAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7d13nBx3ff/x13d29/aK6kmyyjXJlnVqLpJV3ABL2GAnuIANJAZDjGkmIWCn0H4ktCTEgfwI5AeEOPyMSRwTmktiwJIlGVu2ZEkWtnxFXbrbu1M9lWtb55s/7k7tdu+2zMx3y+f5ePDgbnZn5i1Zn8/07yhEQWuvpWLAx+yETb22qFM2FwHVKKYA1RqqFVQD5UAQqByatRyoGPp5AAgP/dwHRIEBBd02dCtFNzbdQLe2OKxs2i0fbZVxDtaFGPDsDyscp0wHEGPbehWBiqNc6oNFGhYDC4E5KOrRTDMc7zDQBhwAmhQ0KYs3Og+wZxXEzUYTY5EGkGd2zyUYi7PEslmpFSvRXAbMA8pMZ8tQFEUrmh0KXlE2m+IT+d2iJqKmg4mzpAEYtnsG02IBVqO4RmlWoljC4K56MQoDr6LYrDQv6QTrF3Rw3HSoUiYNwGPrwT+jniuAW4F3AEsAy2wqY2xgu4K1NqytsHhxzoEz5yKEB6QBeGDPJVwUi3GH1tyhFDdw9uSbOF8fsEErfumL8WRjJ8dMByp20gBcsmMWdX4/tzC4pb8Z8BuOVGgSwCYFP1U2P2sM0WE6UDGSBuCgvRczMRrnvcAfAVcjf79OsTW8hOKRQICfXrqH06YDFQv5B5ojDdaueq614R7gfUCV6UxFLgw8Dfx4fhvPqME9BZElaQBZ2nMJF0XjfEzZfBhFvek8JeqA0jzsi/GDSw9x1HSYQiQNIENNs7nSsrmfwS2+nMzLDxEF/4XNN+aHeN10mEIiDSANGqzWBu5A8yngzabziFGtU5pvN7bztBq8zChGIQ1gFBqsnfXcacOXFSwwnUdkpFnD3y9o4z/kPEFq0gCSGC58DV8FGk3nETnZB/z9oTZ+KM8mjCQN4BwarNZ67tHwRQWXmM4jHKTYpTRfbWzjMTk0OEsawJCmet7qg29ouNJ0FuGqV5Xiz+cfZL3pIPmg5BvAztnMt22+ArzbdBbhqbVa88DCdt4wHcSkkm0Au2cwLV7GV4H7kNt0S1UMzQ9szV8tCtFtOowJJdcANKiWeu5Rim/kwWAaIj90A5+b38a/KtCmw3ippBpAUy1zLYvvATeaziLy0m99io/PO0iL6SBeKYkGsPUqApVHeVDBlynewTaEM2IK/tFXxl9fuoeI6TBuK/oG0FLPVRp+LDfyiAy9Yfl4f+N+XjMdxE1FOxKNBl9zPZ8BXpLiF1lYbCfY0lLPlzT4TIdxS1HuAbTMZjY2P0Lu2xfOeNm2+cCiEHtMB3Fa0e0BNDdwHzY7kOIXzrnGstjWXM8HTAdxWtHsAeyfTXkkwT9rxX2ms4jipeDHvXE+vqyTftNZnFAUDaCplrmWj5+judx0FlEStvvgrnlt7DMdJFcFfwjQUs87LItXpPiFh5YkYHtzA+80HSRXBdsANFgt9fwd8BQw2XQeUXImKM3PWur5si7gPemCDP7adKoCQf5Dwe2mswiB5hd9Ce4pxPMCBdcAmhuYqTRPActMZxHiDMXmuMXtl+3nsOkomSioBtBcx2Kl+G+gwXQWIZLYb8M7FrXRbDpIugrmHEBLHW9Xio1I8Yv8NccHG1sbWG06SLoKogE01/FeFE8DE0xnEWI0GiZpza9a67nLdJZ05H0DaK3n/Urx70DAdBYh0lSm4fHWOu41HWQsed0AWuu4X8OPkBF7ROHxacW/tdbzKdNBRpO3DaC5ns9oxXfJ44xCjEFp+FZzA180HSSVvLwK0FrHV7TK3780ITIV1vxoSTt/ZDrHhfKuATTX8YBS/KPpHEI4pc+GfhuC8JuVndxsOs+58mr3uqWBP5HiF8VkuPgBIvD2TbX83Gyi8+XNHkBLPR8EfkieNSUhsnVu8Z8rqHh0ZQcf9D7RSHlRbC0N3Ak8TJ7kESJXqYofIKL5wNZa/snbRMkZ3wNoqePtQzf5yHV+URT67cEGMJYKi88sD/GQ+4lSM9oAmupZ6IONGiaZzCGEU0bb8l9IgQ5a3LUixC/cTTVqBjOaZjPDstmE3NsvikQmxT9MQSJYxrIVB/idO6lGZ+SYu72WCkvzBFL8okhkU/wwOHx9PMaLv51h5jV1njcADVav4j/QrPR63UK4IdviHxbXVPl9vLbVwHkwzxtAaz1/gyr8sdSEgMHCz6X4h8U1MxO1PJf7kjLjaQNoqedW4DNerlMIt/SlebY/XRGbN71Sw1edW+LYPDsJOPRm3q3ARK/WKYRbct3tT8UCXWWxekmIDc4vfSRPGkB7LRW9FhuBJV6sTwg3uVX8w3wQrlbULujguHtrGeTJIUCvxXeR4hdFwO3iB0hA+UnY5O5aBrneAJobuA/y7zFIITLl1Am/dMQ0c7fU8i9ur8fVQ4Bd9VycgN8B491cjxBu82LLfyELtGWx6toQz7u4DndosBLw/5HiFwXORPED2KCweaoJytxah2sNYGcDn0de0S0KnKniHxaHCb01/NKt5btyCNDcwFKleRkXO5cQbjNd/OeqtHjfshCPOb1cxxvA7rkEY1G2K1jg9LKF8Eq6j/R6xacI63FcdP1OepxcruOHAPEon5fiF4XM6Tv8nJDQlAd6nT8UcHQPoKWGefh4DSh3crmidCl/AFVZ5dn6eqMx+nr7PFtfJhQQgLdf3cmzTi3TsRduaFCtPr6HFP9ZPh/THvgyE+68B6tKLoZkyo5G6T64D6thrmfrnAzEDnVw5Oufo2fDrz1bbzo0YCse1zBFDf6aM8f2AFob+JDW/JtTyysGk+/9U6Z/KS+Gfis4diTM0abXsermGFm/Dg+w55alJE64fjduxip8fH95O/c7sSxHzgHsnsE0rc2ObZaPxt2QV0PAFww7EuZos7niB1DlFZQvutLY+kcTSfDRjXVc4sSyHGkA8TK+BkxxYllFxS/jnGbKjkYGt/y15op/mMrT/342WH7bmfcL5NwAdjWwAPiQA1lEibOjEY6+8ZrRLX+hiGiu2DqD3891OTk3gLjNN5G394ocSfFnLmrxcK7LyKkBtDawWiluyTWEKG2Du/1S/JmKw4wtNTyQyzKybgAaLK35h1xWLsSZ4s+DY/5CFNX8jc5hDzzrGVvruQdYmu38QtjRCEebd2RU/InOdnr37kTrs5fBA8EgVSveBOr8q9p2z2l6XtuCtgdv67MZfL528tKVWJXjHPkzmJaAii2z+Bad/Ek282fVADT4WhWfd+ZWBFGK7GiEY807sGoyezVEZ9PrHKmeMWL6ZbubKZu36Lxpp7dvYm/VyItTeusmpr75xswC57GY4iNN8OAiiGY6b1aHAK31vB/NvGzmFWJ4t19lWPwAWiW/d03HRv7bt+3kN/TbdiLj9eazhKasdxbfzGbejPcANPha4XPZrEyMLXHqBD1NvyMeiVBWNY5xly3Fqqgce0at6dy4gZOhNnzBINMXLGbS/MXuB86Q6Tv8ilVc8dGt8OAyiGUyX8YNYGc9fwg0ZjqfGNuJjeto81WQKJ945omKwLYtzKkqZ9yS1C9S6m0/wLZ1axmYXguTpgOwf387U15+kaXvuxdfWdCL+GPyuviLazs/uoSmzK7jIdozuyqQ0SGABp+GL2QWTaSj59VN7C+fSOKCYo1VjmdPVBPZtzPpfIlImC3Pbxgs/nMpxfGZs3n1sUdcSpwZE7f32iV2jipmc3+mVwQyagCtDdwOzM8olUhLx6meEWexh9mBMg7tbEn62f5fPUlk6siTYsO6p9dzet8uRzJm60zxy6U+VyU0wc01/HUm82TUAJTm05lFEumwe3vonzj6oxSnxk9OOr37xIlR59NKceSN17LOlispfm9p+EQm30+7ATQ1sETDmzKPJMaUYst/Lq2S/6dKdVb8vO8YOustxe+9mKZ6aw3vTvf7aTcAS/Op7CKJsVhV4yjvH32ot/Gnu5NOn1A19mg51XO9P2rzuvjzbAQvo+Kk/4LRtBrA7hlMA96bdSIxppnWKGesbJvpNTVJP7rk5tvw95xMOeuEroNMWeztc+0mtvyldsJvNDFN49ZZ6Z2rS6sBxIJ8HBnqy1WTr72BmpOHRwzRZCXizOk/QdXly5LOVzZ+Aksa5+E/NXIPoepIB0tvfacLaVOT3X7zNJCwSGsoqjEvGWiwWm0+7N2LxEvX9NW3MOnAHk7t3UU0FiPos5i08HICNStGnW/K5Uu54ZJ57F/zDKdOdmNpmFpbR/377wXLk/e/AsPFn9m9/cIdMZvVGnxqjNshxmwALfWsVlDvXDQxmuDsuVw0O/NBMP1V47j0jve4kCg9djTC0ZY3sGpnG8sgzrLBv6WWPybEt0f73pibB6W517lYohglImGOtTZl/GBPVlLtiaa4SpL0qxl8t5AlNJ8c6zuj7gHsvZiJ0Th3OBdJFJtEJMzxnc2omXWerG/arFp8HaHzpvksReXlbx3x3eoFlxFPcg/EpCtK4yn2hOaSrVOZuewYXam+M2oDiMb5AyCNJ1FEKbKjEY61vOHNln9IxYLLqVlweVrfDcyooWZG8qsnpcAGlSjna8B9qb4z1r7QB52NJIpFIhLm2M5mT4tfZC6huXO0z1M2gN011AJXO55IFLxEJMzxXS2oGbVjf1kYFddM3NqQeuSulA0g4eNOXHp9uChcg8XfKsVfQOJx/iLVZykbgIZ3uRNHFKqzxV+6x9WFSMPbUn2WtAHsmMN04DrXEpUKXTz3pybCw7v9JVT88bjpBI6Iaao31yQfwi9pA/AnuAPwuZqqBERTDOJRaBLhMMd3l9Yxv45FCe98w3QM5yg+k2xy0gagNbe7m6Y0HP/u14kd3Gs6Rk5KsfjtgX4OffXPiR89ZDqKY2w7+WvERpzk2z+b8rDNceT6vyNUeQWVV12LNanadJSsxI8dIRI64Mm6Jj76LNbE5AOfZOPkzx7l+CPfyXi++KFOdDyjsTXzngIdn8yEVU30njt9xI1AAzbXKyl+x+jwAH0bnzMdI+/12TAh4dzAJaeeeIxDf/uXkGJo8FKjQY0/xb3AeR1xxCGABTd5lkoIBou/38E6PfXEY3R95UEp/gvENSOeFhvRALQ0AOEhx4v/yf+U4k/BhhEjw5zXAHbOYipwhWeJRElzvPifepyuLz8gxZ9CXDNuSz0XnzvtvAag/ay+cJoQbuh3o/i/9Gkp/jHYcT527u/nnQTUcvOP8IDTW/7Tv/4lh2TLnx7FqnN/tS74MPX7p4RwgOPF/5sn6Po/f4x28ApCMUvo81/rd6YB7J5LED3yJIEQTnGl+L/wCXSR3LLrhThM2Drr7GX+Mw0gHmMpkB9vkRRFx/Hif/ZJKf4sxdXZMQLONABty7P/wh2uFP/n75fiz5KCW4d/PtMAlMVyM3FEMXP6bH/Pmqek+HOkFVcN/3z2KoDmMiNpRNFyesvfs/ZpOj/3cSn+HCVsZg7/bAFsvYoAJH9eWIhsuFL8n/2YFL8DbKhogjIYagAVR5nH0AQhcuV88f83nZ+VLb9TNBCZxZthqAH4YJHRRKJoOF78z/3P0Ja/uB7PNc1WrIahBqClAQgHuFL8n/moFL8L4rAMzp4EXGgwyxmBmgamfOqLBOctRvnHfG1hehIJEr2nnVlWnosdPczAxGrwBzxbp338CJGnH+fkmqdzLn5tn72br3fdM1L8LtJD5/yGq8z461ytikrqf7KeQJ3xKAUp3Laf3mk1+Kuner7usutv4tTA++G3z+a0nJO/+HemfviBwTv8vvhJKX4X2ZpqGBoSrKWeo4D3/3LOUXn1DdT/ZL3JCAUr3LafUwNhLAPFP+zUMz+n6/P3G1u/yIwFies78VtD9wUbLX4A38RJpiMUpEhHG6cGBowWP4Bv3Hij6xeZscG3aS4TrPFl1JsOI7IT6WjjZG8vVvU001FEAfKFWWrZCeTtjgVIil/kSimWWijZAyg0UvzCCVqz0FKai0wHEemT4hdOsTUz/dqimuJ5hV1Ry6b47eNHSJzsPjvBsgjUzobAyDu/dW8P8cMd503zT69ByQm+oqSh2s/Q9UCR37Ip/sTRQ7y+/yC27/ybqmbsXUPNjSPfFNX66lb6qyacN62iaxsLr78hq8wiv2mYZIE0gHyX7W6/ffrkiOIHiFjJ7xQMV47c0g9UjC+qtxyL84y3gCmmU+TEtol1hYgd6cp41oGjhzmxu4Vob48LwZwRbtsnx/zCFTZU+QHn3sbosRMvP0+HVUY0MDiUYXD3bmpUgknXrhp9vl0t7Nj0Ev0XDb3rfvc+Jh3t5Iqb30HF9JmjzuulcNs+TvUPYE2R87TCBZpyiwJ9EejhF9ayPzj+TPEDRCrGsa98IsfWPZNyvpN7drKlZefZ4gewfJycXsdL69YS7j7mZuy0SfELt2mFz6IABwKJHNxLZ1XqUxft46cST3FIsOPF57GD5Uk/i02eRuszTzqSMRdS/MITGlWQDeDUvt2jXrnUPj89O5tGTI+e7KZ/et2oy+72mR0Z3WTxy6m+0qLBKsgGkEjjLTCxgf4R0yInutFKjb7s8oqsc+VKtvzCY4W5BxAsT74Lf953KqtGTKusqUNFI6POV9ZzIutcuZDiF15TDA4JVnANYOKiK/GNMlhE4PQJxi9ZMWK6ryzI1O5Doy57ZuXYzcVpUvzCBHtoD6Dg+CZPYQ4xVGLkKLG+yABzxldiVSW/fXXx7XdRfqQj6WeTQnuZ9667Hc06Fil+YZIfiALeb/ZyNGHF9SzY1cyRPTvpq5yATsQZ13+a6YuvIDgn9SsOgpOncN0dd7Hr6Z9xNAGJsnICfT3MmjyBuR+6f+i0iDek+IVJFuiCbQAA5fMWUj8v8/FMAxMmsuh997mQKH2RjjZjxS8v0hYweNXHYrABCA9FOto42dNjbMsvl/vEkDN7AMIjXha/f0YtE9teYqB83JlpWttMspK3gOoThzk97vw7wyf0nYAxLp2KwqTAlgbgIa+3/KpqHHNXvS3t78++aeQjwqJ4WQrbAvpMBykFpnf7hbiQ1iQsBd1jf1XkQopf5COlCFu2NABXSfGLfKUUfRaa46aDFCspfpHnTsshgEsiHW2cPC3FL/KXBSf9gJmnXy4QP3rYdATHhNv2caqvH2vqdNNRPBM/3Gk6gsjcCUtbHDGdAiD8+hYGtm8yHSNnpVj8id7TnHjsX03HEBlS0OVXNm3kwX0eOh6n/Q/fyqS7P0rZJfMzvvlk3E234Z82w8E8Mbr/9R8znEnT130Myr0fZS2mIW7gFr/4scP0PPc/xA4lf8BK5C+taVatc2jUCVpNh8lV2cWN1D++Dv/0WY4sz+7vY9eCcWN/MQ/02dBvm04hCk25xQ1WVYw2iuD28Oi+nbT9weqSOxaV4hfZ6pvINqsuxACK/BgKN0el1gSk+EW2FCRWNdE7+PC75qDhPI4plSYgxS9y4YN+GHwcGA37zMZxVrE3gX4pfpEjyxrc67cAFLSYjeO8Ym0Cffbg/4TIhYLdcLYBvGE2jjuKrQnIbr9wiqXZCkMNwFKMfItGkSiWJiDFLxylWANDDaDjILuB0QfML2CF3gSk+IXTVIiNMNQAVkEc2GU0kcsKtQlI8Qun+RX9yyAGQw1gyOuG8nim0JqAnO0XblBwpgCscya+YiaOtwqlCcjZfuEWv2LL8M9nG4BN4T+Kl6Z8bwKy2y9cpXhq+MczDaBnOtuBASOBDMjXJiDFL9zW284Twz+faQDLthEDthtJZEi+NQEpfuE2v+LkKggP/37+i/BU6RwGDMuXJiDFL7xgcf6j//5zf1Galwv+ueAsRPftpO3uGwfHE3BwUBGASe+9jwnvugerKvXYAjZgl+Jf/Fi05ljLDnwz67xbpW0T6zjIsR98k+jenZ6t1ys+WHfu7+cNu9NSwxR8HOHCPYMSUTZ3wZkmEGl5nf03X5HT8ia+6x5m/t9HHUpXYrQmtO5XBC9fbmT18eNH2X/HtSR6ThlZv1vGBZm9dP/Zp3/PK/QFHRwHXvU8VZ6I7mnh4G0rOfS5j9H+gZtzXt74W+50IFUJ0pqOdb82VvwA/inTqLjqGmPrd4MPes4tfki+pV/jUZ68FOts4+RjPyB+pCvnZanKKgcSlRit6Vj3K8ouX2Y6yaiHbYXIr0Zu3Ec0AKVKuwEIg84Uv7ktfzFT8JMLp41oAIlxbEReGCq8NrTbL8XvDgXamsGPLpw+ogEsaiIKbPAilBDAOcVvfre/WAUUh5ZtGxwG7FxJz/ZrxS/djyQEg8W/XorfbZbi6WTT/ckmqjhP4OP7qT4XwhFa07HhWcouS7/4dSRMOHTgvGm+iirKZiW5V0Brwvt3o/XZO6wsn59gwyUZv3im0CmLv082PWmBL+jgeEs9LwCrXE0lSpfWdDy/hrLFSzOaLfTCcxyZfMHNWid6WRyNEpx9yXmTu19az/7yiSOWcXHXb5l8zVsyjlyoAopjy9uSD/yb+oYfxS9cS1QiEnJ3X3Ja07H+N5QtWpLxrFGdZMutFPHe0yMmx6LRpMuIRcJJpxcrBb9O9VnKBmAl+CWDd6mKLPTZ2f/lRQ510tP8OtEM35gc6+vl8PYtHHvjNexono7wpjWd639D2WVXmU5SMvxBHkr5WaoPGkN0NNfzkoLr3YlVvLIdyadv707a9++jv3rozcIH2xn3ykvUX7GU8tqGlPPZsSjbHnuE7snT0WVBAFRzM3U+zcI7787mj+Cazg3PEpDi94xfcWLZPnak+nz0e/7VyOuGYnTZjuQzcGAvu492ny1+AMuid2YDu3bvIXY89VvcNz76Q45Prz9T/AB6wmTaqqrZ8ZMfZx7GJZ3rf0Mgw2N+kRu/4qejfT5qA9D9PA70OpqoiOXySG/7rlbscwr4XPGJk+nY9GLSzw5uWENfzeyUy+0oH09/hocSbpDi954FOhbji2N8J7VFR+lVyD0B6cil+O3wAH1TRn8M+XTlhKTTO/ftGX3hwXI6trycXTCHdG54VorfAL9i93WHSb3rSDqP/SoecSpQscp1MA87EkGPcV3aLq9MOj3O2Nezo2FzZ707NzxLIIuz/SJ3Ps23x/rOmA2g8SDrKbKXhzrJiZF8/BMn4YuNftY+cPpE0umVwbIxlz9hurODnKSrc8MaKX5DfIrYsk6+N9b3xmwACrTS/NCZWMXFyXH7p/SNPvDEtIrk5wcufdMqiCW/3g3gP36E2qvflFO2bHQ+v4bAois9X68Y5IO1Ko0r0WmN/KMS/AslNGJwOpwet3/W9asYd+Jo0s8mH+3gojffmPSzCfVzmOPTkIiP+Ez1nuaKK69E+XzOBU1D5/NrCCyU4jfJVvxpOt9LqwE0dnJMaR7LLVLxcGMAT6ssyLxVN1EX6WHcyWOU9/cw/lgXs+MDzHn7raPO2/h7t7N0dj3jD7fjP3GMwLHDVB/t4Pq3vIVpiy53NugYun67VorfsCA0XRtijLPDg9J+2MeGbyn4EKRx1qmIuTp6r2Ux7Zq3MC2LWS9adDkXeVzsF+p6YR3+BbmNoyhyZ/n4QtrfTfeLC9t5gxIfJ0CG7k6t68X1+OdfZi5AJk/3FfGTgAHFseXtPJnu9zN63Fdp/kmr0nxCUF7UmVrXxg34Gxd7sq7JleWEe06COrvtCsTClC9bOeK746bPpPLwUWzr7DkQlYgzvq7Wk6wm+BTfyeT7GTWAxnaeaq1nB2Cw1XtPtvypdb2wztMtf/V1q6lO87tVC69gwUJX4+QVnyK8PMTfZDJPRuP/K9Ba87eZxSpsUvypdb3obfGL0fkV31GQyGSejF8AsqCd/wLeyHS+QiTFn1rXi+vwN0rx5wtLEVkR4vMZz5fpDApspfh6pvMVGin+1KT480/A4rsKRt4MMoasXgHWeJDHgeJ7cdoQKf7Uul5cL8WfZ3yKyIp2/jKbebNqAAoSCr6Wzbz5Ts72p+bl2X6RvoDi+9ls/SGHl4A2tvEYsDXb+fOR07f3Ro8ccm5hhh3a/CL+eYtMx/BU/FCH6Qhj8kPv8hAPZjt/1g1AgY3Nn2c7f75xY7e/85H/hx7lQZ1C0fXy8/gubjQdw1N9r7xA//bNpmOMKQCfTeehn1RyviWqpZ4ngdtyXY5Jbh7zV81fzNRb30PZ1OljfzkPhY8eou/4MU/WNfUjD2I5+ELVeFeI07/ObDwbnUgQ2dtKz5qn0fGYY1ncELAIXRMiyQsR0pdzA2idQ6NOsAMI5LosE+SEX/64dF0zvuqpjiwr1hWi7SPvJBY6OPaXC1QF3LS8k7W5LCPrQ4Bh8/ezE80Pcl2OCVL8xakUir8MtuVa/OBAAwCwNX8Fo489lm+k+ItTKRS/BbYu4y6HlpW7RSG6NfyFE8vyghR/cSqF4gcos/jONQc44MSyHGkAAAvbeBRy3yVxmxR/cSqV4g8ojq0I8WmnludYAwDQNp8A8vbFa1L8xalUih+gXPFuJ5fnaANYGGI38HdOLtMpUvzFqcSK/1dLQs4OyuNoAwCwx/N18uxpQbm9tziVUvH7YMCa4cyJv3M53gAWNRG14Q/Ik0MBp2/vFfmhlIpfAWUW9yzbRr/Ty3a8AQAsaqNJw1+7sexMyG5/cSql4gcos3hieYifu7FsVxoAwII2voE2N4ioFH9xKrXi9ytOrgg5v+s/zLUGoMD229wDJH+nlYuk+ItTqRW/BdqCWzId5ivDdbjn0g5CGueuWaZDTvgVp1IrfoAA/PPVHWxycx2uNgAYvEFIwcNurwfkhF+xKsXiL1PsWNmZ3uu9cuF6AwAIWnwS2ObmOmS3vziVYvH7FX3xcVznxbo8aQBzDhDWPu4EXHmwXIq/OJVi8SvQQZtbrt9Jjxfr86QBACzcz0ENd+PwCQ0p/uIU7wrRdt/tJVX8ABWKv7qqixe8Wp9nDQBgYRtrILM3l4xGTvgVl/CuJgBine0cvO92Yp3thhN5q1zx3LIObwfb9fwtiRpUax3/juLuXJYjW/7iY1VUUrnsOgZe30rilOdXj40KKNqv7mCOm5f8kjHyXdGzvgAABdxJREFUmtT9sykP26wDrslmfil+UUx8it7xPuovb/P+nhlPDwGGzTlA2IpzG7An03ml+EUxsSBebrPCRPEPrd+Mxk6OWRa3ksGdglL8opgohQ7Y3HFVFy2mMhhrAACNB2hViruAMQfPlxN+otgEFZ9eeYj/MZnBaAMAmH+QdVrzXkZ5tZHc4SeKTdDioRUhvm06h5GTgMm01vN+DT/igqYku/2i2JQrfrCig4+ZzgF51AAAWhv4kNY8zFAuKX5RbMotHlsR4n2mcwzLqwYA0FrPpzR8S4pfFJug4pmVHfy+6RznyrsGALC9jkd6EnzQdA4hnFKmWHd1B281neNCedkAAF6p4cmwLuyXjgoBELT4zcoQN5vOkYzxqwCprOjg9qDFf5rOIUQuyhSP52vxQx43AICVIe4uh++aziFENsotHr66gz80nWM0ed0AAFZ08sdBi4dM5xAiExV+/mFFiI+YzjGWvD0HcKHNNTwQ03zTLqDMovQo0AHFg1d38C3TWdJRUMW0ZQa3RH08mdAETGcR4kI+RaxMccfyEM+YzpKugmoAAC/PZIG22BzXjDedRYhhfugJalaafLAnGwXXAAC2XszEWITXYpoG01mECChCExRXLArRbTpLpgqyAQBo8G2exfoovMl0FlG6yhXPLe/gbQoK8r7VvL8KkIqCxNWdvLnCxxcUaNN5RGmxQFcovrCigxsLtfihgPcAzrWphqttWBvXVJnOIoqfX9EftLnZy9F73VIUDQCGzgtEeTFms9h0FlG8Aha7A2UsX7aPU6azOKFoGsCwLbX8S1jzEa2L788mzLFAB+CfvXhdl5eKskhebeCacJxn4ppJprOIwudXnKrQ/N6STl4yncVpRdkAADRYr8ziZ1F4p5whFNlQQFDxq+Ud3KZGGbKukBXsVYCxKLBXdvKuCsV7fIqw6TyisPhgoMzHO1d08HvFWvxQxA1g2LIOfqoU1eWKp01nEYUhqHhej2f6ynaeMJ3FbUV7CJDM9lpuCGt+GtNMNZ1F5B8/HA8q3nNVB+tMZ/FKSTWAYVtq+XrE5i/sEtgDEmOzwA5aPLw8lB8j9XqpJBsAwMY6LvHb/DyiucJ0FmFO0GKbr4x3LdtHm+ksJpRsAxi2ZRY3xRU/jGlqTWcR3gnA4TLF3aW0u59MyTeAYZtm8Qlb8ZDcTlzc/Io+n+ZzKzv5juks+UAawDk0+LbM4tsxxYcTmjLTeYRzfIpIQPH95SEeLOSHd5wmDSAJDf6ttXwtqvlUQlNuOo/InqWIBBU/qgzxyUVpvIS21EgDGIUG35YavhSHB+OaStN5RPr8inBA8agK8SfLIGY6T76SBpAGDb7NNXxJwydimmrTeURqAcVxn+Lby0N8TXb1xyYNIENbZ/G2uOKhqFw+zBsKCFjs8yv+bFkJ3L3nJGkAWdpcwzwU34nZrLbBbzpPKbIUMT+sTVh88rp29prOU4ikAeRIg7W1lnsTmj+La+bLewvcF4CDfovvLgvxDdnNz438Y3XQ1qnMTJTztYTmzrhmouk8xcSvOOFX/DQW44vXHeaI6TzFQhqASzbXMM9S/Fnc5vYYTDedpxD54bQPnisr4ytLDvA703mKkTQAD2yq5VIFn7Vtfj8BF8lhQnIWaL/ikKX4b+3j71YeZL/pTMVO/iF6bDcET9TybjR3x2FlvMQvK/oU/X543VL8MlLF967fSY/pTKVEGoBhmxuYQ4yPoVid0DTGYYLpTG4KKE4paPXBc7qc76/YS7vpTKVMGkCeeamWCgvuVJrbtOKqhGamrakoxHEN/Yp+BZ0+2KosnprUzi8uhYjpXOIsaQAFoAnKIrN4cwxu1IqlGubZmmoNlTb4TGZTkPBBv1IctzS7lGKbD9bqDl6QW3DznzSAAvdiI+MrelmuLa5MaBagmQVUa5ikYbwNVWjKUYONQmt8eui/+/D/K4Ue+kUrRYLBDxNKMaCgX8Fp4JRSHFfQqTUtlmJ770S2rmqi19AfXTjgfwFVFcHePttw0QAAAABJRU5ErkJggg== - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: strimzi-cluster-operator - rules: - - apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - create - - delete - - patch - - update - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - rolebindings - verbs: - - get - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - kafka.strimzi.io - resources: - - kafkas - - kafkaconnects - - kafkaconnects2is - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - delete - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - deployments - - deployments/scale - - replicasets - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - apps - resources: - - deployments - - deployments/scale - - deployments/status - - statefulsets - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - events - verbs: - - create - - apiGroups: - - extensions - resources: - - replicationcontrollers - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - apps.openshift.io - resources: - - deploymentconfigs - - deploymentconfigs/scale - - deploymentconfigs/status - - deploymentconfigs/finalizers - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - build.openshift.io - resources: - - buildconfigs - - builds - verbs: - - create - - delete - - get - - list - - patch - - watch - - update - - apiGroups: - - image.openshift.io - resources: - - imagestreams - - imagestreams/status - verbs: - - create - - delete - - get - - list - - watch - - patch - - update - - apiGroups: - - "" - resources: - - replicationcontrollers - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - kafka.strimzi.io - resources: - - kafkatopics - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - apiGroups: - - kafka.strimzi.io - resources: - - kafkausers - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - deployments: - - name: strimzi-cluster-operator - spec: - replicas: 1 - selector: - matchLabels: - name: strimzi-cluster-operator-alm-owned - template: - metadata: - name: strimzi-cluster-operator-alm-owned - labels: - name: strimzi-cluster-operator-alm-owned - spec: - serviceAccountName: strimzi-cluster-operator - containers: - - name: cluster-operator - image: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-clusteroperator-openshift:1.0.0-beta - env: - - name: STRIMZI_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: STRIMZI_FULL_RECONCILIATION_INTERVAL_MS - value: "120000" - - name: STRIMZI_OPERATION_TIMEOUT_MS - value: "300000" - - name: STRIMZI_DEFAULT_ZOOKEEPER_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-zookeeper-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafka-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_CONNECT_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkaconnect-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_CONNECT_S2I_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkaconnects2i-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TOPIC_OPERATOR_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-topicoperator-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_USER_OPERATOR_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-useroperator-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_INIT_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkainit-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TLS_SIDECAR_ZOOKEEPER_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-zookeeperstunnel-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TLS_SIDECAR_KAFKA_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkastunnel-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TLS_SIDECAR_ENTITY_OPERATOR_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-entityoperatorstunnel-openshift:1.0.0-beta - - name: STRIMZI_LOG_LEVEL - value: INFO - customresourcedefinitions: - owned: - - name: kafkas.kafka.strimzi.io - version: v1alpha1 - kind: Kafka - displayName: Kafka - description: Represents a Kafka cluster - specDescriptors: - - description: The desired number of Kafka brokers. - displayName: Kafka Brokers - path: kafka.replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: The type of storage used by Kafka brokers - displayName: Kafka storage - path: kafka.storage.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Kafka Resource Requirements - path: kafka.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - description: The desired number of Zookeeper nodes. - displayName: Zookeeper Nodes - path: zookeeper.replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: The type of storage used by Zookeeper nodes - displayName: Zookeeper storage - path: zookeeper.storage.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Zookeeper Resource Requirements - path: zookeeper.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: kafkaconnects.kafka.strimzi.io - version: v1alpha1 - kind: KafkaConnect - displayName: Kafka Connect - description: Represents a Kafka Connect cluster - specDescriptors: - - description: The desired number of Kafka Connect nodes. - displayName: Connect nodes - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: The address of the bootstrap server - displayName: Bootstrap server - path: bootstrapServers - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: kafkaconnects2is.kafka.strimzi.io - version: v1alpha1 - kind: KafkaConnectS2I - displayName: Kafka Connect S2I - description: Represents a Kafka Connect cluster with Source 2 Image support - specDescriptors: - - description: The desired number of Kafka Connect nodes. - displayName: Connect nodes - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: The address of the bootstrap server - displayName: Bootstrap server - path: bootstrapServers - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: kafkatopics.kafka.strimzi.io - version: v1alpha1 - kind: KafkaTopic - displayName: Kafka Topic - description: Represents a topic inside a Kafka cluster - specDescriptors: - - description: The number of partitions - displayName: Partitions - path: partitions - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: The number of replicas - displayName: Replication factor - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - name: kafkausers.kafka.strimzi.io - version: v1alpha1 - kind: KafkaUser - displayName: Kafka User - description: Represents a user inside a Kafka cluster - specDescriptors: - - description: Authentication type - displayName: Authentication type - path: authentication.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Authorization type - displayName: Authorization type - path: authorization.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: etcdoperator.v0.6.1 - namespace: placeholder - annotations: - tectonic-visibility: ocs - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - **High availability** - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - **Automated updates** - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - **Backups included** - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.6.1 - maturity: alpha - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-status-descriptors: etcdoperator.v0.6.1 - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - verbs: - - "*" - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:bd944a211eaf8f31da5e6d69e8541e7cada8f16a9f7a5a570b22478997819943 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: service - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: etcdoperator.v0.9.0 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdCluster","metadata":{"name":"example","namespace":"default"},"spec":{"size":3,"version":"3.2.13"}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdRestore","metadata":{"name":"example-etcd-cluster"},"spec":{"etcdCluster":{"name":"example-etcd-cluster"},"backupStorageType":"S3","s3":{"path":"","awsSecret":""}}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdBackup","metadata":{"name":"example-etcd-cluster-backup"},"spec":{"etcdEndpoints":[""],"storageType":"S3","s3":{"path":"","awsSecret":""}}}]' - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - - - **Automated updates** - - - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - - - **Backups included** - - - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.9.0 - maturity: alpha - replaces: etcdoperator.v0.6.1 - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - - etcdbackups - - etcdrestores - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-backup-operator - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - command: - - etcd-backup-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-restore-operator - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - command: - - etcd-restore-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: pod.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdbackups.etcd.database.coreos.com - version: v1beta2 - kind: EtcdBackup - displayName: etcd Backup - description: Represents the intent to backup an etcd cluster. - specDescriptors: - - description: Specifies the endpoints of an etcd cluster. - displayName: etcd Endpoint(s) - path: etcdEndpoints - x-descriptors: - - 'urn:alm:descriptor:etcd:endpoint' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the backup was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any backup related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdrestores.etcd.database.coreos.com - version: v1beta2 - kind: EtcdRestore - displayName: etcd Restore - description: Represents the intent to restore an etcd cluster from a backup. - specDescriptors: - - description: References the EtcdCluster which should be restored, - displayName: etcd Cluster - path: etcdCluster.name - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:EtcdCluster' - - 'urn:alm:descriptor:text' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the restore was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any restore related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: etcdoperator.v0.9.2 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdCluster","metadata":{"name":"example","namespace":"default"},"spec":{"size":3,"version":"3.2.13"}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdRestore","metadata":{"name":"example-etcd-cluster"},"spec":{"etcdCluster":{"name":"example-etcd-cluster"},"backupStorageType":"S3","s3":{"path":"","awsSecret":""}}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdBackup","metadata":{"name":"example-etcd-cluster-backup"},"spec":{"etcdEndpoints":[""],"storageType":"S3","s3":{"path":"","awsSecret":""}}}]' - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - - - **Automated updates** - - - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - - - **Backups included** - - - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.9.2 - maturity: alpha - replaces: etcdoperator.v0.9.0 - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - - etcdbackups - - etcdrestores - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-backup-operator - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - command: - - etcd-backup-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-restore-operator - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - command: - - etcd-restore-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: pod.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdbackups.etcd.database.coreos.com - version: v1beta2 - kind: EtcdBackup - displayName: etcd Backup - description: Represents the intent to backup an etcd cluster. - specDescriptors: - - description: Specifies the endpoints of an etcd cluster. - displayName: etcd Endpoint(s) - path: etcdEndpoints - x-descriptors: - - 'urn:alm:descriptor:etcd:endpoint' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the backup was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any backup related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdrestores.etcd.database.coreos.com - version: v1beta2 - kind: EtcdRestore - displayName: etcd Restore - description: Represents the intent to restore an etcd cluster from a backup. - specDescriptors: - - description: References the EtcdCluster which should be restored, - displayName: etcd Cluster - path: etcdCluster.name - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:EtcdCluster' - - 'urn:alm:descriptor:text' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the restore was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any restore related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: federationv2.v0.0.2 - spec: - displayName: FederationV2 - description: | - Kubernetes Federation V2 namespace-scoped installation - version: 0.0.2 - maturity: alpha - provider: - name: Red Hat, Inc - labels: - alm-owner-federationv2: federationv2 - alm-status-descriptors: federationv2.v0.0.2 - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: federation-controller-manager - rules: - - apiGroups: - - clusterregistry.k8s.io - resources: - - clusters - verbs: - - "*" - - apiGroups: - - core.federation.k8s.io - resources: - - "*" - verbs: - - "*" - - apiGroups: - - multiclusterdns.federation.k8s.io - resources: - - "*" - verbs: - - "*" - - apiGroups: - - scheduling.federation.k8s.io - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - "*" - # TODO(font): use statefulset - deployments: - - name: federation-controller-manager - spec: - replicas: 1 - selector: - matchLabels: - app: federation-controller-manager - template: - metadata: - labels: - app: federation-controller-manager - spec: - containers: - - name: controller-manager - image: quay.io/kubernetes-multicluster/federation-v2:v0.0.2-rc.1 - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 64Mi - command: - - /root/controller-manager - args: - - --federation-namespace=$(FEDERATION_NAMESPACE) - - --install-crds=false - - --limited-scope=true - - --registry-namespace=$(CLUSTER_REGISTRY_NAMESPACE) - imagePullPolicy: Always - env: - - name: FEDERATION_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CLUSTER_REGISTRY_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - restartPolicy: Always - terminationGracePeriodSeconds: 5 - serviceAccountName: federation-controller-manager - serviceAccount: federation-controller-manager - customresourcedefinitions: - owned: - # TODO(font): Move Cluster CRD to required once OLM supports CSVs - # without a deployment. - - description: Represents an instance of a Cluster Registry - displayName: Cluster Registry Application - kind: Cluster - name: clusters.clusterregistry.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedCluster resource - displayName: FederatedCluster Resource - kind: FederatedCluster - name: federatedclusters.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedConfigMap resource - displayName: FederatedConfigMap Resource - kind: FederatedConfigMap - name: federatedconfigmaps.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedConfigMapOverride resource - displayName: FederatedConfigMapOverride Resource - kind: FederatedConfigMapOverride - name: federatedconfigmapoverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedConfigMapPlacement resource - displayName: FederatedConfigMapPlacement Resource - kind: FederatedConfigMapPlacement - name: federatedconfigmapplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedDeployment resource - displayName: FederatedDeployment Resource - kind: FederatedDeployment - name: federateddeployments.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedDeploymentOverride resource - displayName: FederatedDeploymentOverride Resource - kind: FederatedDeploymentOverride - name: federateddeploymentoverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedDeploymentPlacement resource - displayName: FederatedDeploymentPlacement Resource - kind: FederatedDeploymentPlacement - name: federateddeploymentplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedIngress resource - displayName: FederatedIngress Resource - kind: FederatedIngress - name: federatedingresses.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedIngressPlacement resource - displayName: FederatedIngressPlacement Resource - kind: FederatedIngressPlacement - name: federatedingressplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedJob resource - displayName: FederatedJob Resource - kind: FederatedJob - name: federatedjobs.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedJobOverride resource - displayName: FederatedJobOverride Resource - kind: FederatedJobOverride - name: federatedjoboverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedJobPlacement resource - displayName: FederatedJobPlacement Resource - kind: FederatedJobPlacement - name: federatedjobplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedNamespacePlacement resource - displayName: FederatedNamespacePlacement Resource - kind: FederatedNamespacePlacement - name: federatednamespaceplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedReplicaSet resource - displayName: FederatedReplicaSet Resource - kind: FederatedReplicaSet - name: federatedreplicasets.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedReplicaSetOverride resource - displayName: FederatedReplicaSetOverride Resource - kind: FederatedReplicaSetOverride - name: federatedreplicasetoverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedReplicaSetPlacement resource - displayName: FederatedReplicaSetPlacement Resource - kind: FederatedReplicaSetPlacement - name: federatedreplicasetplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedSecret resource - displayName: FederatedSecret Resource - kind: FederatedSecret - name: federatedsecrets.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedSecretOverride resource - displayName: FederatedSecretOverride Resource - kind: FederatedSecretOverride - name: federatedsecretoverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedSecretPlacement resource - displayName: FederatedSecretPlacement Resource - kind: FederatedSecretPlacement - name: federatedsecretplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedService resource - displayName: FederatedService Resource - kind: FederatedService - name: federatedservices.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedServiceAccount resource - displayName: FederatedServiceAccount Resource - kind: FederatedServiceAccount - name: federatedserviceaccounts.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedServiceAccountPlacement resource - displayName: FederatedServiceAccountPlacement Resource - kind: FederatedServiceAccountPlacement - name: federatedserviceaccountplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedServicePlacement resource - displayName: FederatedServicePlacement Resource - kind: FederatedServicePlacement - name: federatedserviceplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederationV2 sync controller - displayName: FederationV2 Push Reconciler Application - kind: FederatedTypeConfig - name: federatedtypeconfigs.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a PropagatedVersion resource - displayName: PropagatedVersion Resource - kind: PropagatedVersion - name: propagatedversions.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a DNSEndpoint resource - displayName: DNSEndpoint Resource - kind: DNSEndpoint - name: dnsendpoints.multiclusterdns.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a MultiClusterIngressDNSRecord resource - displayName: MultiClusterIngressDNSRecord Resource - kind: MultiClusterIngressDNSRecord - name: multiclusteringressdnsrecords.multiclusterdns.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a MultiClusterServiceDNSRecord resource - displayName: MultiClusterServiceDNSRecord Resource - kind: MultiClusterServiceDNSRecord - name: multiclusterservicednsrecords.multiclusterdns.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a ReplicaSchedulingPreference resource - displayName: ReplicaSchedulingPreference Resource - kind: ReplicaSchedulingPreference - name: replicaschedulingpreferences.scheduling.federation.k8s.io - version: v1alpha1 - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: prometheusoperator.0.14.0 - namespace: placeholder - spec: - displayName: Prometheus - description: | - An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. - - _The Prometheus Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Monitoring applications - - Prometheus scrapes your application metrics based on targets maintained in a ServiceMonitor object. When alerts need to be sent, they are processsed by an AlertManager. - - [Read the complete guide to monitoring applications with the Prometheus Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/prometheus-ocs.html) - - ## Supported Features - - **High availability** - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - **Updates via automated operations** - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - **Handles the dynamic nature of containers** - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator Source Code - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.14.0 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-14-0 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: ["get", "list"] - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - servicemonitors - verbs: - - "*" - - apiGroups: - - apps - resources: - - statefulsets - verbs: ["*"] - - apiGroups: [""] - resources: - - configmaps - - secrets - verbs: ["*"] - - apiGroups: [""] - resources: - - pods - verbs: ["list", "delete"] - - apiGroups: [""] - resources: - - services - - endpoints - verbs: ["get", "create", "update"] - - apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] - - apiGroups: [""] - resources: - - namespaces - verbs: ['list'] - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-14-0 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:5037b4e90dbb03ebdefaa547ddf6a1f748c8eeebeedf6b9d9f0913ad662b5731 - command: - - sh - - -c - - > - /bin/operator --namespace=$K8S_NAMESPACE --crd-apigroup monitoring.coreos.com - --labels alm-status-descriptors=prometheusoperator.0.14.0,alm-owner-prometheus=prometheusoperator - --kubelet-service=kube-system/kubelet - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - maturity: alpha - version: 0.14.0 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:monitoring.coreos.com:v1:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Define resources requests and limits for single Pods - displayName: Resource Request - path: resources.requests - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The current number of Pods for the cluster - displayName: Cluster Size - path: replicas - - path: prometheusSelector - displayName: Prometheus Service Selector - description: Label selector to find the service that routes to this prometheus - x-descriptors: - - 'urn:alm:descriptor:label:selector' - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Selector to select which namespaces the Endpoints objects are discovered from - displayName: Monitoring Namespaces - path: namespaceSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:namespaceSelector' - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alert Manager - description: Configures an Alert Manager for the namespace - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: prometheusoperator.0.15.0 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v1.7.0","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' - spec: - replaces: prometheusoperator.0.14.0 - displayName: Prometheus - description: | - An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. - - _The Prometheus Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Monitoring applications - - Prometheus scrapes your application metrics based on targets maintained in a ServiceMonitor object. When alerts need to be sent, they are processsed by an AlertManager. - - [Read the complete guide to monitoring applications with the Prometheus Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/prometheus-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - - - **Updates via automated operations** - - - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - - - **Handles the dynamic nature of containers** - - - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator Source Code - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.15.0 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-14-0 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: ["get", "list"] - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - servicemonitors - verbs: - - "*" - - apiGroups: - - apps - resources: - - statefulsets - verbs: ["*"] - - apiGroups: [""] - resources: - - configmaps - - secrets - verbs: ["*"] - - apiGroups: [""] - resources: - - pods - verbs: ["list", "delete"] - - apiGroups: [""] - resources: - - services - - endpoints - verbs: ["get", "create", "update"] - - apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] - - apiGroups: [""] - resources: - - namespaces - verbs: ['list'] - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-14-0 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:0e92dd9b5789c4b13d53e1319d0a6375bcca4caaf0d698af61198061222a576d - command: - - sh - - -c - - > - /bin/operator --namespace=$K8S_NAMESPACE --crd-apigroup monitoring.coreos.com - --labels alm-status-descriptors=prometheusoperator.0.15.0,alm-owner-prometheus=prometheusoperator - --kubelet-service=kube-system/kubelet - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - maturity: alpha - version: 0.15.0 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:monitoring.coreos.com:v1:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The current number of Pods for the cluster - displayName: Cluster Size - path: replicas - - path: prometheusSelector - displayName: Prometheus Service Selector - description: Label selector to find the service that routes to this prometheus - x-descriptors: - - 'urn:alm:descriptor:label:selector' - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Selector to select which namespaces the Endpoints objects are discovered from - displayName: Monitoring Namespaces - path: namespaceSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:namespaceSelector' - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alert Manager - description: Configures an Alert Manager for the namespace - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: prometheusoperator.0.22.2 - namespace: placeholder - annotations: - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","securityContext": {}, "serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus"}},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3, "securityContext": {}}}]' - spec: - replaces: prometheusoperator.0.15.0 - displayName: Prometheus Operator - description: | - The Prometheus Operator for Kubernetes provides easy monitoring definitions for Kubernetes services and deployment and management of Prometheus instances. - - Once installed, the Prometheus Operator provides the following features: - - * **Create/Destroy**: Easily launch a Prometheus instance for your Kubernetes namespace, a specific application or team easily using the Operator. - - * **Simple Configuration**: Configure the fundamentals of Prometheus like versions, persistence, retention policies, and replicas from a native Kubernetes resource. - - * **Target Services via Labels**: Automatically generate monitoring target configurations based on familiar Kubernetes label queries; no need to learn a Prometheus specific configuration language. - - ### Other Supported Features - - **High availability** - - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - - **Updates via automated operations** - - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - - **Handles the dynamic nature of containers** - - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - - provider: - name: Red Hat - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.22.2 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-22-2 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - '*' - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - prometheuses/finalizers - - alertmanagers/finalizers - - servicemonitors - - prometheusrules - verbs: - - '*' - - apiGroups: - - apps - resources: - - statefulsets - verbs: - - '*' - - apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - '*' - - apiGroups: - - "" - resources: - - pods - verbs: - - list - - delete - - apiGroups: - - "" - resources: - - services - - endpoints - verbs: - - get - - create - - update - - apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - list - - watch - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-22-2 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:3daa69a8c6c2f1d35dcf1fe48a7cd8b230e55f5229a1ded438f687debade5bcf - args: - - -namespace=$(K8S_NAMESPACE) - - -manage-crds=false - - -logtostderr=true - - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - - --prometheus-config-reloader=quay.io/coreos/prometheus-config-reloader:v0.22.2 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - nodeSelector: - beta.kubernetes.io/os: linux - maturity: beta - version: 0.22.2 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:monitoring.coreos.com:v1:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: prometheusrules.monitoring.coreos.com - version: v1 - kind: PrometheusRule - displayName: Prometheus Rule - description: A Prometheus Rule configures groups of sequentially evaluated recording and alerting rules. - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alertmanager - description: Configures an Alertmanager for the namespace - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: svcat.v0.1.34 - namespace: placeholder - spec: - displayName: Service Catalog - description: Service Catalog lets you provision cloud services directly from the comfort of native Kubernetes tooling. This project is in incubation to bring integration with service brokers to the Kubernetes ecosystem via the Open Service Broker API. - keywords: ['catalog', 'service', 'svcat', 'osb', 'broker'] - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - provider: - name: Red Hat - links: - - name: Documentation - url: https://svc-cat.io/docs - - name: Service Catalog - url: https://github.com/kubernetes-incubator/service-catalog - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: svcat-controller-manager - rules: - - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["cluster-info"] - verbs: ["get","create","list","watch","update"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create"] - - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["service-catalog-controller-manager"] - verbs: ["get","update"] - clusterPermissions: - - serviceAccountName: svcat-controller-manager - rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["create","patch","update"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get","create","update","delete"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get","list","update", "patch", "watch", "delete", "initialize"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get","list","watch"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["clusterserviceclasses"] - verbs: ["get","list","watch","create","patch","update","delete"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["clusterserviceplans"] - verbs: ["get","list","watch","create","patch","update","delete"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["clusterservicebrokers"] - verbs: ["get","list","watch"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["serviceinstances","servicebindings"] - verbs: ["get","list","watch", "update"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["clusterservicebrokers/status","clusterserviceclasses/status","clusterserviceplans/status","serviceinstances/status","serviceinstances/reference","servicebindings/status"] - verbs: ["update"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["serviceclasses"] - verbs: ["get","list","watch","create","patch","update","delete"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["serviceplans"] - verbs: ["get","list","watch","create","patch","update","delete"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["servicebrokers"] - verbs: ["get","list","watch"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["servicebrokers/status","serviceclasses/status","serviceplans/status"] - verbs: ["update"] - - serviceAccountName: service-catalog-apiserver - rules: - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "watch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch"] - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] - deployments: - - name: svcat-catalog-apiserver - spec: - replicas: 1 - strategy: - type: RollingUpdate - selector: - matchLabels: - app: svcat-catalog-apiserver - template: - metadata: - labels: - app: svcat-catalog-apiserver - spec: - serviceAccountName: "service-catalog-apiserver" - containers: - - name: apiserver - image: quay.io/kubernetes-service-catalog/service-catalog:v0.1.34 - imagePullPolicy: Always - resources: - limits: - cpu: 100m - memory: 30Mi - requests: - cpu: 100m - memory: 20Mi - args: - - apiserver - - --enable-admission-plugins - - "NamespaceLifecycle,DefaultServicePlan,ServiceBindingsLifecycle,ServicePlanChangeValidator,BrokerAuthSarCheck" - - --secure-port - - "443" - - --etcd-servers - - http://localhost:2379 - - -v - - "10" - - --feature-gates - - OriginatingIdentity=true - - --feature-gates - - ServicePlanDefaults=false - ports: - - containerPort: 443 - volumeMounts: - - name: apiservice-cert - mountPath: /var/run/kubernetes-service-catalog - readinessProbe: - httpGet: - port: 443 - path: /healthz - scheme: HTTPS - failureThreshold: 1 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - livenessProbe: - httpGet: - port: 443 - path: /healthz - scheme: HTTPS - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - - name: etcd - image: quay.io/coreos/etcd:latest - imagePullPolicy: Always - resources: - limits: - cpu: 100m - memory: 40Mi - requests: - cpu: 100m - memory: 30Mi - env: - - name: ETCD_DATA_DIR - value: /etcd-data-dir - command: - - /usr/local/bin/etcd - - --listen-client-urls - - http://0.0.0.0:2379 - - --advertise-client-urls - - http://localhost:2379 - ports: - - containerPort: 2379 - volumeMounts: - - name: etcd-data-dir - mountPath: /etcd-data-dir - readinessProbe: - httpGet: - port: 2379 - path: /health - failureThreshold: 1 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - livenessProbe: - httpGet: - port: 2379 - path: /health - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - volumes: - - name: etcd-data-dir - emptyDir: {} - - name: svcat-controller-manager - spec: - replicas: 1 - strategy: - type: RollingUpdate - selector: - matchLabels: - app: svcat-controller-manager - template: - metadata: - labels: - app: svcat-controller-manager - spec: - serviceAccountName: svcat-controller-manager - containers: - - name: controller-manager - image: quay.io/kubernetes-service-catalog/service-catalog:v0.1.34 - imagePullPolicy: Always - resources: - limits: - cpu: 100m - memory: 30Mi - requests: - cpu: 100m - memory: 20Mi - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - args: - - controller-manager - - --secure-port - - "8444" - - "--cluster-id-configmap-namespace=default" - - "--leader-elect=false" - - -v - - "10" - - --resync-interval - - 5m - - --broker-relist-interval - - 24h - - --feature-gates - - OriginatingIdentity=true - - --feature-gates - - ServicePlanDefaults=false - ports: - - containerPort: 8444 - readinessProbe: - httpGet: - port: 8444 - path: /healthz - scheme: HTTPS - failureThreshold: 1 - initialDelaySeconds: 20 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - livenessProbe: - httpGet: - port: 8444 - path: /healthz - scheme: HTTPS - failureThreshold: 3 - initialDelaySeconds: 20 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - maturity: alpha - version: 0.1.34 - apiservicedefinitions: - owned: - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ClusterServiceClass - displayName: ClusterServiceClass - description: A service catalog resource - deploymentName: svcat-catalog-apiserver - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ClusterServicePlan - displayName: ClusterServicePlan - description: A service catalog resource - deploymentName: svcat-catalog-apiserver - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ClusterServiceBroker - displayName: ClusterServiceBroker - description: A service catalog resource - deploymentName: svcat-catalog-apiserver - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ServiceInstance - displayName: ServiceInstance - description: A service catalog resource - deploymentName: svcat-catalog-apiserver - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ServiceBinding - displayName: ServiceBinding - description: A service catalog resource - deploymentName: svcat-catalog-apiserver - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ServiceClass - displayName: ServiceClass - description: A service catalog resource - deploymentName: svcat-catalog-apiserver - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ServicePlan - displayName: ServicePlan - description: A service catalog resource - deploymentName: svcat-catalog-apiserver - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ServiceBroker - displayName: ServiceBroker - description: A service catalog resource - deploymentName: svcat-catalog-apiserver - customresourcedefinitions: - required: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: service - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - packages: |- - - #! package-manifest: ./deploy/chart/catalog_resources/rh-operators/amq-streams.v1.0.0-clusterserviceversion - packageName: amq-streams - channels: - - name: preview - currentCSV: amqstreams.v1.0.0.beta - - - #! package-manifest: ./deploy/chart/catalog_resources/rh-operators/etcdoperator.v0.9.2.clusterserviceversion.yaml - packageName: etcd - channels: - - name: alpha - currentCSV: etcdoperator.v0.9.2 - - - packageName: federationv2 - channels: - - name: alpha - currentCSV: federationv2.v0.0.2 - - - #! package-manifest: ./deploy/chart/catalog_resources/rh-operators/prometheusoperator.0.22.2.clusterserviceversion.yaml - packageName: prometheus - channels: - - name: preview - currentCSV: prometheusoperator.0.22.2 - - - #! package-manifest: ./deploy/chart/catalog_resources/rh-operators/svcat.v0.1.34.clusterserviceversion.yaml - packageName: svcat - channels: - - name: alpha - currentCSV: svcat.v0.1.34 - - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_09-rh-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_09-rh-operators.catalogsource.yaml deleted file mode 100644 index cf3f008840..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_09-rh-operators.catalogsource.yaml +++ /dev/null @@ -1,16 +0,0 @@ -##--- -# Source: olm/templates/0000_30_09-rh-operators.catalogsource.yaml - -#! validate-crd: ./deploy/chart/templates/05-catalogsource.crd.yaml -#! parse-kind: CatalogSource -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: rh-operators - namespace: olm -spec: - sourceType: internal - configMap: rh-operators - displayName: Red Hat Operators - publisher: Red Hat - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_10-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_10-olm-operator.deployment.yaml deleted file mode 100644 index 2873a6f310..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_10-olm-operator.deployment.yaml +++ /dev/null @@ -1,47 +0,0 @@ -##--- -# Source: olm/templates/0000_30_10-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: olm - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - image: quay.io/coreos/olm@sha256:f3b170c8c1cd29c5452afd961e73bada7402623310290926c649cce0b4310470 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - env: - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator - imagePullSecrets: - - name: coreos-pull-secret diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_11-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_11-catalog-operator.deployment.yaml deleted file mode 100644 index aad71db89a..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_11-catalog-operator.deployment.yaml +++ /dev/null @@ -1,43 +0,0 @@ -##--- -# Source: olm/templates/0000_30_11-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: olm - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - - '-namespace' - - olm - - '-debug' - image: quay.io/coreos/olm@sha256:f3b170c8c1cd29c5452afd961e73bada7402623310290926c649cce0b4310470 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - imagePullSecrets: - - name: coreos-pull-secret diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_12-aggregated.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_12-aggregated.clusterrole.yaml deleted file mode 100644 index e91d70cb0a..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_12-aggregated.clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -##--- -# Source: olm/templates/0000_30_12-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "packagemanifests"] - verbs: ["create", "update", "patch", "delete"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "view" default roles - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "packagemanifests"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_13-packageserver.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_13-packageserver.yaml deleted file mode 100644 index 69fc291d78..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.2/0000_30_13-packageserver.yaml +++ /dev/null @@ -1,151 +0,0 @@ -##--- -# Source: olm/templates/0000_30_13-packageserver.yaml -apiVersion: apiregistration.k8s.io/v1beta1 -kind: APIService -metadata: - name: v1alpha1.packages.apps.redhat.com -spec: - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM5VENDQWQyZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFjTVJvd0dBWURWUVFERXhGd1lXTnIKWVdkbExYTmxjblpsY2kxallUQWVGdzB4T0RFd01URXdNalV6TkRCYUZ3MHlPREV3TURnd01qVXpOREJhTUJ3eApHakFZQmdOVkJBTVRFWEJoWTJ0aFoyVXRjMlZ5ZG1WeUxXTmhNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUFyenpGYzBBNHJHY29iVzJRS1h4N0RhU3Nod1UyNUE3YjB5clp6THE5bGx2Q3FiWTQKcWl5T0NNZXd2bldUUXZIMnpTQlh6Ujh0a28zMmZucFJDS2p5RlovM1Avam03ZDVwK2cydUloSXdQK0hDWXRIQQpLVEdzeVRzNE1EbjNMTi9IYlNCWDVsNHY0b0U0SW1tZ2pBVUlmYUt0SDE3cnpKVWpIUWx6V1hWLzY5c2pjT0xQCnJNTlNrNFk1ZUIxVW94Z1hHWVRMaDJnanEvZHhBeHlXMjJldFBMb2MvVFg2ZUszNHRmaDQ3SHJMeVU2MTcwOHoKUTIzQld5MmRwNUkrdVdPVFI5cDVicUxHenJVRm44T3UyaDhORDdackRoaTdZM3ora3dSL1JZdVk0Um9wd1YwSgo0QXU5NkpHQzdDbzduRUpBMFU4SElXdk5VcHlmZkxJTGdaUGdPd0lEQVFBQm8wSXdRREFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRkc2WnVONUNjU3B1WVVZTnF3dm8yV3NqTm85R0tZZwprTDZEbXcyS3ZRc3hSbEVaWnE1VHVrbWh2dk5IemZxN0FwaFR5T0pFQXZZejBKT2gyVEhoK2g1QSs5VWh3RUV3CkhjQ0x6cUtudnpHL1FUUnRnM2V5ZG9xODRoZEorN2NPajg0RmdOVVNWMVZhNFcxdDdPdzJjMVpBNlRhL09ibisKSklSYU1qYTBzbGJyOGhzQWd2TUJ6aXh5bFpISXVyMWQwN1NoRWoxUU9WYTJkY29NSERZRFVvWGJ2MnlQdUl5RwpGbUFqOFduaWYzell5VUFzRVNwYmpsNmI5TGpQcU1HY1MveGtTU0Uzajl4RG5COUpuRHVXZEVybEoyTjgzU0JRClN0UzViV01aSEtyZkZJMHdXR3VBcEJaaEVDcVUwemtxRnVoZjNGbjg0aVkyNjVaY2w2aTYrQk09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - group: packages.apps.redhat.com - groupPriorityMinimum: 2000 - versionPriority: 15 - service: - name: package-server - namespace: olm - version: v1alpha1 ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: packagemanifest:system:auth-delegator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: packagemanifest-auth-reader - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: packagemanifest-view -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: package-apiserver-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: aggregated-apiserver-clusterrole -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: v1 -kind: Secret -type: kubernetes.io/tls -metadata: - name: package-server-certs - namespace: olm - labels: - app: package-server -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKakNDQWc2Z0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFjTVJvd0dBWURWUVFERXhGd1lXTnIKWVdkbExYTmxjblpsY2kxallUQWVGdzB4T0RFd01URXdNalV6TkRCYUZ3MHhPVEV3TVRFd01qVXpOREJhTUJreApGekFWQmdOVkJBTVREbkJoWTJ0aFoyVXRjMlZ5ZG1WeU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQXBjOHBZY1JzNHpiSm53MnNtOFROVC8vWG53bUlMaVZzeGJqQzRydzEwL3JiVXY5M1liQW0KVHN3M3lCTURJaHcxZlROSlo2dFhTa3p3VTV3dHNhQU1VMi9yYldNMEVTcHlKWUR5R2E0UmZWVEp5UnYweituSworNGJWcmtqNDlBdExnVDFPTGxXWTJMUEd1ekhnekZKZEZDWHVCY2ZTemJSVmhrTDAzY1p5ZmxiN3BGbGNQYVo4ClpwVkl4NjR1RzM5UC9icVdrVGFGdG81M0dIZnpIamMxVXlNdTZ5ekUvRWllUi92THJTQzNmRVFHRlNSdnNBb1kKZTFQeUd0QnozZzJxVDluNTI0c3djSitOQTdjeXlDam1Pa0VTRnpLRWEzWWJVRmZsODFCeE00NGJiRVJ6MVJXZgpZYkVXZ2lRc0FzcWNLV0Jqei9DRlZoWWFTRjhyeFo0RFdRSURBUUFCbzNZd2REQU9CZ05WSFE4QkFmOEVCQU1DCkJhQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUF3R0ExVWRFd0VCL3dRQ01BQXcKTlFZRFZSMFJCQzR3TElJU2NHRmphMkZuWlMxelpYSjJaWEl1YjJ4dGdoWndZV05yWVdkbExYTmxjblpsY2k1dgpiRzB1YzNaak1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQjczVzQ2R1RyckQ5N21LY0VxTjd2QmtnSFNvMGtuCnd5VllEckN2RXV4K2RRYTdGVFJuWGhzbG5oczA3eWdMWWZMZGs0NFJ5ajBaUGZZT3locVZWaGhNb2JlQ09hOFkKNFNJSEVkWWlXYmVpa3F3VTNHcDNXRGVzRTJlU3VwWTlRL1NYUTcydHloMXNmdG5sNVp4bnNJaWFTYlp4d2dNeApRZUYwNUx4cko1Mk1KRFNSMWdINDdhY0ZURnh5WFFwMittYnNaSndqNnBvWFQrMFdoRHdhSnNMVTJHVVRKdUNICnY3UnVNV2cyTGhiTXQ4TzlrQWppdS9ReXNRRVRLZGxVTjlGLzBhMFJTYUFIYlpNVW95N0tGQUtWaVRrVUJqaC8KQnEwT0N1azlGMTVsRk9TVzVDamphMDNCSHFsN281UHNJVnFoL0JmbUpNSm5xZ1pCc2x5QWk4dW0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBcGM4cFljUnM0emJKbncyc204VE5ULy9YbndtSUxpVnN4YmpDNHJ3MTAvcmJVdjkzClliQW1Uc3czeUJNRElodzFmVE5KWjZ0WFNrendVNXd0c2FBTVUyL3JiV00wRVNweUpZRHlHYTRSZlZUSnlSdjAKeituSys0YlZya2o0OUF0TGdUMU9MbFdZMkxQR3V6SGd6RkpkRkNYdUJjZlN6YlJWaGtMMDNjWnlmbGI3cEZsYwpQYVo4WnBWSXg2NHVHMzlQL2JxV2tUYUZ0bzUzR0hmekhqYzFVeU11Nnl6RS9FaWVSL3ZMclNDM2ZFUUdGU1J2CnNBb1llMVB5R3RCejNnMnFUOW41MjRzd2NKK05BN2N5eUNqbU9rRVNGektFYTNZYlVGZmw4MUJ4TTQ0YmJFUnoKMVJXZlliRVdnaVFzQXNxY0tXQmp6L0NGVmhZYVNGOHJ4WjREV1FJREFRQUJBb0lCQUJJVm9rSFRscnpCZ1FRawpEYXQvcjVVR0pwSm1DOEJjdkp4a0puMXNZY0taSGNyVHFrV3hYTHhEY2VJVWtNYnJwTG5mR2lhQWZhalE4M1ZyCkYyREVRQlBwcFJmdE5nU1pTSkhtbW9GS2h3WFFkYUhGdHRIbWdna2xEN0ZPckRpUjhzNUp6WGtvUk45OTNETVcKb1pvbmNaZDgrNVVOMG1RMVF3Njl4czlaa2F0TnpIclMvYzgwdWJJaVNudTEvNkk3aVhrbU54UU5ockg0cUw0ZQpHT1g1UVN4Sy9UOWNseHRuaFBvaDJUdU04YldhWDBpZzFQM000WUt6MmR4MDlBSW1ZQkFmdzgyUnJmd1RoeHRaCktOcHVuMmlMdGhqb0RyMWJCM0lDZnJoaG04aU9IZldYV09TdTdHQytHQWVZRThZNi9iY3IwYktDV2dmeTZOamEKMlBCL2lzRUNnWUVBekdMUUhLR01LOERmWDVzZVdFTVp4RnVXRVFJNXY0ZWIwNFpGN0lNWitucnZXVmRYdU9wVQpUWlJXdTdjVmVGOWNhY1lkQ0o5TFlXQUsvZHNoUTFxTDM5bWxlanM1cGxXK2tXN3hEMFozQ1FXV3Z2bXpjM200Ck5YKzIxTGZNYVRPNEFCYXNpNHN4OWhCRTdLSFJNNVVhNWdCVzg0aDhZTHhkK200WjdmRk5ZVVVDZ1lFQXo2NXUKSm5ZTWg3TGtCSGJsR0x6cnlhT1dIY0psSENmTzN1eFlkREhpOUhNeldXN09YbkZwb1FKNlpRRnRNR2pUODkvYgpnZ3Z6VUxGZWtORkdtR2d6N0ZMNFZWRlV0UVRvQ0JXeUUxVk56Z3pmRjMrTTFONTdaZGx4RE5UdW04TlFXNnJJCnorOFNMbzhUNDhOaDVFb3o4SWdhdmRkSUpNMzVhOG1GTm92eitRVUNnWUJSQTBYTVkzaEZDNEUreXlSL0JiSGIKOUJXS2ptQkhlOEFYV3R5eWY5QzNTUzFBTTIrdyt5a0pTeWdKNWVzYnVHalFBRmdYeDlSQU42cURydTBEWG91Ywo0ZzlHWU4xY0FoYTBYTTR1S05jYisxd2lQS1dWdXdSNktESlhKTGRnWjhDaVFGcUtRVlUvWEhtRmRpcVBFS1lGCnp0S29XMHc1cDlCMGFGbmN4ODNOSlFLQmdBWGIvUDJXelFtekVWM1M0T25Pd3JSQXFrYVNxbm1kNGVkR01jU3QKZDZLLzhVM3ZvMkRrd0Q4cnE3cFh6UFhWcjAwdEhxdFBuUURFMEU4enFGTTZkV1NRZnJNaGhVdEtKU1c5UHZYdQpyVEJJQ3E5R0NQb2tnTVRCMnIrcTdrUjB3VHFrMmQrTDlpNWNHUXFQQTU4R1BPcm5YQ0hKQmg4THRLTEczN3hIClBJM2xBb0dCQUkwV0hOQzhYRzcxR1hVTmd1S0N0YnlXSmVXUW03QUtyZ0ZqdjdqSm9HMmlUbDhzd0hNSUd5MG4KZVZRYS9aNlc1OTBDaWYvVThzY0JvOE5GV09DOEJEYlFQTEpYQjc2R2pmTG9rQTBXZ0FoOVA5QjU0aEE5L2F0dAo5bzdGL1YyRGZia0o0WGFhTml4bk1FMDN0S0pNb1ZkZFh1N0diUVdRWU1aU0Jvd054NmpFCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== ---- -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: package-server - namespace: olm - labels: - app: package-server -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: package-server - template: - metadata: - labels: - app: package-server - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: package-server - command: - - /bin/package-server - - -v=4 - - --global-namespace - - olm - - --debug - image: quay.io/coreos/olm@sha256:f3b170c8c1cd29c5452afd961e73bada7402623310290926c649cce0b4310470 - imagePullPolicy: Always - ports: - - containerPort: 443 - volumeMounts: - - name: certs - mountPath: /apiserver.local.config/certificates - readOnly: true - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 443 - volumes: - - name: certs - secret: - secretName: package-server-certs - items: - - key: tls.crt - path: apiserver.crt - - key: tls.key - path: apiserver.key - imagePullSecrets: - - name: coreos-pull-secret ---- -apiVersion: v1 -kind: Service -metadata: - name: package-server - namespace: olm -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 443 - selector: - app: package-server diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_00-namespace.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_00-namespace.yaml deleted file mode 100644 index 1f2166b1a2..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_00-namespace.yaml +++ /dev/null @@ -1,8 +0,0 @@ -##--- -# Source: olm/templates/0000_30_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: olm - labels: - openshift.io/run-level: "1" diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_01-olm-operator.serviceaccount.yaml deleted file mode 100644 index e75e22e51b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,31 +0,0 @@ -##--- -# Source: olm/templates/0000_30_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] ---- -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-olm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_02-clusterserviceversion.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_02-clusterserviceversion.crd.yaml deleted file mode 100644 index c321e207ec..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_02-clusterserviceversion.crd.yaml +++ /dev/null @@ -1,718 +0,0 @@ -##--- -# Source: olm/templates/0000_30_02-clusterserviceversion.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterserviceversions.operators.coreos.com - annotations: - displayName: Operator Version - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. -spec: - names: - plural: clusterserviceversions - singular: clusterserviceversion - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - shortNames: - - csv - categories: - - all - - olm - additionalPrinterColumns: - - name: Display - type: string - description: The name of the CSV - JSONPath: .spec.displayName - - name: Version - type: string - description: The version of the CSV - JSONPath: .spec.version - - name: Replaces - type: string - description: The name of a CSV that this one replaces - JSONPath: .spec.replaces - - name: Phase - type: string - JSONPath: .status.phase - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for a ClusterServiceVersion - required: - - displayName - - install - properties: - displayName: - type: string - description: Human readable name of the application that will be displayed in the ALM UI - - description: - type: string - description: Human readable description of what the application does - - keywords: - type: array - description: List of keywords which will be used to discover and categorize app types - items: - type: string - - maintainers: - type: array - description: Those responsible for the creation of this specific app type - items: - type: object - description: Information for a single maintainer - required: - - name - - email - properties: - name: - type: string - description: Maintainer's name - email: - type: string - description: Maintainer's email address - format: email - optionalProperties: - type: string - description: "Any additional key-value metadata you wish to expose about the maintainer, e.g. github: " - - links: - type: array - description: Interesting links to find more information about the project, such as marketing page, documentation, or github page - items: - type: object - description: A single link to describe one aspect of the project - required: - - name - - url - properties: - name: - type: string - description: Name of the link type, e.g. homepage or github url - url: - type: string - description: URL to which the link should point - format: uri - - icon: - type: array - description: Icon which should be rendered with the application information - required: - - base64data - - mediatype - properties: - base64data: - type: string - description: Base64 binary representation of the icon image - pattern: ^(?:[A-Za-z0-9+/]{4}){0,16250}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$ - mediatype: - type: string - description: Mediatype for the binary data specified in the base64data property - enum: - - image/gif - - image/jpeg - - image/png - - image/svg+xml - version: - type: string - description: Version string, recommended that users use semantic versioning - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - replaces: - type: string - description: Name of the ClusterServiceVersion custom resource that this version replaces - - maturity: - type: string - description: What level of maturity the software has achieved at this version - enum: - - planning - - pre-alpha - - alpha - - beta - - stable - - mature - - inactive - - deprecated - labels: - type: object - description: Labels that will be applied to associated resources created by the operator. - selector: - type: object - description: Label selector to find resources associated with or managed by the operator - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - apiservicedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - deploymentName - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the APIService - required: - - kind - - version - properties: - name: - type: string - description: If a APIService, the fully qualified name of the APIService (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - # FIXME(alecmerdler): Doesn't allow boolean values - type: object - description: If present, the value of this status is the same for all instances of the API resource and can be found here instead of on the API resource. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the APIService resource. - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this spec is the same for all instances of the API Resource and can be found here instead of on the API resource. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - type: object - description: If present, the value of this action is the same for all instances of the API resource and can be found here instead of on the API resource. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the APIService - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API Resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this status is the same for all instances of the API Resource and can be found here instead of on the API Resource. - - customresourcedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the CRD - required: - - kind - - version - properties: - name: - type: string - description: If a CRD, the fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this spec is the same for all instances of the CRD and can be found here instead of on the CR. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - type: object - description: If present, the value of this action is the same for all instances of the CRD and can be found here instead of on the CR. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - type: object - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - - - install: - type: object - description: Information required to install this specific version of the operator software - oneOf: - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['image'] - spec: - type: object - required: - - image - properties: - image: - type: string - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['deployment'] - spec: - type: object - required: - - deployments - properties: - deployments: - type: array - description: List of deployments to create - items: - type: object - description: A name and deployment to create in the cluster - required: - - name - - spec - properties: - name: - type: string - description: the consistent name of the deployment - spec: - type: object - description: The deployment spec to create in the cluster - permissions: - type: array - description: Permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - get - - list - - watch - - create - - update - - patch - - delete - - deletecollection - - initialize - clusterPermissions: - type: array - description: Cluster permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - required: - - verbs - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - nonResourceURLs: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - get - - list - - watch - - create - - update - - patch - - put - - post - - delete - - deletecollection - - initialize - status: - type: object - description: Status for a ClusterServiceVersion diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_03-installplan.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_03-installplan.crd.yaml deleted file mode 100644 index 8742215dca..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_03-installplan.crd.yaml +++ /dev/null @@ -1,78 +0,0 @@ -##--- -# Source: olm/templates/0000_30_03-installplan.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: installplans.operators.coreos.com - annotations: - displayName: Install Plan - description: Represents a plan to install and resolve dependencies for Cluster Services -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: installplans - singular: installplan - kind: InstallPlan - listKind: InstallPlanList - categories: - - all - - olm - additionalPrinterColumns: - - name: CSV - type: string - description: The first CSV in the list of clusterServiceVersionNames - JSONPath: .spec.clusterServiceVersionNames[0] - - name: Source - type: string - description: The catalog source for the specified CSVs. - JSONPath: .spec.source - - name: Approval - type: string - description: The approval mode - JSONPath: .spec.approval - - name: Approved - type: boolean - JSONPath: .spec.approved - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for an InstallPlan - required: - - clusterServiceVersionNames - - approval - properties: - source: - type: string - description: Name of the preferred CatalogSource - sourceNamespace: - type: string - description: Namespace that contains the preffered CatalogSource - clusterServiceVersionNames: - type: array - description: A list of the names of the Cluster Services - items: - type: string - anyOf: - - properties: - approval: - enum: - - Manual - approved: - type: boolean - required: - - approved - - properties: - approval: - enum: - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_04-subscription.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_04-subscription.crd.yaml deleted file mode 100644 index 35f0c24a15..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_04-subscription.crd.yaml +++ /dev/null @@ -1,72 +0,0 @@ -##--- -# Source: olm/templates/0000_30_04-subscription.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.operators.coreos.com - annotations: - displayName: Subscription - description: Subcribes service catalog to a source and channel to recieve updates for packages. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: subscriptions - singular: subscription - kind: Subscription - listKind: SubscriptionList - categories: - - all - - olm - additionalPrinterColumns: - - name: Package - type: string - description: The package subscribed to - JSONPath: .spec.name - - name: Source - type: string - description: The catalog source for the specified package - JSONPath: .spec.source - - name: Channel - type: string - description: The channel of updates to subscribe to - JSONPath: .spec.channel - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for a Subscription - required: - - source - - name - properties: - source: - type: string - description: Name of a CatalogSource that defines where and how to find the channel - sourceNamespace: - type: string - description: The Kubernetes namespace where the CatalogSource used is located - name: - type: string - description: Name of the package that defines the application - channel: - type: string - description: Name of the channel to track - startingCSV: - type: string - description: Name of the AppType that this subscription tracks - installPlanApproval: - type: string - description: Approval mode for emitted InstallPlans - enum: - - Manual - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_05-catalogsource.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_05-catalogsource.crd.yaml deleted file mode 100644 index 8facb62fbd..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_05-catalogsource.crd.yaml +++ /dev/null @@ -1,81 +0,0 @@ -##--- -# Source: olm/templates/0000_30_05-catalogsource.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: catalogsources.operators.coreos.com - annotations: - displayName: CatalogSource - description: A source configured to find packages and updates. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: catalogsources - singular: catalogsource - kind: CatalogSource - listKind: CatalogSourceList - categories: - - all - - olm - additionalPrinterColumns: - - name: Name - type: string - description: The pretty name of the catalog - JSONPath: .spec.displayName - - name: Type - type: string - description: The type of the catalog - JSONPath: .spec.sourceType - - name: Publisher - type: string - description: The publisher of the catalog - JSONPath: .spec.publisher - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Represents a subscription to a source and channel - required: - - spec - type: object - description: Spec for a catalog source. - required: - - sourceType - properties: - sourceType: - type: string - description: The type of the source. Currently the only supported type is "internal". - enum: - - internal - - configMap: - type: string - description: The name of a ConfigMap that holds the entries for an in-memory catalog. - - displayName: - type: string - description: Pretty name for display - - publisher: - type: string - description: The name of an entity that publishes this catalog - - secrets: - type: array - description: A set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. - items: - type: string - description: A name of a secret in the namespace where the CatalogSource is defined. diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_06-rh-operators.configmap.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_06-rh-operators.configmap.yaml deleted file mode 100644 index 99d55fe3c0..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_06-rh-operators.configmap.yaml +++ /dev/null @@ -1,11756 +0,0 @@ -##--- -# Source: olm/templates/0000_30_06-rh-operators.configmap.yaml - -kind: ConfigMap -apiVersion: v1 -metadata: - name: rh-operators - namespace: olm - -data: - customResourceDefinitions: |- - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: alertmanagers.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: Alertmanager - plural: alertmanagers - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: 'Specification of the desired behavior of the Alertmanager - cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - affinity: - description: Affinity is a group of affinity scheduling rules. - properties: - nodeAffinity: - description: Node affinity is a group of node affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). - properties: - preference: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - preference - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: A node selector represents the union of the results - of one or more label queries over a set of nodes; that is, - it represents the OR of the selectors represented by the node - selector terms. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - type: array - required: - - nodeSelectorTerms - podAffinity: - description: Pod affinity is a group of inter pod affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - podAntiAffinity: - description: Pod anti affinity is a group of inter pod anti affinity - scheduling rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more - of the expressions. The node that is most preferred is the - one with the greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field - and adding "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - baseImage: - description: Base image that is used to deploy pods, without tag. - type: string - containers: - description: Containers allows injecting additional containers. This - is meant to allow adding an authentication proxy to an Alertmanager - pod. - items: - description: A single application container that you want to run within - a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be - updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The - docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: EnvVarSource represents a source for the value - of an EnvVar. - properties: - configMapKeyRef: - description: Selects a key from a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap or it's - key must be defined - type: boolean - required: - - key - fieldRef: - description: ObjectFieldSelector selects an APIVersioned - field of an object. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - resourceFieldRef: - description: ResourceFieldSelector represents container - resources (cpu, memory) and their output format - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: {} - resource: - description: 'Required: resource to select' - type: string - required: - - resource - secretKeyRef: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's - key must be defined - type: boolean - required: - - key - required: - - name - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be a - C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of - ConfigMaps - properties: - configMapRef: - description: |- - ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. - - The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: |- - SecretEnvSource selects a Secret to populate the environment variables with. - - The contents of the target Secret's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle describes actions that the management system - should take in response to container lifecycle events. For the - PostStart and PreStop lifecycle handlers, management of the - container blocks until the action is complete, unless the container - process fails, in which case the handler is aborted. - properties: - postStart: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - preStop: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - livenessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - name: - description: Name of the container specified as a DNS_LABEL. Each - container in a pod must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about the - network connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Cannot be updated. - items: - description: ContainerPort represents a network port in a single - container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod must - have a unique name. Name for the port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. Must be UDP or TCP. Defaults - to "TCP". - type: string - required: - - containerPort - type: array - readinessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - securityContext: - description: SecurityContext holds security configuration that - will be applied to a container. Some fields are present in both - SecurityContext and PodSecurityContext. When both are set, - the values in SecurityContext take precedence. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: Adds and removes POSIX capabilities from running - containers. - properties: - add: - description: Added capabilities - items: - type: string - type: array - drop: - description: Removed capabilities - items: - type: string - type: array - privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. - type: boolean - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to - the container - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - stdin: - description: Whether this container should allocate a buffer for - stdin in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default is - false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin - channel after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container - start, is empty until the first client attaches to stdin, and - then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container - is restarted. If this flag is false, a container processes that - reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s - termination message will be written is mounted into the container''s - filesystem. Message written is intended to be brief final status, - such as an assertion failure message. Will be truncated by the - node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. - File will use the contents of terminationMessagePath to populate - the container status message on both success and failure. FallbackToLogsOnError - will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. This is an alpha feature and may change - in the future. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - name - - devicePath - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationHostToContainer - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - required: - - name - - mountPath - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might be - configured in the container image. Cannot be updated. - type: string - required: - - name - type: array - externalUrl: - description: The external URL the Alertmanager instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Alertmanager is not served from root of a DNS name. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same namespace - to use for pulling prometheus and alertmanager images from registries - see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to let - you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - type: array - listenLocal: - description: ListenLocal makes the Alertmanager server listen on loopback, - so that it does not bind against the Pod IP. Note this is only for - the Alertmanager UI, not the gossip communication. - type: boolean - logLevel: - description: Log level for Alertmanager to be configured with. - type: string - nodeSelector: - description: Define which Nodes the Pods are scheduled on. - type: object - paused: - description: If set to true all actions on the underlaying managed objects - are not goint to be performed, except for delete actions. - type: boolean - podMetadata: - description: ObjectMeta is metadata that all persisted resources must - have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs to. - This is used to distinguish resources with same name and namespace - in different clusters. This field is not set anywhere right now - and apiserver is going to ignore it if set in create or update - request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to gracefully - terminate before it will be removed from the system. Only set - when deletionTimestamp is also set. May only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted from the - registry. Each entry is an identifier for the responsible component - that will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that must execute - in order before this object is visible. When the last pending - initializer is removed, and no failing result is set, the - initializers struct will be set to nil and the object is considered - as initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible for - initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that don't return - other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of - this representation of an object. Servers should convert - recognized schemas to the latest internal value, and may - reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this status, - 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional properties - that MAY be set by the server to provide additional information - about a response. The Reason field of a Status object - defines what attributes will be set. Clients must ignore - fields that do not match the defined type of each attribute, - and should assume that any attribute may be empty, invalid, - or under defined. - properties: - causes: - description: The Causes array includes more details - associated with the StatusReason failure. Not all - StatusReasons may provide detailed causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases when - multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description of the - cause of the error. This field may be presented - as-is to a reader. - type: string - reason: - description: A machine-readable description of - the cause of the error. If this value is empty - there is no information available. - type: string - type: array - group: - description: The group attribute of the resource associated - with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource associated - with the status StatusReason. On some operations may - differ from the requested resource Kind. More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource associated - with the status StatusReason (when there is a single - name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds before - the operation should be retried. Some errors may indicate - the client must take an alternate action - for those - errors this field may indicate how long to wait before - taking the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there is a - single resource which can be described). More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the status - of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various status - objects. A resource may have only one of {ObjectMeta, - ListMeta}. - properties: - continue: - description: continue may be set if the user set a limit - on the number of items returned, and indicates that - the server has more data available. The value is opaque - and may be used to issue another request to the endpoint - that served this list to retrieve the next set of - available objects. Continuing a list may not be possible - if the server configuration has changed or more than - a few minutes have passed. The resourceVersion field - returned when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s internal - version of this object that can be used by clients - to determine when objects have changed. Value must - be treated as opaque by clients and passed unmodified - back to the server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why this - operation is in the "Failure" status. If this value is - empty there is no information available. A Reason clarifies - an HTTP status code but does not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a client - to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If ALL objects - in the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this - list will point to this controller, with the controller field - set to true. There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information to let - you identify an owning object. Currently, an owning object must - be in the same namespace, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the key-value - store until this reference is removed. Defaults to false. - To set this field, a user needs "delete" permission of the - owner, otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. Populated - by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - replicas: - description: Size is the expected size of the alertmanager cluster. - The controller will eventually make the size of the running cluster - equal to the expected size. - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - routePrefix: - description: The route prefix Alertmanager registers HTTP handlers for. - This is useful, if using ExternalURL and a proxy is rewriting HTTP - routes of a request, and the actual ExternalURL is still true, but - the server serves requests under a different route prefix. For example - for use with `kubectl proxy`. - type: string - secrets: - description: Secrets is a list of Secrets in the same namespace as the - Alertmanager object, which shall be mounted into the Alertmanager - Pods. The Secrets are mounted into /etc/alertmanager/secrets/. - items: - type: string - type: array - securityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in container.securityContext. Field - values of container.securityContext take precedence over field values - of PodSecurityContext. - properties: - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - format: int64 - type: integer - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to the - container - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - supplementalGroups: - description: A list of groups applied to the first process run in - each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: array - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to - use to run the Prometheus Pods. - type: string - storage: - description: StorageSpec defines the configured storage for a group - Prometheus servers. - properties: - class: - description: 'Name of the StorageClass to use when requesting storage - provisioning. More info: https://kubernetes.io/docs/user-guide/persistent-volumes/#storageclasses - DEPRECATED' - type: string - emptyDir: - description: Represents an empty directory for a pod. Empty directory - volumes support ownership management and SELinux relabeling. - properties: - medium: - description: 'What type of storage medium should back this directory. - The default is "" which means to use the node''s default medium. - Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: {} - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - volumeClaimTemplate: - description: PersistentVolumeClaim is a user's request for and claim - to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - description: ObjectMeta is metadata that all persisted resources - must have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs - to. This is used to distinguish resources with same name - and namespace in different clusters. This field is not - set anywhere right now and apiserver is going to ignore - it if set in create or update request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to - gracefully terminate before it will be removed from the - system. Only set when deletionTimestamp is also set. May - only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted - from the registry. Each entry is an identifier for the - responsible component that will remove the entry from - the list. If the deletionTimestamp of the object is non-nil, - entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that - must execute in order before this object is visible. - When the last pending initializer is removed, and - no failing result is set, the initializers struct - will be set to nil and the object is considered as - initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible - for initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that - don't return other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal - value, and may reject unrecognized values. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this - status, 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional - properties that MAY be set by the server to provide - additional information about a response. The Reason - field of a Status object defines what attributes - will be set. Clients must ignore fields that do - not match the defined type of each attribute, - and should assume that any attribute may be empty, - invalid, or under defined. - properties: - causes: - description: The Causes array includes more - details associated with the StatusReason failure. - Not all StatusReasons may provide detailed - causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases - when multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description - of the cause of the error. This field - may be presented as-is to a reader. - type: string - reason: - description: A machine-readable description - of the cause of the error. If this value - is empty there is no information available. - type: string - type: array - group: - description: The group attribute of the resource - associated with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource - associated with the status StatusReason. On - some operations may differ from the requested - resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource - associated with the status StatusReason (when - there is a single name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds - before the operation should be retried. Some - errors may indicate the client must take an - alternate action - for those errors this field - may indicate how long to wait before taking - the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there - is a single resource which can be described). - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing - the REST resource this object represents. Servers - may infer this from the endpoint the client submits - requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the - status of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various - status objects. A resource may have only one of - {ObjectMeta, ListMeta}. - properties: - continue: - description: continue may be set if the user - set a limit on the number of items returned, - and indicates that the server has more data - available. The value is opaque and may be - used to issue another request to the endpoint - that served this list to retrieve the next - set of available objects. Continuing a list - may not be possible if the server configuration - has changed or more than a few minutes have - passed. The resourceVersion field returned - when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s - internal version of this object that can be - used by clients to determine when objects - have changed. Value must be treated as opaque - by clients and passed unmodified back to the - server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing - this object. Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why - this operation is in the "Failure" status. If - this value is empty there is no information available. - A Reason clarifies an HTTP status code but does - not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is - required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If - ALL objects in the list have been deleted, this object - will be garbage collected. If this object is managed by - a controller, then an entry in this list will point to - this controller, with the controller field set to true. - There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. Currently, an - owning object must be in the same namespace, so there - is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from - the key-value store until this reference is removed. - Defaults to false. To set this field, a user needs - "delete" permission of the owner, otherwise 422 - (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the - managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - spec: - description: PersistentVolumeClaimSpec describes the common - attributes of storage devices and allows a Source for provider-specific - attributes - properties: - accessModes: - description: 'AccessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - resources: - description: ResourceRequirements describes the compute - resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set - of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - storageClassName: - description: 'Name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not - included in claim spec. This is an alpha feature and may - change in the future. - type: string - volumeName: - description: VolumeName is the binding reference to the - PersistentVolume backing this claim. - type: string - status: - description: PersistentVolumeClaimStatus is the current status - of a persistent volume claim. - properties: - accessModes: - description: 'AccessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - capacity: - description: Represents the actual resources of the underlying - volume. - type: object - conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails details - about state of pvc - properties: - lastProbeTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - lastTransitionTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - message: - description: Human-readable message indicating details - about last transition. - type: string - reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is being - resized. - type: string - status: - type: string - type: - type: string - required: - - type - - status - type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string - tag: - description: Tag of Alertmanager container image to be deployed. Defaults - to the value of `version`. - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: array - version: - description: Version the cluster should be on. - type: string - status: - description: 'Most recent observed status of the Alertmanager cluster. Read-only. - Not included when requesting from the apiserver, only from the Prometheus - Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this Alertmanager cluster. - format: int32 - type: integer - paused: - description: Represents whether any actions on the underlaying managed - objects are being performed. Only delete actions will be performed. - type: boolean - replicas: - description: Total number of non-terminated pods targeted by this Alertmanager - cluster (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: Total number of unavailable pods targeted by this Alertmanager - cluster. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted by this Alertmanager - cluster that have the desired version spec. - format: int32 - type: integer - required: - - paused - - replicas - - updatedReplicas - - availableReplicas - - unavailableReplicas - version: v1 - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkas.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: Kafka - listKind: KafkaList - singular: kafka - plural: kafkas - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - kafka: - type: object - properties: - replicas: - type: integer - minimum: 1 - image: - type: string - storage: - type: object - properties: - class: - type: string - deleteClaim: - type: boolean - selector: - type: object - size: - type: string - type: - type: string - listeners: - type: object - properties: - plain: - type: object - properties: {} - tls: - type: object - properties: - authentication: - type: object - properties: - type: - type: string - authorization: - type: object - properties: - superUsers: - type: array - items: - type: string - type: - type: string - config: - type: object - rack: - type: object - properties: - topologyKey: - type: string - example: failure-domain.beta.kubernetes.io/zone - required: - - topologyKey - brokerRackInitImage: - type: string - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - metrics: - type: object - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - required: - - replicas - - storage - - listeners - zookeeper: - type: object - properties: - replicas: - type: integer - minimum: 1 - image: - type: string - storage: - type: object - properties: - class: - type: string - deleteClaim: - type: boolean - selector: - type: object - size: - type: string - type: - type: string - config: - type: object - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - metrics: - type: object - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - required: - - replicas - - storage - topicOperator: - type: object - properties: - watchedNamespace: - type: string - image: - type: string - reconciliationIntervalSeconds: - type: integer - minimum: 0 - zookeeperSessionTimeoutSeconds: - type: integer - minimum: 0 - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - topicMetadataMaxAttempts: - type: integer - minimum: 0 - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - entityOperator: - type: object - properties: - topicOperator: - type: object - properties: - watchedNamespace: - type: string - image: - type: string - reconciliationIntervalSeconds: - type: integer - minimum: 0 - zookeeperSessionTimeoutSeconds: - type: integer - minimum: 0 - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - topicMetadataMaxAttempts: - type: integer - minimum: 0 - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - userOperator: - type: object - properties: - watchedNamespace: - type: string - image: - type: string - reconciliationIntervalSeconds: - type: integer - minimum: 0 - zookeeperSessionTimeoutSeconds: - type: integer - minimum: 0 - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - required: - - kafka - - zookeeper - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkaconnects.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaConnect - listKind: KafkaConnectList - singular: kafkaconnect - plural: kafkaconnects - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - replicas: - type: integer - image: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - metrics: - type: object - authentication: - type: object - properties: - certificateAndKey: - type: object - properties: - certificate: - type: string - key: - type: string - secretName: - type: string - required: - - certificate - - key - - secretName - type: - type: string - required: - - certificateAndKey - bootstrapServers: - type: string - config: - type: object - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - tls: - type: object - properties: - trustedCertificates: - type: array - items: - type: object - properties: - certificate: - type: string - secretName: - type: string - required: - - certificate - - secretName - required: - - trustedCertificates - required: - - bootstrapServers - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkaconnects2is.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaConnectS2I - listKind: KafkaConnectS2IList - singular: kafkaconnects2i - plural: kafkaconnects2is - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - replicas: - type: integer - image: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - metrics: - type: object - authentication: - type: object - properties: - certificateAndKey: - type: object - properties: - certificate: - type: string - key: - type: string - secretName: - type: string - required: - - certificate - - key - - secretName - type: - type: string - required: - - certificateAndKey - bootstrapServers: - type: string - config: - type: object - insecureSourceRepository: - type: boolean - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - tls: - type: object - properties: - trustedCertificates: - type: array - items: - type: object - properties: - certificate: - type: string - secretName: - type: string - required: - - certificate - - secretName - required: - - trustedCertificates - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - required: - - bootstrapServers - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkatopics.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaTopic - listKind: KafkaTopicList - singular: kafkatopic - plural: kafkatopics - shortNames: - - kt - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - partitions: - type: integer - minimum: 1 - replicas: - type: integer - minimum: 1 - maximum: 32767 - config: - type: object - topicName: - type: string - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkausers.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaUser - listKind: KafkaUserList - singular: kafkauser - plural: kafkausers - shortNames: - - ku - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - authentication: - type: object - properties: - type: - type: string - authorization: - type: object - properties: - acls: - type: array - items: - type: object - properties: - host: - type: string - operation: - type: string - enum: - - Read - - Write - - Create - - Delete - - Alter - - Describe - - ClusterAction - - AlterConfigs - - DescribeConfigs - - IdempotentWrite - - All - resource: - type: object - properties: - name: - type: string - patternType: - type: string - enum: - - literal - - prefix - type: - type: string - type: - type: string - enum: - - allow - - deny - required: - - operation - - resource - type: - type: string - required: - - acls - required: - - authentication - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdbackups.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - kind: EtcdBackup - listKind: EtcdBackupList - plural: etcdbackups - singular: etcdbackup - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdclusters.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - plural: etcdclusters - singular: etcdcluster - kind: EtcdCluster - listKind: EtcdClusterList - shortNames: - - etcdclus - - etcd - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdrestores.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - kind: EtcdRestore - listKind: EtcdRestoreList - plural: etcdrestores - singular: etcdrestore - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: "" - kubebuilder.k8s.io: 0.1.10 - name: clusters.clusterregistry.k8s.io - spec: - group: clusterregistry.k8s.io - names: - kind: Cluster - plural: clusters - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - authInfo: - properties: - controller: - properties: - kind: - type: string - name: - type: string - namespace: - type: string - type: object - user: - properties: - kind: - type: string - name: - type: string - namespace: - type: string - type: object - type: object - kubernetesApiEndpoints: - properties: - caBundle: - items: - type: byte - type: string - serverEndpoints: - items: - properties: - clientCIDR: - type: string - serverAddress: - type: string - type: object - type: array - type: object - type: object - status: - properties: - conditions: - items: - properties: - lastHeartbeatTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: dnsendpoints.multiclusterdns.federation.k8s.io - spec: - group: multiclusterdns.federation.k8s.io - names: - kind: DNSEndpoint - plural: dnsendpoints - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - endpoints: - items: - properties: - dnsName: - type: string - labels: - type: object - recordTTL: - format: int64 - type: integer - recordType: - type: string - targets: - items: - type: string - type: array - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedclusters.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedCluster - plural: federatedclusters - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterRef: - type: object - secretRef: - type: object - type: object - status: - properties: - conditions: - items: - properties: - lastProbeTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - - status - type: object - type: array - region: - type: string - zone: - type: string - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedconfigmaps.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedConfigMap - plural: federatedconfigmaps - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedconfigmapoverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedConfigMapOverride - plural: federatedconfigmapoverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - data: - type: object - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedconfigmapplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedConfigMapPlacement - plural: federatedconfigmapplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federateddeployments.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedDeployment - plural: federateddeployments - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federateddeploymentoverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedDeploymentOverride - plural: federateddeploymentoverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - replicas: - format: int32 - type: integer - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federateddeploymentplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedDeploymentPlacement - plural: federateddeploymentplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedingresses.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedIngress - plural: federatedingresses - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedingressplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedIngressPlacement - plural: federatedingressplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedjobs.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedJob - plural: federatedjobs - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedjoboverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedJobOverride - plural: federatedjoboverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - parallelism: - format: int32 - type: integer - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedjobplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedJobPlacement - plural: federatedjobplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatednamespaceplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedNamespacePlacement - plural: federatednamespaceplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedreplicasets.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedReplicaSet - plural: federatedreplicasets - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedreplicasetoverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedReplicaSetOverride - plural: federatedreplicasetoverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - replicas: - format: int32 - type: integer - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedreplicasetplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedReplicaSetPlacement - plural: federatedreplicasetplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedsecrets.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedSecret - plural: federatedsecrets - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedsecretoverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedSecretOverride - plural: federatedsecretoverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - data: - type: object - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedsecretplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedSecretPlacement - plural: federatedsecretplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedservices.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedService - plural: federatedservices - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedserviceaccounts.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedServiceAccount - plural: federatedserviceaccounts - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedserviceaccountplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedServiceAccountPlacement - plural: federatedserviceaccountplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedserviceplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedServicePlacement - plural: federatedserviceplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedtypeconfigs.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedTypeConfig - plural: federatedtypeconfigs - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - comparisonField: - type: string - namespaced: - type: boolean - override: - properties: - group: - type: string - kind: - type: string - pluralName: - type: string - version: - type: string - required: - - kind - type: object - overridePath: - items: - type: string - type: array - placement: - properties: - group: - type: string - kind: - type: string - pluralName: - type: string - version: - type: string - required: - - kind - type: object - propagationEnabled: - type: boolean - target: - properties: - group: - type: string - kind: - type: string - pluralName: - type: string - version: - type: string - required: - - kind - type: object - template: - properties: - group: - type: string - kind: - type: string - pluralName: - type: string - version: - type: string - required: - - kind - type: object - required: - - target - - namespaced - - comparisonField - - propagationEnabled - - template - - placement - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: multiclusteringressdnsrecords.multiclusterdns.federation.k8s.io - spec: - group: multiclusterdns.federation.k8s.io - names: - kind: MultiClusterIngressDNSRecord - plural: multiclusteringressdnsrecords - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - hosts: - items: - type: string - type: array - recordTTL: - format: int64 - type: integer - type: object - status: - properties: - dns: - items: - properties: - cluster: - type: string - loadBalancer: - type: object - type: object - type: array - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: multiclusterservicednsrecords.multiclusterdns.federation.k8s.io - spec: - group: multiclusterdns.federation.k8s.io - names: - kind: MultiClusterServiceDNSRecord - plural: multiclusterservicednsrecords - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - dnsSuffix: - type: string - federationName: - type: string - recordTTL: - format: int64 - type: integer - type: object - status: - properties: - dns: - items: - properties: - cluster: - type: string - loadBalancer: - type: object - region: - type: string - zone: - type: string - type: object - type: array - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: propagatedversions.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: PropagatedVersion - plural: propagatedversions - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - status: - properties: - clusterVersions: - items: - properties: - clusterName: - type: string - version: - type: string - type: object - type: array - overridesVersion: - type: string - templateVersion: - type: string - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: replicaschedulingpreferences.scheduling.federation.k8s.io - spec: - group: scheduling.federation.k8s.io - names: - kind: ReplicaSchedulingPreference - plural: replicaschedulingpreferences - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusters: - type: object - rebalance: - type: boolean - targetKind: - type: string - totalReplicas: - format: int32 - type: integer - required: - - targetKind - - totalReplicas - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: prometheuses.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: Prometheus - plural: prometheuses - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: 'Specification of the desired behavior of the Prometheus cluster. - More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - additionalAlertManagerConfigs: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must be defined - type: boolean - required: - - key - additionalScrapeConfigs: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must be defined - type: boolean - required: - - key - affinity: - description: Affinity is a group of affinity scheduling rules. - properties: - nodeAffinity: - description: Node affinity is a group of node affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). - properties: - preference: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - preference - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: A node selector represents the union of the results - of one or more label queries over a set of nodes; that is, - it represents the OR of the selectors represented by the node - selector terms. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - type: array - required: - - nodeSelectorTerms - podAffinity: - description: Pod affinity is a group of inter pod affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - podAntiAffinity: - description: Pod anti affinity is a group of inter pod anti affinity - scheduling rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more - of the expressions. The node that is most preferred is the - one with the greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field - and adding "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - alerting: - description: AlertingSpec defines parameters for alerting configuration - of Prometheus servers. - properties: - alertmanagers: - description: AlertmanagerEndpoints Prometheus should fire alerts - against. - items: - description: AlertmanagerEndpoints defines a selection of a single - Endpoints object containing alertmanager IPs to fire alerts - against. - properties: - bearerTokenFile: - description: BearerTokenFile to read from filesystem to use - when authenticating to Alertmanager. - type: string - name: - description: Name of Endpoints object in Namespace. - type: string - namespace: - description: Namespace of Endpoints object. - type: string - pathPrefix: - description: Prefix for the HTTP path alerts are pushed to. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use when firing alerts. - type: string - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - required: - - namespace - - name - - port - type: array - required: - - alertmanagers - baseImage: - description: Base image to use for a Prometheus deployment. - type: string - containers: - description: Containers allows injecting additional containers. This - is meant to allow adding an authentication proxy to a Prometheus pod. - items: - description: A single application container that you want to run within - a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be - updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The - docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: EnvVarSource represents a source for the value - of an EnvVar. - properties: - configMapKeyRef: - description: Selects a key from a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap or it's - key must be defined - type: boolean - required: - - key - fieldRef: - description: ObjectFieldSelector selects an APIVersioned - field of an object. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - resourceFieldRef: - description: ResourceFieldSelector represents container - resources (cpu, memory) and their output format - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: {} - resource: - description: 'Required: resource to select' - type: string - required: - - resource - secretKeyRef: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's - key must be defined - type: boolean - required: - - key - required: - - name - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be a - C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of - ConfigMaps - properties: - configMapRef: - description: |- - ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. - The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: |- - SecretEnvSource selects a Secret to populate the environment variables with. - The contents of the target Secret's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle describes actions that the management system - should take in response to container lifecycle events. For the - PostStart and PreStop lifecycle handlers, management of the - container blocks until the action is complete, unless the container - process fails, in which case the handler is aborted. - properties: - postStart: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - preStop: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - livenessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - name: - description: Name of the container specified as a DNS_LABEL. Each - container in a pod must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about the - network connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Cannot be updated. - items: - description: ContainerPort represents a network port in a single - container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod must - have a unique name. Name for the port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. Must be UDP or TCP. Defaults - to "TCP". - type: string - required: - - containerPort - type: array - readinessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - securityContext: - description: SecurityContext holds security configuration that - will be applied to a container. Some fields are present in both - SecurityContext and PodSecurityContext. When both are set, - the values in SecurityContext take precedence. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: Adds and removes POSIX capabilities from running - containers. - properties: - add: - description: Added capabilities - items: - type: string - type: array - drop: - description: Removed capabilities - items: - type: string - type: array - privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. - type: boolean - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to - the container - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - stdin: - description: Whether this container should allocate a buffer for - stdin in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default is - false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin - channel after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container - start, is empty until the first client attaches to stdin, and - then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container - is restarted. If this flag is false, a container processes that - reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s - termination message will be written is mounted into the container''s - filesystem. Message written is intended to be brief final status, - such as an assertion failure message. Will be truncated by the - node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. - File will use the contents of terminationMessagePath to populate - the container status message on both success and failure. FallbackToLogsOnError - will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. This is an alpha feature and may change - in the future. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - name - - devicePath - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationHostToContainer - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - required: - - name - - mountPath - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might be - configured in the container image. Cannot be updated. - type: string - required: - - name - type: array - evaluationInterval: - description: Interval between consecutive evaluations. - type: string - externalLabels: - description: The labels to add to any time series or alerts when communicating - with external systems (federation, remote storage, Alertmanager). - type: object - externalUrl: - description: The external URL the Prometheus instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Prometheus is not served from root of a DNS name. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same namespace - to use for pulling prometheus and alertmanager images from registries - see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to let - you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - type: array - listenLocal: - description: ListenLocal makes the Prometheus server listen on loopback, - so that it does not bind against the Pod IP. - type: boolean - logLevel: - description: Log level for Prometheus to be configured with. - type: string - nodeSelector: - description: Define which Nodes the Pods are scheduled on. - type: object - paused: - description: When a Prometheus deployment is paused, no actions except - for deletion will be performed on the underlying objects. - type: boolean - podMetadata: - description: ObjectMeta is metadata that all persisted resources must - have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs to. - This is used to distinguish resources with same name and namespace - in different clusters. This field is not set anywhere right now - and apiserver is going to ignore it if set in create or update - request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to gracefully - terminate before it will be removed from the system. Only set - when deletionTimestamp is also set. May only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted from the - registry. Each entry is an identifier for the responsible component - that will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that must execute - in order before this object is visible. When the last pending - initializer is removed, and no failing result is set, the - initializers struct will be set to nil and the object is considered - as initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible for - initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that don't return - other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of - this representation of an object. Servers should convert - recognized schemas to the latest internal value, and may - reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this status, - 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional properties - that MAY be set by the server to provide additional information - about a response. The Reason field of a Status object - defines what attributes will be set. Clients must ignore - fields that do not match the defined type of each attribute, - and should assume that any attribute may be empty, invalid, - or under defined. - properties: - causes: - description: The Causes array includes more details - associated with the StatusReason failure. Not all - StatusReasons may provide detailed causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases when - multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description of the - cause of the error. This field may be presented - as-is to a reader. - type: string - reason: - description: A machine-readable description of - the cause of the error. If this value is empty - there is no information available. - type: string - type: array - group: - description: The group attribute of the resource associated - with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource associated - with the status StatusReason. On some operations may - differ from the requested resource Kind. More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource associated - with the status StatusReason (when there is a single - name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds before - the operation should be retried. Some errors may indicate - the client must take an alternate action - for those - errors this field may indicate how long to wait before - taking the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there is a - single resource which can be described). More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the status - of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various status - objects. A resource may have only one of {ObjectMeta, - ListMeta}. - properties: - continue: - description: continue may be set if the user set a limit - on the number of items returned, and indicates that - the server has more data available. The value is opaque - and may be used to issue another request to the endpoint - that served this list to retrieve the next set of - available objects. Continuing a list may not be possible - if the server configuration has changed or more than - a few minutes have passed. The resourceVersion field - returned when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s internal - version of this object that can be used by clients - to determine when objects have changed. Value must - be treated as opaque by clients and passed unmodified - back to the server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why this - operation is in the "Failure" status. If this value is - empty there is no information available. A Reason clarifies - an HTTP status code but does not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a client - to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If ALL objects - in the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this - list will point to this controller, with the controller field - set to true. There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information to let - you identify an owning object. Currently, an owning object must - be in the same namespace, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the key-value - store until this reference is removed. Defaults to false. - To set this field, a user needs "delete" permission of the - owner, otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. Populated - by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - remoteRead: - description: If specified, the remote_read spec. This is an experimental - feature, it may change in any upcoming release in a breaking way. - items: - description: RemoteReadSpec defines the remote_read configuration - for prometheus. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - username: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bearerToken: - description: bearer token for remote read. - type: string - bearerTokenFile: - description: File to read bearer token for remote read. - type: string - proxyUrl: - description: Optional ProxyURL - type: string - readRecent: - description: Whether reads should be made for queries for time - ranges that the local storage should have complete data for. - type: boolean - remoteTimeout: - description: Timeout for requests to the remote read endpoint. - type: string - requiredMatchers: - description: An optional list of equality matchers which have - to be present in a selector to query the remote read endpoint. - type: object - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - url: - description: The URL of the endpoint to send samples to. - type: string - required: - - url - type: array - remoteWrite: - description: If specified, the remote_write spec. This is an experimental - feature, it may change in any upcoming release in a breaking way. - items: - description: RemoteWriteSpec defines the remote_write configuration - for prometheus. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - username: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bearerToken: - description: File to read bearer token for remote write. - type: string - bearerTokenFile: - description: File to read bearer token for remote write. - type: string - proxyUrl: - description: Optional ProxyURL - type: string - queueConfig: - description: QueueConfig allows the tuning of remote_write queue_config - parameters. This object is referenced in the RemoteWriteSpec - object. - properties: - batchSendDeadline: - description: BatchSendDeadline is the maximum time a sample - will wait in buffer. - type: string - capacity: - description: Capacity is the number of samples to buffer per - shard before we start dropping them. - format: int32 - type: integer - maxBackoff: - description: MaxBackoff is the maximum retry delay. - type: string - maxRetries: - description: MaxRetries is the maximum number of times to - retry a batch on recoverable errors. - format: int32 - type: integer - maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number of samples - per send. - format: int32 - type: integer - maxShards: - description: MaxShards is the maximum number of shards, i.e. - amount of concurrency. - format: int32 - type: integer - minBackoff: - description: MinBackoff is the initial retry delay. Gets doubled - for every retry. - type: string - remoteTimeout: - description: Timeout for requests to the remote write endpoint. - type: string - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - url: - description: The URL of the endpoint to send samples to. - type: string - writeRelabelConfigs: - description: The list of remote write relabel configurations. - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It defines - ``-section of Prometheus configuration. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - description: Action to perform based on regex matching. - Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label - values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. defailt is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular expression - for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: array - required: - - url - type: array - replicas: - description: Number of instances to deploy for a Prometheus deployment. - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - retention: - description: Time duration Prometheus shall retain data for. - type: string - routePrefix: - description: The route prefix Prometheus registers HTTP handlers for. - This is useful, if using ExternalURL and a proxy is rewriting HTTP - routes of a request, and the actual ExternalURL is still true, but - the server serves requests under a different route prefix. For example - for use with `kubectl proxy`. - type: string - ruleNamespaceSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - ruleSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - scrapeInterval: - description: Interval between consecutive scrapes. - type: string - secrets: - description: Secrets is a list of Secrets in the same namespace as the - Prometheus object, which shall be mounted into the Prometheus Pods. - The Secrets are mounted into /etc/prometheus/secrets/. - Secrets changes after initial creation of a Prometheus object are - not reflected in the running Pods. To change the secrets mounted into - the Prometheus Pods, the object must be deleted and recreated with - the new list of secrets. - items: - type: string - type: array - securityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in container.securityContext. Field - values of container.securityContext take precedence over field values - of PodSecurityContext. - properties: - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. - format: int64 - type: integer - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to the - container - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - supplementalGroups: - description: A list of groups applied to the first process run in - each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: array - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to - use to run the Prometheus Pods. - type: string - serviceMonitorNamespaceSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - serviceMonitorSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - storage: - description: StorageSpec defines the configured storage for a group - Prometheus servers. - properties: - class: - description: 'Name of the StorageClass to use when requesting storage - provisioning. More info: https://kubernetes.io/docs/user-guide/persistent-volumes/#storageclasses - DEPRECATED' - type: string - emptyDir: - description: Represents an empty directory for a pod. Empty directory - volumes support ownership management and SELinux relabeling. - properties: - medium: - description: 'What type of storage medium should back this directory. - The default is "" which means to use the node''s default medium. - Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: {} - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - volumeClaimTemplate: - description: PersistentVolumeClaim is a user's request for and claim - to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - description: ObjectMeta is metadata that all persisted resources - must have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs - to. This is used to distinguish resources with same name - and namespace in different clusters. This field is not - set anywhere right now and apiserver is going to ignore - it if set in create or update request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to - gracefully terminate before it will be removed from the - system. Only set when deletionTimestamp is also set. May - only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted - from the registry. Each entry is an identifier for the - responsible component that will remove the entry from - the list. If the deletionTimestamp of the object is non-nil, - entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that - must execute in order before this object is visible. - When the last pending initializer is removed, and - no failing result is set, the initializers struct - will be set to nil and the object is considered as - initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible - for initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that - don't return other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal - value, and may reject unrecognized values. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this - status, 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional - properties that MAY be set by the server to provide - additional information about a response. The Reason - field of a Status object defines what attributes - will be set. Clients must ignore fields that do - not match the defined type of each attribute, - and should assume that any attribute may be empty, - invalid, or under defined. - properties: - causes: - description: The Causes array includes more - details associated with the StatusReason failure. - Not all StatusReasons may provide detailed - causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases - when multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description - of the cause of the error. This field - may be presented as-is to a reader. - type: string - reason: - description: A machine-readable description - of the cause of the error. If this value - is empty there is no information available. - type: string - type: array - group: - description: The group attribute of the resource - associated with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource - associated with the status StatusReason. On - some operations may differ from the requested - resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource - associated with the status StatusReason (when - there is a single name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds - before the operation should be retried. Some - errors may indicate the client must take an - alternate action - for those errors this field - may indicate how long to wait before taking - the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there - is a single resource which can be described). - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing - the REST resource this object represents. Servers - may infer this from the endpoint the client submits - requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the - status of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various - status objects. A resource may have only one of - {ObjectMeta, ListMeta}. - properties: - continue: - description: continue may be set if the user - set a limit on the number of items returned, - and indicates that the server has more data - available. The value is opaque and may be - used to issue another request to the endpoint - that served this list to retrieve the next - set of available objects. Continuing a list - may not be possible if the server configuration - has changed or more than a few minutes have - passed. The resourceVersion field returned - when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s - internal version of this object that can be - used by clients to determine when objects - have changed. Value must be treated as opaque - by clients and passed unmodified back to the - server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing - this object. Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why - this operation is in the "Failure" status. If - this value is empty there is no information available. - A Reason clarifies an HTTP status code but does - not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is - required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If - ALL objects in the list have been deleted, this object - will be garbage collected. If this object is managed by - a controller, then an entry in this list will point to - this controller, with the controller field set to true. - There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. Currently, an - owning object must be in the same namespace, so there - is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from - the key-value store until this reference is removed. - Defaults to false. To set this field, a user needs - "delete" permission of the owner, otherwise 422 - (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the - managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - spec: - description: PersistentVolumeClaimSpec describes the common - attributes of storage devices and allows a Source for provider-specific - attributes - properties: - accessModes: - description: 'AccessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - resources: - description: ResourceRequirements describes the compute - resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set - of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - storageClassName: - description: 'Name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not - included in claim spec. This is an alpha feature and may - change in the future. - type: string - volumeName: - description: VolumeName is the binding reference to the - PersistentVolume backing this claim. - type: string - status: - description: PersistentVolumeClaimStatus is the current status - of a persistent volume claim. - properties: - accessModes: - description: 'AccessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - capacity: - description: Represents the actual resources of the underlying - volume. - type: object - conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails details - about state of pvc - properties: - lastProbeTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - lastTransitionTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - message: - description: Human-readable message indicating details - about last transition. - type: string - reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is being - resized. - type: string - status: - type: string - type: - type: string - required: - - type - - status - type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string - tag: - description: Tag of Prometheus container image to be deployed. Defaults - to the value of `version`. - type: string - thanos: - description: ThanosSpec defines parameters for a Prometheus server within - a Thanos deployment. - properties: - baseImage: - description: Thanos base image if other than default. - type: string - gcs: - description: ThanosGCSSpec defines parameters for use of Google - Cloud Storage (GCS) with Thanos. - properties: - bucket: - description: Google Cloud Storage bucket name for stored blocks. - If empty it won't store any block inside Google Cloud Storage. - type: string - peers: - description: Peers is a DNS name for Thanos to discover peers through. - type: string - s3: - description: ThanosSpec defines parameters for of AWS Simple Storage - Service (S3) with Thanos. (S3 compatible services apply as well) - properties: - accessKey: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bucket: - description: S3-Compatible API bucket name for stored blocks. - type: string - endpoint: - description: S3-Compatible API endpoint for stored blocks. - type: string - insecure: - description: Whether to use an insecure connection with an S3-Compatible - API. - type: boolean - secretKey: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - signatureVersion2: - description: Whether to use S3 Signature Version 2; otherwise - Signature Version 4 will be used. - type: boolean - tag: - description: Tag of Thanos sidecar container image to be deployed. - Defaults to the value of `version`. - type: string - version: - description: Version describes the version of Thanos to use. - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: array - version: - description: Version of Prometheus to be deployed. - type: string - status: - description: 'Most recent observed status of the Prometheus cluster. Read-only. - Not included when requesting from the apiserver, only from the Prometheus - Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this Prometheus deployment. - format: int32 - type: integer - paused: - description: Represents whether any actions on the underlaying managed - objects are being performed. Only delete actions will be performed. - type: boolean - replicas: - description: Total number of non-terminated pods targeted by this Prometheus - deployment (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: Total number of unavailable pods targeted by this Prometheus - deployment. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted by this Prometheus - deployment that have the desired version spec. - format: int32 - type: integer - required: - - paused - - replicas - - updatedReplicas - - availableReplicas - - unavailableReplicas - version: v1 - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: prometheusrules.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: PrometheusRule - plural: prometheusrules - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: PrometheusRuleSpec contains specification parameters for a - Rule. - properties: - groups: - description: Content of Prometheus rule file - items: - description: RuleGroup is a list of sequentially evaluated recording - and alerting rules. - properties: - interval: - type: string - name: - type: string - rules: - items: - description: Rule describes an alerting or recording rule. - properties: - alert: - type: string - annotations: - type: object - expr: - type: string - for: - type: string - labels: - type: object - record: - type: string - required: - - expr - type: array - required: - - name - - rules - type: array - version: v1 - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: servicemonitors.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: ServiceMonitor - plural: servicemonitors - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: ServiceMonitorSpec contains specification parameters for a - ServiceMonitor. - properties: - endpoints: - description: A list of endpoints allowed as part of this ServiceMonitor. - items: - description: Endpoint defines a scrapeable endpoint serving Prometheus - metrics. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - username: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bearerTokenFile: - description: File to read bearer token for scraping targets. - type: string - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - interval: - description: Interval at which metrics should be scraped - type: string - metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It defines - ``-section of Prometheus configuration. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - description: Action to perform based on regex matching. - Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label - values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. defailt is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular expression - for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: array - params: - description: Optional HTTP URL parameters - type: object - path: - description: HTTP path to scrape for metrics. - type: string - port: - description: Name of the service port this endpoint refers to. - Mutually exclusive with targetPort. - type: string - proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. - type: string - scheme: - description: HTTP scheme to use for scraping. - type: string - scrapeTimeout: - description: Timeout after which the scrape is ended - type: string - targetPort: - anyOf: - - type: string - - type: integer - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: array - jobLabel: - description: The label to use to retrieve the job name from. - type: string - namespaceSelector: - description: A selector for selecting namespaces either selecting all - namespaces or a list of namespaces. - properties: - any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. - type: boolean - matchNames: - description: List of namespace names. - items: - type: string - type: array - selector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - targetLabels: - description: TargetLabels transfers labels on the Kubernetes Service - onto the target. - items: - type: string - type: array - required: - - endpoints - - selector - version: v1 - - clusterServiceVersions: |- - - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: amqstreams.v1.0.0.beta - namespace: placeholder - annotations: - alm-examples: '[{"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"Kafka","metadata":{"name":"my-cluster"},"spec":{"kafka":{"replicas":3,"listeners":{"plain":{},"tls":{}},"config":{"offsets.topic.replication.factor":3,"transaction.state.log.replication.factor":3,"transaction.state.log.min.isr":2},"storage":{"type":"ephemeral"}},"zookeeper":{"replicas":3,"storage":{"type":"ephemeral"}},"entityOperator":{"topicOperator":{},"userOperator":{}}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaConnect","metadata":{"name":"my-connect-cluster"},"spec":{"replicas":1,"bootstrapServers":"my-cluster-kafka-bootstrap:9093","tls":{"trustedCertificates":[{"secretName":"my-cluster-cluster-ca-cert","certificate":"ca.crt"}]}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaConnectS2I","metadata":{"name":"my-connect-cluster"},"spec":{"replicas":1,"bootstrapServers":"my-cluster-kafka-bootstrap:9093","tls":{"trustedCertificates":[{"secretName":"my-cluster-cluster-ca-cert","certificate":"ca.crt"}]}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaTopic","metadata":{"name":"my-topic","labels":{"strimzi.io/cluster":"my-cluster"}},"spec":{"partitions":10,"replicas":3,"config":{"retention.ms":604800000,"segment.bytes":1073741824}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaUser","metadata":{"name":"my-user","labels":{"strimzi.io/cluster":"my-cluster"}},"spec":{"authentication":{"type":"tls"},"authorization":{"type":"simple","acls":[{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Read","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Describe","host":"*"},{"resource":{"type":"group","name":"my-group","patternType":"literal"},"operation":"Read","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Write","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Create","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Describe","host":"*"}]}}}]' - spec: - displayName: AMQ Streams - description: | - **Red Hat AMQ Streams** is a massively scalable, distributed, and high performance data streaming platform based on the Apache Kafka project. - AMQ Streams provides an event streaming backbone that allows microservices and other application components to exchange data with extremely high throughput and low latency. - - **The core capabilities include** - * A pub/sub messaging model, similar to a traditional enterprise messaging system, in which application components publish and consume events to/from an ordered stream - * The long term, fault-tolerant storage of events - * The ability for a consumer to replay streams of events - * The ability to partition topics for horizontal scalability - - # Before you start - - 1\. Create AMQ Streams Cluster Roles - ``` - $ oc apply -f http://amq.io/amqstreams/rbac.yaml - ``` - 2\. Create following bindings - ``` - $ oc adm policy add-cluster-role-to-user strimzi-cluster-operator -z strimzi-cluster-operator --namespace - $ oc adm policy add-cluster-role-to-user strimzi-kafka-broker -z strimzi-cluster-operator --namespace - ``` - keywords: ['amq', 'streams', 'messaging', 'kafka', 'streaming'] - version: 1.0.0-Beta - maturity: beta - maintainers: - - name: Red Hat, Inc. - email: customerservice@redhat.com - provider: - name: Red Hat, Inc. - links: - - name: Product Page - url: https://access.redhat.com/products/red-hat-amq-streams - - name: Documentation - url: https://access.redhat.com/documentation/en-us/red_hat_amq_streams/1.0-beta/html-single/using_amq_streams/ - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAABHNCSVQICAgIfAhkiAAAAAlwSFlzAAAlywAAJcsBGkdkZgAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBoAACAASURBVHic7d13nBx3ff/x13d29/aK6kmyyjXJlnVqLpJV3ABL2GAnuIANJAZDjGkmIWCn0H4ktCTEgfwI5AeEOPyMSRwTmktiwJIlGVu2ZEkWtnxFXbrbu1M9lWtb55s/7k7tdu+2zMx3y+f5ePDgbnZn5i1Zn8/07yhEQWuvpWLAx+yETb22qFM2FwHVKKYA1RqqFVQD5UAQqByatRyoGPp5AAgP/dwHRIEBBd02dCtFNzbdQLe2OKxs2i0fbZVxDtaFGPDsDyscp0wHEGPbehWBiqNc6oNFGhYDC4E5KOrRTDMc7zDQBhwAmhQ0KYs3Og+wZxXEzUYTY5EGkGd2zyUYi7PEslmpFSvRXAbMA8pMZ8tQFEUrmh0KXlE2m+IT+d2iJqKmg4mzpAEYtnsG02IBVqO4RmlWoljC4K56MQoDr6LYrDQv6QTrF3Rw3HSoUiYNwGPrwT+jniuAW4F3AEsAy2wqY2xgu4K1NqytsHhxzoEz5yKEB6QBeGDPJVwUi3GH1tyhFDdw9uSbOF8fsEErfumL8WRjJ8dMByp20gBcsmMWdX4/tzC4pb8Z8BuOVGgSwCYFP1U2P2sM0WE6UDGSBuCgvRczMRrnvcAfAVcjf79OsTW8hOKRQICfXrqH06YDFQv5B5ojDdaueq614R7gfUCV6UxFLgw8Dfx4fhvPqME9BZElaQBZ2nMJF0XjfEzZfBhFvek8JeqA0jzsi/GDSw9x1HSYQiQNIENNs7nSsrmfwS2+nMzLDxEF/4XNN+aHeN10mEIiDSANGqzWBu5A8yngzabziFGtU5pvN7bztBq8zChGIQ1gFBqsnfXcacOXFSwwnUdkpFnD3y9o4z/kPEFq0gCSGC58DV8FGk3nETnZB/z9oTZ+KM8mjCQN4BwarNZ67tHwRQWXmM4jHKTYpTRfbWzjMTk0OEsawJCmet7qg29ouNJ0FuGqV5Xiz+cfZL3pIPmg5BvAztnMt22+ArzbdBbhqbVa88DCdt4wHcSkkm0Au2cwLV7GV4H7kNt0S1UMzQ9szV8tCtFtOowJJdcANKiWeu5Rim/kwWAaIj90A5+b38a/KtCmw3ippBpAUy1zLYvvATeaziLy0m99io/PO0iL6SBeKYkGsPUqApVHeVDBlynewTaEM2IK/tFXxl9fuoeI6TBuK/oG0FLPVRp+LDfyiAy9Yfl4f+N+XjMdxE1FOxKNBl9zPZ8BXpLiF1lYbCfY0lLPlzT4TIdxS1HuAbTMZjY2P0Lu2xfOeNm2+cCiEHtMB3Fa0e0BNDdwHzY7kOIXzrnGstjWXM8HTAdxWtHsAeyfTXkkwT9rxX2ms4jipeDHvXE+vqyTftNZnFAUDaCplrmWj5+judx0FlEStvvgrnlt7DMdJFcFfwjQUs87LItXpPiFh5YkYHtzA+80HSRXBdsANFgt9fwd8BQw2XQeUXImKM3PWur5si7gPemCDP7adKoCQf5Dwe2mswiB5hd9Ce4pxPMCBdcAmhuYqTRPActMZxHiDMXmuMXtl+3nsOkomSioBtBcx2Kl+G+gwXQWIZLYb8M7FrXRbDpIugrmHEBLHW9Xio1I8Yv8NccHG1sbWG06SLoKogE01/FeFE8DE0xnEWI0GiZpza9a67nLdJZ05H0DaK3n/Urx70DAdBYh0lSm4fHWOu41HWQsed0AWuu4X8OPkBF7ROHxacW/tdbzKdNBRpO3DaC5ns9oxXfJ44xCjEFp+FZzA180HSSVvLwK0FrHV7TK3780ITIV1vxoSTt/ZDrHhfKuATTX8YBS/KPpHEI4pc+GfhuC8JuVndxsOs+58mr3uqWBP5HiF8VkuPgBIvD2TbX83Gyi8+XNHkBLPR8EfkieNSUhsnVu8Z8rqHh0ZQcf9D7RSHlRbC0N3Ak8TJ7kESJXqYofIKL5wNZa/snbRMkZ3wNoqePtQzf5yHV+URT67cEGMJYKi88sD/GQ+4lSM9oAmupZ6IONGiaZzCGEU0bb8l9IgQ5a3LUixC/cTTVqBjOaZjPDstmE3NsvikQmxT9MQSJYxrIVB/idO6lGZ+SYu72WCkvzBFL8okhkU/wwOHx9PMaLv51h5jV1njcADVav4j/QrPR63UK4IdviHxbXVPl9vLbVwHkwzxtAaz1/gyr8sdSEgMHCz6X4h8U1MxO1PJf7kjLjaQNoqedW4DNerlMIt/SlebY/XRGbN71Sw1edW+LYPDsJOPRm3q3ARK/WKYRbct3tT8UCXWWxekmIDc4vfSRPGkB7LRW9FhuBJV6sTwg3uVX8w3wQrlbULujguHtrGeTJIUCvxXeR4hdFwO3iB0hA+UnY5O5aBrneAJobuA/y7zFIITLl1Am/dMQ0c7fU8i9ur8fVQ4Bd9VycgN8B491cjxBu82LLfyELtGWx6toQz7u4DndosBLw/5HiFwXORPED2KCweaoJytxah2sNYGcDn0de0S0KnKniHxaHCb01/NKt5btyCNDcwFKleRkXO5cQbjNd/OeqtHjfshCPOb1cxxvA7rkEY1G2K1jg9LKF8Eq6j/R6xacI63FcdP1OepxcruOHAPEon5fiF4XM6Tv8nJDQlAd6nT8UcHQPoKWGefh4DSh3crmidCl/AFVZ5dn6eqMx+nr7PFtfJhQQgLdf3cmzTi3TsRduaFCtPr6HFP9ZPh/THvgyE+68B6tKLoZkyo5G6T64D6thrmfrnAzEDnVw5Oufo2fDrz1bbzo0YCse1zBFDf6aM8f2AFob+JDW/JtTyysGk+/9U6Z/KS+Gfis4diTM0abXsermGFm/Dg+w55alJE64fjduxip8fH95O/c7sSxHzgHsnsE0rc2ObZaPxt2QV0PAFww7EuZos7niB1DlFZQvutLY+kcTSfDRjXVc4sSyHGkA8TK+BkxxYllFxS/jnGbKjkYGt/y15op/mMrT/342WH7bmfcL5NwAdjWwAPiQA1lEibOjEY6+8ZrRLX+hiGiu2DqD3891OTk3gLjNN5G394ocSfFnLmrxcK7LyKkBtDawWiluyTWEKG2Du/1S/JmKw4wtNTyQyzKybgAaLK35h1xWLsSZ4s+DY/5CFNX8jc5hDzzrGVvruQdYmu38QtjRCEebd2RU/InOdnr37kTrs5fBA8EgVSveBOr8q9p2z2l6XtuCtgdv67MZfL528tKVWJXjHPkzmJaAii2z+Bad/Ek282fVADT4WhWfd+ZWBFGK7GiEY807sGoyezVEZ9PrHKmeMWL6ZbubKZu36Lxpp7dvYm/VyItTeusmpr75xswC57GY4iNN8OAiiGY6b1aHAK31vB/NvGzmFWJ4t19lWPwAWiW/d03HRv7bt+3kN/TbdiLj9eazhKasdxbfzGbejPcANPha4XPZrEyMLXHqBD1NvyMeiVBWNY5xly3Fqqgce0at6dy4gZOhNnzBINMXLGbS/MXuB86Q6Tv8ilVc8dGt8OAyiGUyX8YNYGc9fwg0ZjqfGNuJjeto81WQKJ945omKwLYtzKkqZ9yS1C9S6m0/wLZ1axmYXguTpgOwf387U15+kaXvuxdfWdCL+GPyuviLazs/uoSmzK7jIdozuyqQ0SGABp+GL2QWTaSj59VN7C+fSOKCYo1VjmdPVBPZtzPpfIlImC3Pbxgs/nMpxfGZs3n1sUdcSpwZE7f32iV2jipmc3+mVwQyagCtDdwOzM8olUhLx6meEWexh9mBMg7tbEn62f5fPUlk6siTYsO6p9dzet8uRzJm60zxy6U+VyU0wc01/HUm82TUAJTm05lFEumwe3vonzj6oxSnxk9OOr37xIlR59NKceSN17LOlispfm9p+EQm30+7ATQ1sETDmzKPJMaUYst/Lq2S/6dKdVb8vO8YOustxe+9mKZ6aw3vTvf7aTcAS/Op7CKJsVhV4yjvH32ot/Gnu5NOn1A19mg51XO9P2rzuvjzbAQvo+Kk/4LRtBrA7hlMA96bdSIxppnWKGesbJvpNTVJP7rk5tvw95xMOeuEroNMWeztc+0mtvyldsJvNDFN49ZZ6Z2rS6sBxIJ8HBnqy1WTr72BmpOHRwzRZCXizOk/QdXly5LOVzZ+Aksa5+E/NXIPoepIB0tvfacLaVOT3X7zNJCwSGsoqjEvGWiwWm0+7N2LxEvX9NW3MOnAHk7t3UU0FiPos5i08HICNStGnW/K5Uu54ZJ57F/zDKdOdmNpmFpbR/377wXLk/e/AsPFn9m9/cIdMZvVGnxqjNshxmwALfWsVlDvXDQxmuDsuVw0O/NBMP1V47j0jve4kCg9djTC0ZY3sGpnG8sgzrLBv6WWPybEt0f73pibB6W517lYohglImGOtTZl/GBPVlLtiaa4SpL0qxl8t5AlNJ8c6zuj7gHsvZiJ0Th3OBdJFJtEJMzxnc2omXWerG/arFp8HaHzpvksReXlbx3x3eoFlxFPcg/EpCtK4yn2hOaSrVOZuewYXam+M2oDiMb5AyCNJ1FEKbKjEY61vOHNln9IxYLLqVlweVrfDcyooWZG8qsnpcAGlSjna8B9qb4z1r7QB52NJIpFIhLm2M5mT4tfZC6huXO0z1M2gN011AJXO55IFLxEJMzxXS2oGbVjf1kYFddM3NqQeuSulA0g4eNOXHp9uChcg8XfKsVfQOJx/iLVZykbgIZ3uRNHFKqzxV+6x9WFSMPbUn2WtAHsmMN04DrXEpUKXTz3pybCw7v9JVT88bjpBI6Iaao31yQfwi9pA/AnuAPwuZqqBERTDOJRaBLhMMd3l9Yxv45FCe98w3QM5yg+k2xy0gagNbe7m6Y0HP/u14kd3Gs6Rk5KsfjtgX4OffXPiR89ZDqKY2w7+WvERpzk2z+b8rDNceT6vyNUeQWVV12LNanadJSsxI8dIRI64Mm6Jj76LNbE5AOfZOPkzx7l+CPfyXi++KFOdDyjsTXzngIdn8yEVU30njt9xI1AAzbXKyl+x+jwAH0bnzMdI+/12TAh4dzAJaeeeIxDf/uXkGJo8FKjQY0/xb3AeR1xxCGABTd5lkoIBou/38E6PfXEY3R95UEp/gvENSOeFhvRALQ0AOEhx4v/yf+U4k/BhhEjw5zXAHbOYipwhWeJRElzvPifepyuLz8gxZ9CXDNuSz0XnzvtvAag/ay+cJoQbuh3o/i/9Gkp/jHYcT527u/nnQTUcvOP8IDTW/7Tv/4lh2TLnx7FqnN/tS74MPX7p4RwgOPF/5sn6Po/f4x28ApCMUvo81/rd6YB7J5LED3yJIEQTnGl+L/wCXSR3LLrhThM2Drr7GX+Mw0gHmMpkB9vkRRFx/Hif/ZJKf4sxdXZMQLONABty7P/wh2uFP/n75fiz5KCW4d/PtMAlMVyM3FEMXP6bH/Pmqek+HOkFVcN/3z2KoDmMiNpRNFyesvfs/ZpOj/3cSn+HCVsZg7/bAFsvYoAJH9eWIhsuFL8n/2YFL8DbKhogjIYagAVR5nH0AQhcuV88f83nZ+VLb9TNBCZxZthqAH4YJHRRKJoOF78z/3P0Ja/uB7PNc1WrIahBqClAQgHuFL8n/moFL8L4rAMzp4EXGgwyxmBmgamfOqLBOctRvnHfG1hehIJEr2nnVlWnosdPczAxGrwBzxbp338CJGnH+fkmqdzLn5tn72br3fdM1L8LtJD5/yGq8z461ytikrqf7KeQJ3xKAUp3Laf3mk1+Kuner7usutv4tTA++G3z+a0nJO/+HemfviBwTv8vvhJKX4X2ZpqGBoSrKWeo4D3/3LOUXn1DdT/ZL3JCAUr3LafUwNhLAPFP+zUMz+n6/P3G1u/yIwFies78VtD9wUbLX4A38RJpiMUpEhHG6cGBowWP4Bv3Hij6xeZscG3aS4TrPFl1JsOI7IT6WjjZG8vVvU001FEAfKFWWrZCeTtjgVIil/kSimWWijZAyg0UvzCCVqz0FKai0wHEemT4hdOsTUz/dqimuJ5hV1Ry6b47eNHSJzsPjvBsgjUzobAyDu/dW8P8cMd503zT69ByQm+oqSh2s/Q9UCR37Ip/sTRQ7y+/yC27/ybqmbsXUPNjSPfFNX66lb6qyacN62iaxsLr78hq8wiv2mYZIE0gHyX7W6/ffrkiOIHiFjJ7xQMV47c0g9UjC+qtxyL84y3gCmmU+TEtol1hYgd6cp41oGjhzmxu4Vob48LwZwRbtsnx/zCFTZU+QHn3sbosRMvP0+HVUY0MDiUYXD3bmpUgknXrhp9vl0t7Nj0Ev0XDb3rfvc+Jh3t5Iqb30HF9JmjzuulcNs+TvUPYE2R87TCBZpyiwJ9EejhF9ayPzj+TPEDRCrGsa98IsfWPZNyvpN7drKlZefZ4gewfJycXsdL69YS7j7mZuy0SfELt2mFz6IABwKJHNxLZ1XqUxft46cST3FIsOPF57GD5Uk/i02eRuszTzqSMRdS/MITGlWQDeDUvt2jXrnUPj89O5tGTI+e7KZ/et2oy+72mR0Z3WTxy6m+0qLBKsgGkEjjLTCxgf4R0yInutFKjb7s8oqsc+VKtvzCY4W5BxAsT74Lf953KqtGTKusqUNFI6POV9ZzIutcuZDiF15TDA4JVnANYOKiK/GNMlhE4PQJxi9ZMWK6ryzI1O5Doy57ZuXYzcVpUvzCBHtoD6Dg+CZPYQ4xVGLkKLG+yABzxldiVSW/fXXx7XdRfqQj6WeTQnuZ9667Hc06Fil+YZIfiALeb/ZyNGHF9SzY1cyRPTvpq5yATsQZ13+a6YuvIDgn9SsOgpOncN0dd7Hr6Z9xNAGJsnICfT3MmjyBuR+6f+i0iDek+IVJFuiCbQAA5fMWUj8v8/FMAxMmsuh997mQKH2RjjZjxS8v0hYweNXHYrABCA9FOto42dNjbMsvl/vEkDN7AMIjXha/f0YtE9teYqB83JlpWttMspK3gOoThzk97vw7wyf0nYAxLp2KwqTAlgbgIa+3/KpqHHNXvS3t78++aeQjwqJ4WQrbAvpMBykFpnf7hbiQ1iQsBd1jf1XkQopf5COlCFu2NABXSfGLfKUUfRaa46aDFCspfpHnTsshgEsiHW2cPC3FL/KXBSf9gJmnXy4QP3rYdATHhNv2caqvH2vqdNNRPBM/3Gk6gsjcCUtbHDGdAiD8+hYGtm8yHSNnpVj8id7TnHjsX03HEBlS0OVXNm3kwX0eOh6n/Q/fyqS7P0rZJfMzvvlk3E234Z82w8E8Mbr/9R8znEnT130Myr0fZS2mIW7gFr/4scP0PPc/xA4lf8BK5C+taVatc2jUCVpNh8lV2cWN1D++Dv/0WY4sz+7vY9eCcWN/MQ/02dBvm04hCk25xQ1WVYw2iuD28Oi+nbT9weqSOxaV4hfZ6pvINqsuxACK/BgKN0el1gSk+EW2FCRWNdE7+PC75qDhPI4plSYgxS9y4YN+GHwcGA37zMZxVrE3gX4pfpEjyxrc67cAFLSYjeO8Ym0Cffbg/4TIhYLdcLYBvGE2jjuKrQnIbr9wiqXZCkMNwFKMfItGkSiWJiDFLxylWANDDaDjILuB0QfML2CF3gSk+IXTVIiNMNQAVkEc2GU0kcsKtQlI8Qun+RX9yyAGQw1gyOuG8nim0JqAnO0XblBwpgCscya+YiaOtwqlCcjZfuEWv2LL8M9nG4BN4T+Kl6Z8bwKy2y9cpXhq+MczDaBnOtuBASOBDMjXJiDFL9zW284Twz+faQDLthEDthtJZEi+NQEpfuE2v+LkKggP/37+i/BU6RwGDMuXJiDFL7xgcf6j//5zf1Galwv+ueAsRPftpO3uGwfHE3BwUBGASe+9jwnvugerKvXYAjZgl+Jf/Fi05ljLDnwz67xbpW0T6zjIsR98k+jenZ6t1ys+WHfu7+cNu9NSwxR8HOHCPYMSUTZ3wZkmEGl5nf03X5HT8ia+6x5m/t9HHUpXYrQmtO5XBC9fbmT18eNH2X/HtSR6ThlZv1vGBZm9dP/Zp3/PK/QFHRwHXvU8VZ6I7mnh4G0rOfS5j9H+gZtzXt74W+50IFUJ0pqOdb82VvwA/inTqLjqGmPrd4MPes4tfki+pV/jUZ68FOts4+RjPyB+pCvnZanKKgcSlRit6Vj3K8ouX2Y6yaiHbYXIr0Zu3Ec0AKVKuwEIg84Uv7ktfzFT8JMLp41oAIlxbEReGCq8NrTbL8XvDgXamsGPLpw+ogEsaiIKbPAilBDAOcVvfre/WAUUh5ZtGxwG7FxJz/ZrxS/djyQEg8W/XorfbZbi6WTT/ckmqjhP4OP7qT4XwhFa07HhWcouS7/4dSRMOHTgvGm+iirKZiW5V0Brwvt3o/XZO6wsn59gwyUZv3im0CmLv082PWmBL+jgeEs9LwCrXE0lSpfWdDy/hrLFSzOaLfTCcxyZfMHNWid6WRyNEpx9yXmTu19az/7yiSOWcXHXb5l8zVsyjlyoAopjy9uSD/yb+oYfxS9cS1QiEnJ3X3Ja07H+N5QtWpLxrFGdZMutFPHe0yMmx6LRpMuIRcJJpxcrBb9O9VnKBmAl+CWDd6mKLPTZ2f/lRQ510tP8OtEM35gc6+vl8PYtHHvjNexono7wpjWd639D2WVXmU5SMvxBHkr5WaoPGkN0NNfzkoLr3YlVvLIdyadv707a9++jv3rozcIH2xn3ykvUX7GU8tqGlPPZsSjbHnuE7snT0WVBAFRzM3U+zcI7787mj+Cazg3PEpDi94xfcWLZPnak+nz0e/7VyOuGYnTZjuQzcGAvu492ny1+AMuid2YDu3bvIXY89VvcNz76Q45Prz9T/AB6wmTaqqrZ8ZMfZx7GJZ3rf0Mgw2N+kRu/4qejfT5qA9D9PA70OpqoiOXySG/7rlbscwr4XPGJk+nY9GLSzw5uWENfzeyUy+0oH09/hocSbpDi954FOhbji2N8J7VFR+lVyD0B6cil+O3wAH1TRn8M+XTlhKTTO/ftGX3hwXI6trycXTCHdG54VorfAL9i93WHSb3rSDqP/SoecSpQscp1MA87EkGPcV3aLq9MOj3O2Nezo2FzZ707NzxLIIuz/SJ3Ps23x/rOmA2g8SDrKbKXhzrJiZF8/BMn4YuNftY+cPpE0umVwbIxlz9hurODnKSrc8MaKX5DfIrYsk6+N9b3xmwACrTS/NCZWMXFyXH7p/SNPvDEtIrk5wcufdMqiCW/3g3gP36E2qvflFO2bHQ+v4bAois9X68Y5IO1Ko0r0WmN/KMS/AslNGJwOpwet3/W9asYd+Jo0s8mH+3gojffmPSzCfVzmOPTkIiP+Ez1nuaKK69E+XzOBU1D5/NrCCyU4jfJVvxpOt9LqwE0dnJMaR7LLVLxcGMAT6ssyLxVN1EX6WHcyWOU9/cw/lgXs+MDzHn7raPO2/h7t7N0dj3jD7fjP3GMwLHDVB/t4Pq3vIVpiy53NugYun67VorfsCA0XRtijLPDg9J+2MeGbyn4EKRx1qmIuTp6r2Ux7Zq3MC2LWS9adDkXeVzsF+p6YR3+BbmNoyhyZ/n4QtrfTfeLC9t5gxIfJ0CG7k6t68X1+OdfZi5AJk/3FfGTgAHFseXtPJnu9zN63Fdp/kmr0nxCUF7UmVrXxg34Gxd7sq7JleWEe06COrvtCsTClC9bOeK746bPpPLwUWzr7DkQlYgzvq7Wk6wm+BTfyeT7GTWAxnaeaq1nB2Cw1XtPtvypdb2wztMtf/V1q6lO87tVC69gwUJX4+QVnyK8PMTfZDJPRuP/K9Ba87eZxSpsUvypdb3obfGL0fkV31GQyGSejF8AsqCd/wLeyHS+QiTFn1rXi+vwN0rx5wtLEVkR4vMZz5fpDApspfh6pvMVGin+1KT480/A4rsKRt4MMoasXgHWeJDHgeJ7cdoQKf7Uul5cL8WfZ3yKyIp2/jKbebNqAAoSCr6Wzbz5Ts72p+bl2X6RvoDi+9ls/SGHl4A2tvEYsDXb+fOR07f3Ro8ccm5hhh3a/CL+eYtMx/BU/FCH6Qhj8kPv8hAPZjt/1g1AgY3Nn2c7f75xY7e/85H/hx7lQZ1C0fXy8/gubjQdw1N9r7xA//bNpmOMKQCfTeehn1RyviWqpZ4ngdtyXY5Jbh7zV81fzNRb30PZ1OljfzkPhY8eou/4MU/WNfUjD2I5+ELVeFeI07/ObDwbnUgQ2dtKz5qn0fGYY1ncELAIXRMiyQsR0pdzA2idQ6NOsAMI5LosE+SEX/64dF0zvuqpjiwr1hWi7SPvJBY6OPaXC1QF3LS8k7W5LCPrQ4Bh8/ezE80Pcl2OCVL8xakUir8MtuVa/OBAAwCwNX8Fo489lm+k+ItTKRS/BbYu4y6HlpW7RSG6NfyFE8vyghR/cSqF4gcos/jONQc44MSyHGkAAAvbeBRy3yVxmxR/cSqV4g8ojq0I8WmnludYAwDQNp8A8vbFa1L8xalUih+gXPFuJ5fnaANYGGI38HdOLtMpUvzFqcSK/1dLQs4OyuNoAwCwx/N18uxpQbm9tziVUvH7YMCa4cyJv3M53gAWNRG14Q/Ik0MBp2/vFfmhlIpfAWUW9yzbRr/Ty3a8AQAsaqNJw1+7sexMyG5/cSql4gcos3hieYifu7FsVxoAwII2voE2N4ioFH9xKrXi9ytOrgg5v+s/zLUGoMD229wDJH+nlYuk+ItTqRW/BdqCWzId5ivDdbjn0g5CGueuWaZDTvgVp1IrfoAA/PPVHWxycx2uNgAYvEFIwcNurwfkhF+xKsXiL1PsWNmZ3uu9cuF6AwAIWnwS2ObmOmS3vziVYvH7FX3xcVznxbo8aQBzDhDWPu4EXHmwXIq/OJVi8SvQQZtbrt9Jjxfr86QBACzcz0ENd+PwCQ0p/uIU7wrRdt/tJVX8ABWKv7qqixe8Wp9nDQBgYRtrILM3l4xGTvgVl/CuJgBine0cvO92Yp3thhN5q1zx3LIObwfb9fwtiRpUax3/juLuXJYjW/7iY1VUUrnsOgZe30rilOdXj40KKNqv7mCOm5f8kjHyXdGzvgAABdxJREFUmtT9sykP26wDrslmfil+UUx8it7xPuovb/P+nhlPDwGGzTlA2IpzG7An03ml+EUxsSBebrPCRPEPrd+Mxk6OWRa3ksGdglL8opgohQ7Y3HFVFy2mMhhrAACNB2hViruAMQfPlxN+otgEFZ9eeYj/MZnBaAMAmH+QdVrzXkZ5tZHc4SeKTdDioRUhvm06h5GTgMm01vN+DT/igqYku/2i2JQrfrCig4+ZzgF51AAAWhv4kNY8zFAuKX5RbMotHlsR4n2mcwzLqwYA0FrPpzR8S4pfFJug4pmVHfy+6RznyrsGALC9jkd6EnzQdA4hnFKmWHd1B281neNCedkAAF6p4cmwLuyXjgoBELT4zcoQN5vOkYzxqwCprOjg9qDFf5rOIUQuyhSP52vxQx43AICVIe4uh++aziFENsotHr66gz80nWM0ed0AAFZ08sdBi4dM5xAiExV+/mFFiI+YzjGWvD0HcKHNNTwQ03zTLqDMovQo0AHFg1d38C3TWdJRUMW0ZQa3RH08mdAETGcR4kI+RaxMccfyEM+YzpKugmoAAC/PZIG22BzXjDedRYhhfugJalaafLAnGwXXAAC2XszEWITXYpoG01mECChCExRXLArRbTpLpgqyAQBo8G2exfoovMl0FlG6yhXPLe/gbQoK8r7VvL8KkIqCxNWdvLnCxxcUaNN5RGmxQFcovrCigxsLtfihgPcAzrWphqttWBvXVJnOIoqfX9EftLnZy9F73VIUDQCGzgtEeTFms9h0FlG8Aha7A2UsX7aPU6azOKFoGsCwLbX8S1jzEa2L788mzLFAB+CfvXhdl5eKskhebeCacJxn4ppJprOIwudXnKrQ/N6STl4yncVpRdkAADRYr8ziZ1F4p5whFNlQQFDxq+Ud3KZGGbKukBXsVYCxKLBXdvKuCsV7fIqw6TyisPhgoMzHO1d08HvFWvxQxA1g2LIOfqoU1eWKp01nEYUhqHhej2f6ynaeMJ3FbUV7CJDM9lpuCGt+GtNMNZ1F5B8/HA8q3nNVB+tMZ/FKSTWAYVtq+XrE5i/sEtgDEmOzwA5aPLw8lB8j9XqpJBsAwMY6LvHb/DyiucJ0FmFO0GKbr4x3LdtHm+ksJpRsAxi2ZRY3xRU/jGlqTWcR3gnA4TLF3aW0u59MyTeAYZtm8Qlb8ZDcTlzc/Io+n+ZzKzv5juks+UAawDk0+LbM4tsxxYcTmjLTeYRzfIpIQPH95SEeLOSHd5wmDSAJDf6ttXwtqvlUQlNuOo/InqWIBBU/qgzxyUVpvIS21EgDGIUG35YavhSHB+OaStN5RPr8inBA8agK8SfLIGY6T76SBpAGDb7NNXxJwydimmrTeURqAcVxn+Lby0N8TXb1xyYNIENbZ/G2uOKhqFw+zBsKCFjs8yv+bFkJ3L3nJGkAWdpcwzwU34nZrLbBbzpPKbIUMT+sTVh88rp29prOU4ikAeRIg7W1lnsTmj+La+bLewvcF4CDfovvLgvxDdnNz438Y3XQ1qnMTJTztYTmzrhmouk8xcSvOOFX/DQW44vXHeaI6TzFQhqASzbXMM9S/Fnc5vYYTDedpxD54bQPnisr4ytLDvA703mKkTQAD2yq5VIFn7Vtfj8BF8lhQnIWaL/ikKX4b+3j71YeZL/pTMVO/iF6bDcET9TybjR3x2FlvMQvK/oU/X543VL8MlLF967fSY/pTKVEGoBhmxuYQ4yPoVid0DTGYYLpTG4KKE4paPXBc7qc76/YS7vpTKVMGkCeeamWCgvuVJrbtOKqhGamrakoxHEN/Yp+BZ0+2KosnprUzi8uhYjpXOIsaQAFoAnKIrN4cwxu1IqlGubZmmoNlTb4TGZTkPBBv1IctzS7lGKbD9bqDl6QW3DznzSAAvdiI+MrelmuLa5MaBagmQVUa5ikYbwNVWjKUYONQmt8eui/+/D/K4Ue+kUrRYLBDxNKMaCgX8Fp4JRSHFfQqTUtlmJ770S2rmqi19AfXTjgfwFVFcHePttw0QAAAABJRU5ErkJggg== - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: strimzi-cluster-operator - rules: - - apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - create - - delete - - patch - - update - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - rolebindings - verbs: - - get - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - kafka.strimzi.io - resources: - - kafkas - - kafkaconnects - - kafkaconnects2is - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - delete - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - deployments - - deployments/scale - - replicasets - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - apps - resources: - - deployments - - deployments/scale - - deployments/status - - statefulsets - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - events - verbs: - - create - - apiGroups: - - extensions - resources: - - replicationcontrollers - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - apps.openshift.io - resources: - - deploymentconfigs - - deploymentconfigs/scale - - deploymentconfigs/status - - deploymentconfigs/finalizers - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - build.openshift.io - resources: - - buildconfigs - - builds - verbs: - - create - - delete - - get - - list - - patch - - watch - - update - - apiGroups: - - image.openshift.io - resources: - - imagestreams - - imagestreams/status - verbs: - - create - - delete - - get - - list - - watch - - patch - - update - - apiGroups: - - "" - resources: - - replicationcontrollers - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - kafka.strimzi.io - resources: - - kafkatopics - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - apiGroups: - - kafka.strimzi.io - resources: - - kafkausers - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - deployments: - - name: strimzi-cluster-operator - spec: - replicas: 1 - selector: - matchLabels: - name: strimzi-cluster-operator-alm-owned - template: - metadata: - name: strimzi-cluster-operator-alm-owned - labels: - name: strimzi-cluster-operator-alm-owned - spec: - serviceAccountName: strimzi-cluster-operator - containers: - - name: cluster-operator - image: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-clusteroperator-openshift:1.0.0-beta - env: - - name: STRIMZI_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: STRIMZI_FULL_RECONCILIATION_INTERVAL_MS - value: "120000" - - name: STRIMZI_OPERATION_TIMEOUT_MS - value: "300000" - - name: STRIMZI_DEFAULT_ZOOKEEPER_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-zookeeper-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafka-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_CONNECT_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkaconnect-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_CONNECT_S2I_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkaconnects2i-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TOPIC_OPERATOR_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-topicoperator-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_USER_OPERATOR_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-useroperator-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_INIT_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkainit-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TLS_SIDECAR_ZOOKEEPER_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-zookeeperstunnel-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TLS_SIDECAR_KAFKA_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkastunnel-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TLS_SIDECAR_ENTITY_OPERATOR_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-entityoperatorstunnel-openshift:1.0.0-beta - - name: STRIMZI_LOG_LEVEL - value: INFO - customresourcedefinitions: - owned: - - name: kafkas.kafka.strimzi.io - version: v1alpha1 - kind: Kafka - displayName: Kafka - description: Represents a Kafka cluster - specDescriptors: - - description: The desired number of Kafka brokers. - displayName: Kafka Brokers - path: kafka.replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: The type of storage used by Kafka brokers - displayName: Kafka storage - path: kafka.storage.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Kafka Resource Requirements - path: kafka.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - description: The desired number of Zookeeper nodes. - displayName: Zookeeper Nodes - path: zookeeper.replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: The type of storage used by Zookeeper nodes - displayName: Zookeeper storage - path: zookeeper.storage.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Zookeeper Resource Requirements - path: zookeeper.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: kafkaconnects.kafka.strimzi.io - version: v1alpha1 - kind: KafkaConnect - displayName: Kafka Connect - description: Represents a Kafka Connect cluster - specDescriptors: - - description: The desired number of Kafka Connect nodes. - displayName: Connect nodes - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: The address of the bootstrap server - displayName: Bootstrap server - path: bootstrapServers - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: kafkaconnects2is.kafka.strimzi.io - version: v1alpha1 - kind: KafkaConnectS2I - displayName: Kafka Connect S2I - description: Represents a Kafka Connect cluster with Source 2 Image support - specDescriptors: - - description: The desired number of Kafka Connect nodes. - displayName: Connect nodes - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: The address of the bootstrap server - displayName: Bootstrap server - path: bootstrapServers - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: kafkatopics.kafka.strimzi.io - version: v1alpha1 - kind: KafkaTopic - displayName: Kafka Topic - description: Represents a topic inside a Kafka cluster - specDescriptors: - - description: The number of partitions - displayName: Partitions - path: partitions - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: The number of replicas - displayName: Replication factor - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - name: kafkausers.kafka.strimzi.io - version: v1alpha1 - kind: KafkaUser - displayName: Kafka User - description: Represents a user inside a Kafka cluster - specDescriptors: - - description: Authentication type - displayName: Authentication type - path: authentication.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Authorization type - displayName: Authorization type - path: authorization.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: etcdoperator.v0.6.1 - namespace: placeholder - annotations: - tectonic-visibility: ocs - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - **High availability** - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - **Automated updates** - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - **Backups included** - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.6.1 - maturity: alpha - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-status-descriptors: etcdoperator.v0.6.1 - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - verbs: - - "*" - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:bd944a211eaf8f31da5e6d69e8541e7cada8f16a9f7a5a570b22478997819943 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: service - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: etcdoperator.v0.9.0 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdCluster","metadata":{"name":"example","namespace":"default"},"spec":{"size":3,"version":"3.2.13"}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdRestore","metadata":{"name":"example-etcd-cluster"},"spec":{"etcdCluster":{"name":"example-etcd-cluster"},"backupStorageType":"S3","s3":{"path":"","awsSecret":""}}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdBackup","metadata":{"name":"example-etcd-cluster-backup"},"spec":{"etcdEndpoints":[""],"storageType":"S3","s3":{"path":"","awsSecret":""}}}]' - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - - - **Automated updates** - - - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - - - **Backups included** - - - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.9.0 - maturity: alpha - replaces: etcdoperator.v0.6.1 - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - - etcdbackups - - etcdrestores - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-backup-operator - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - command: - - etcd-backup-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-restore-operator - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - command: - - etcd-restore-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: pod.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdbackups.etcd.database.coreos.com - version: v1beta2 - kind: EtcdBackup - displayName: etcd Backup - description: Represents the intent to backup an etcd cluster. - specDescriptors: - - description: Specifies the endpoints of an etcd cluster. - displayName: etcd Endpoint(s) - path: etcdEndpoints - x-descriptors: - - 'urn:alm:descriptor:etcd:endpoint' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the backup was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any backup related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdrestores.etcd.database.coreos.com - version: v1beta2 - kind: EtcdRestore - displayName: etcd Restore - description: Represents the intent to restore an etcd cluster from a backup. - specDescriptors: - - description: References the EtcdCluster which should be restored, - displayName: etcd Cluster - path: etcdCluster.name - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:EtcdCluster' - - 'urn:alm:descriptor:text' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the restore was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any restore related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: etcdoperator.v0.9.2 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdCluster","metadata":{"name":"example","namespace":"default"},"spec":{"size":3,"version":"3.2.13"}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdRestore","metadata":{"name":"example-etcd-cluster"},"spec":{"etcdCluster":{"name":"example-etcd-cluster"},"backupStorageType":"S3","s3":{"path":"","awsSecret":""}}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdBackup","metadata":{"name":"example-etcd-cluster-backup"},"spec":{"etcdEndpoints":[""],"storageType":"S3","s3":{"path":"","awsSecret":""}}}]' - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - - - **Automated updates** - - - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - - - **Backups included** - - - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.9.2 - maturity: alpha - replaces: etcdoperator.v0.9.0 - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - - etcdbackups - - etcdrestores - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-backup-operator - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - command: - - etcd-backup-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-restore-operator - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - command: - - etcd-restore-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: pod.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdbackups.etcd.database.coreos.com - version: v1beta2 - kind: EtcdBackup - displayName: etcd Backup - description: Represents the intent to backup an etcd cluster. - specDescriptors: - - description: Specifies the endpoints of an etcd cluster. - displayName: etcd Endpoint(s) - path: etcdEndpoints - x-descriptors: - - 'urn:alm:descriptor:etcd:endpoint' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the backup was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any backup related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdrestores.etcd.database.coreos.com - version: v1beta2 - kind: EtcdRestore - displayName: etcd Restore - description: Represents the intent to restore an etcd cluster from a backup. - specDescriptors: - - description: References the EtcdCluster which should be restored, - displayName: etcd Cluster - path: etcdCluster.name - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:EtcdCluster' - - 'urn:alm:descriptor:text' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the restore was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any restore related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: federationv2.v0.0.2 - spec: - displayName: FederationV2 - description: | - Kubernetes Federation V2 namespace-scoped installation - version: 0.0.2 - maturity: alpha - provider: - name: Red Hat, Inc - labels: - alm-owner-federationv2: federationv2 - alm-status-descriptors: federationv2.v0.0.2 - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: federation-controller-manager - rules: - - apiGroups: - - clusterregistry.k8s.io - resources: - - clusters - verbs: - - "*" - - apiGroups: - - core.federation.k8s.io - resources: - - "*" - verbs: - - "*" - - apiGroups: - - multiclusterdns.federation.k8s.io - resources: - - "*" - verbs: - - "*" - - apiGroups: - - scheduling.federation.k8s.io - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - "*" - # TODO(font): use statefulset - deployments: - - name: federation-controller-manager - spec: - replicas: 1 - selector: - matchLabels: - app: federation-controller-manager - template: - metadata: - labels: - app: federation-controller-manager - spec: - containers: - - name: controller-manager - image: quay.io/kubernetes-multicluster/federation-v2:v0.0.2-rc.1 - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 64Mi - command: - - /root/controller-manager - args: - - --federation-namespace=$(FEDERATION_NAMESPACE) - - --install-crds=false - - --limited-scope=true - - --registry-namespace=$(CLUSTER_REGISTRY_NAMESPACE) - imagePullPolicy: Always - env: - - name: FEDERATION_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CLUSTER_REGISTRY_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - restartPolicy: Always - terminationGracePeriodSeconds: 5 - serviceAccountName: federation-controller-manager - serviceAccount: federation-controller-manager - customresourcedefinitions: - owned: - # TODO(font): Move Cluster CRD to required once OLM supports CSVs - # without a deployment. - - description: Represents an instance of a Cluster Registry - displayName: Cluster Registry Application - kind: Cluster - name: clusters.clusterregistry.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedCluster resource - displayName: FederatedCluster Resource - kind: FederatedCluster - name: federatedclusters.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedConfigMap resource - displayName: FederatedConfigMap Resource - kind: FederatedConfigMap - name: federatedconfigmaps.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedConfigMapOverride resource - displayName: FederatedConfigMapOverride Resource - kind: FederatedConfigMapOverride - name: federatedconfigmapoverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedConfigMapPlacement resource - displayName: FederatedConfigMapPlacement Resource - kind: FederatedConfigMapPlacement - name: federatedconfigmapplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedDeployment resource - displayName: FederatedDeployment Resource - kind: FederatedDeployment - name: federateddeployments.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedDeploymentOverride resource - displayName: FederatedDeploymentOverride Resource - kind: FederatedDeploymentOverride - name: federateddeploymentoverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedDeploymentPlacement resource - displayName: FederatedDeploymentPlacement Resource - kind: FederatedDeploymentPlacement - name: federateddeploymentplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedIngress resource - displayName: FederatedIngress Resource - kind: FederatedIngress - name: federatedingresses.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedIngressPlacement resource - displayName: FederatedIngressPlacement Resource - kind: FederatedIngressPlacement - name: federatedingressplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedJob resource - displayName: FederatedJob Resource - kind: FederatedJob - name: federatedjobs.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedJobOverride resource - displayName: FederatedJobOverride Resource - kind: FederatedJobOverride - name: federatedjoboverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedJobPlacement resource - displayName: FederatedJobPlacement Resource - kind: FederatedJobPlacement - name: federatedjobplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedNamespacePlacement resource - displayName: FederatedNamespacePlacement Resource - kind: FederatedNamespacePlacement - name: federatednamespaceplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedReplicaSet resource - displayName: FederatedReplicaSet Resource - kind: FederatedReplicaSet - name: federatedreplicasets.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedReplicaSetOverride resource - displayName: FederatedReplicaSetOverride Resource - kind: FederatedReplicaSetOverride - name: federatedreplicasetoverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedReplicaSetPlacement resource - displayName: FederatedReplicaSetPlacement Resource - kind: FederatedReplicaSetPlacement - name: federatedreplicasetplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedSecret resource - displayName: FederatedSecret Resource - kind: FederatedSecret - name: federatedsecrets.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedSecretOverride resource - displayName: FederatedSecretOverride Resource - kind: FederatedSecretOverride - name: federatedsecretoverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedSecretPlacement resource - displayName: FederatedSecretPlacement Resource - kind: FederatedSecretPlacement - name: federatedsecretplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedService resource - displayName: FederatedService Resource - kind: FederatedService - name: federatedservices.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedServiceAccount resource - displayName: FederatedServiceAccount Resource - kind: FederatedServiceAccount - name: federatedserviceaccounts.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedServiceAccountPlacement resource - displayName: FederatedServiceAccountPlacement Resource - kind: FederatedServiceAccountPlacement - name: federatedserviceaccountplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedServicePlacement resource - displayName: FederatedServicePlacement Resource - kind: FederatedServicePlacement - name: federatedserviceplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederationV2 sync controller - displayName: FederationV2 Push Reconciler Application - kind: FederatedTypeConfig - name: federatedtypeconfigs.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a PropagatedVersion resource - displayName: PropagatedVersion Resource - kind: PropagatedVersion - name: propagatedversions.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a DNSEndpoint resource - displayName: DNSEndpoint Resource - kind: DNSEndpoint - name: dnsendpoints.multiclusterdns.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a MultiClusterIngressDNSRecord resource - displayName: MultiClusterIngressDNSRecord Resource - kind: MultiClusterIngressDNSRecord - name: multiclusteringressdnsrecords.multiclusterdns.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a MultiClusterServiceDNSRecord resource - displayName: MultiClusterServiceDNSRecord Resource - kind: MultiClusterServiceDNSRecord - name: multiclusterservicednsrecords.multiclusterdns.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a ReplicaSchedulingPreference resource - displayName: ReplicaSchedulingPreference Resource - kind: ReplicaSchedulingPreference - name: replicaschedulingpreferences.scheduling.federation.k8s.io - version: v1alpha1 - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: prometheusoperator.0.14.0 - namespace: placeholder - spec: - displayName: Prometheus - description: | - An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. - - _The Prometheus Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Monitoring applications - - Prometheus scrapes your application metrics based on targets maintained in a ServiceMonitor object. When alerts need to be sent, they are processsed by an AlertManager. - - [Read the complete guide to monitoring applications with the Prometheus Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/prometheus-ocs.html) - - ## Supported Features - - **High availability** - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - **Updates via automated operations** - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - **Handles the dynamic nature of containers** - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator Source Code - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.14.0 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-14-0 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: ["get", "list"] - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - servicemonitors - verbs: - - "*" - - apiGroups: - - apps - resources: - - statefulsets - verbs: ["*"] - - apiGroups: [""] - resources: - - configmaps - - secrets - verbs: ["*"] - - apiGroups: [""] - resources: - - pods - verbs: ["list", "delete"] - - apiGroups: [""] - resources: - - services - - endpoints - verbs: ["get", "create", "update"] - - apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] - - apiGroups: [""] - resources: - - namespaces - verbs: ['list'] - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-14-0 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:5037b4e90dbb03ebdefaa547ddf6a1f748c8eeebeedf6b9d9f0913ad662b5731 - command: - - sh - - -c - - > - /bin/operator --namespace=$K8S_NAMESPACE --crd-apigroup monitoring.coreos.com - --labels alm-status-descriptors=prometheusoperator.0.14.0,alm-owner-prometheus=prometheusoperator - --kubelet-service=kube-system/kubelet - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - maturity: alpha - version: 0.14.0 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:monitoring.coreos.com:v1:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Define resources requests and limits for single Pods - displayName: Resource Request - path: resources.requests - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The current number of Pods for the cluster - displayName: Cluster Size - path: replicas - - path: prometheusSelector - displayName: Prometheus Service Selector - description: Label selector to find the service that routes to this prometheus - x-descriptors: - - 'urn:alm:descriptor:label:selector' - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Selector to select which namespaces the Endpoints objects are discovered from - displayName: Monitoring Namespaces - path: namespaceSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:namespaceSelector' - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alert Manager - description: Configures an Alert Manager for the namespace - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: prometheusoperator.0.15.0 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v1.7.0","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' - spec: - replaces: prometheusoperator.0.14.0 - displayName: Prometheus - description: | - An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. - - _The Prometheus Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Monitoring applications - - Prometheus scrapes your application metrics based on targets maintained in a ServiceMonitor object. When alerts need to be sent, they are processsed by an AlertManager. - - [Read the complete guide to monitoring applications with the Prometheus Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/prometheus-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - - - **Updates via automated operations** - - - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - - - **Handles the dynamic nature of containers** - - - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator Source Code - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.15.0 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-14-0 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: ["get", "list"] - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - servicemonitors - verbs: - - "*" - - apiGroups: - - apps - resources: - - statefulsets - verbs: ["*"] - - apiGroups: [""] - resources: - - configmaps - - secrets - verbs: ["*"] - - apiGroups: [""] - resources: - - pods - verbs: ["list", "delete"] - - apiGroups: [""] - resources: - - services - - endpoints - verbs: ["get", "create", "update"] - - apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] - - apiGroups: [""] - resources: - - namespaces - verbs: ['list'] - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-14-0 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:0e92dd9b5789c4b13d53e1319d0a6375bcca4caaf0d698af61198061222a576d - command: - - sh - - -c - - > - /bin/operator --namespace=$K8S_NAMESPACE --crd-apigroup monitoring.coreos.com - --labels alm-status-descriptors=prometheusoperator.0.15.0,alm-owner-prometheus=prometheusoperator - --kubelet-service=kube-system/kubelet - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - maturity: alpha - version: 0.15.0 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:monitoring.coreos.com:v1:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The current number of Pods for the cluster - displayName: Cluster Size - path: replicas - - path: prometheusSelector - displayName: Prometheus Service Selector - description: Label selector to find the service that routes to this prometheus - x-descriptors: - - 'urn:alm:descriptor:label:selector' - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Selector to select which namespaces the Endpoints objects are discovered from - displayName: Monitoring Namespaces - path: namespaceSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:namespaceSelector' - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alert Manager - description: Configures an Alert Manager for the namespace - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: prometheusoperator.0.22.2 - namespace: placeholder - annotations: - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","securityContext": {}, "serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus"}},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3, "securityContext": {}}}]' - spec: - replaces: prometheusoperator.0.15.0 - displayName: Prometheus Operator - description: | - The Prometheus Operator for Kubernetes provides easy monitoring definitions for Kubernetes services and deployment and management of Prometheus instances. - - Once installed, the Prometheus Operator provides the following features: - - * **Create/Destroy**: Easily launch a Prometheus instance for your Kubernetes namespace, a specific application or team easily using the Operator. - - * **Simple Configuration**: Configure the fundamentals of Prometheus like versions, persistence, retention policies, and replicas from a native Kubernetes resource. - - * **Target Services via Labels**: Automatically generate monitoring target configurations based on familiar Kubernetes label queries; no need to learn a Prometheus specific configuration language. - - ### Other Supported Features - - **High availability** - - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - - **Updates via automated operations** - - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - - **Handles the dynamic nature of containers** - - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - - provider: - name: Red Hat - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.22.2 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-22-2 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - '*' - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - prometheuses/finalizers - - alertmanagers/finalizers - - servicemonitors - - prometheusrules - verbs: - - '*' - - apiGroups: - - apps - resources: - - statefulsets - verbs: - - '*' - - apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - '*' - - apiGroups: - - "" - resources: - - pods - verbs: - - list - - delete - - apiGroups: - - "" - resources: - - services - - endpoints - verbs: - - get - - create - - update - - apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - list - - watch - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-22-2 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:3daa69a8c6c2f1d35dcf1fe48a7cd8b230e55f5229a1ded438f687debade5bcf - args: - - -namespace=$(K8S_NAMESPACE) - - -manage-crds=false - - -logtostderr=true - - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - - --prometheus-config-reloader=quay.io/coreos/prometheus-config-reloader:v0.22.2 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - nodeSelector: - beta.kubernetes.io/os: linux - maturity: beta - version: 0.22.2 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:monitoring.coreos.com:v1:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: prometheusrules.monitoring.coreos.com - version: v1 - kind: PrometheusRule - displayName: Prometheus Rule - description: A Prometheus Rule configures groups of sequentially evaluated recording and alerting rules. - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alertmanager - description: Configures an Alertmanager for the namespace - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: svcat.v0.1.34 - namespace: placeholder - spec: - displayName: Service Catalog - description: Service Catalog lets you provision cloud services directly from the comfort of native Kubernetes tooling. This project is in incubation to bring integration with service brokers to the Kubernetes ecosystem via the Open Service Broker API. - keywords: ['catalog', 'service', 'svcat', 'osb', 'broker'] - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - provider: - name: Red Hat - links: - - name: Documentation - url: https://svc-cat.io/docs - - name: Service Catalog - url: https://github.com/kubernetes-incubator/service-catalog - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: svcat-controller-manager - rules: - - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["cluster-info"] - verbs: ["get","create","list","watch","update"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create"] - - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["service-catalog-controller-manager"] - verbs: ["get","update"] - clusterPermissions: - - serviceAccountName: svcat-controller-manager - rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["create","patch","update"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get","create","update","delete"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get","list","update", "patch", "watch", "delete", "initialize"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get","list","watch"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["clusterserviceclasses"] - verbs: ["get","list","watch","create","patch","update","delete"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["clusterserviceplans"] - verbs: ["get","list","watch","create","patch","update","delete"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["clusterservicebrokers"] - verbs: ["get","list","watch"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["serviceinstances","servicebindings"] - verbs: ["get","list","watch", "update"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["clusterservicebrokers/status","clusterserviceclasses/status","clusterserviceplans/status","serviceinstances/status","serviceinstances/reference","servicebindings/status"] - verbs: ["update"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["serviceclasses"] - verbs: ["get","list","watch","create","patch","update","delete"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["serviceplans"] - verbs: ["get","list","watch","create","patch","update","delete"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["servicebrokers"] - verbs: ["get","list","watch"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["servicebrokers/status","serviceclasses/status","serviceplans/status"] - verbs: ["update"] - - serviceAccountName: service-catalog-apiserver - rules: - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "watch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch"] - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] - deployments: - - name: svcat-catalog-apiserver - spec: - replicas: 1 - strategy: - type: RollingUpdate - selector: - matchLabels: - app: svcat-catalog-apiserver - template: - metadata: - labels: - app: svcat-catalog-apiserver - spec: - serviceAccountName: "service-catalog-apiserver" - containers: - - name: apiserver - image: quay.io/kubernetes-service-catalog/service-catalog:v0.1.34 - imagePullPolicy: Always - resources: - limits: - cpu: 100m - memory: 30Mi - requests: - cpu: 100m - memory: 20Mi - args: - - apiserver - - --enable-admission-plugins - - "NamespaceLifecycle,DefaultServicePlan,ServiceBindingsLifecycle,ServicePlanChangeValidator,BrokerAuthSarCheck" - - --secure-port - - "5443" - - --etcd-servers - - http://localhost:2379 - - -v - - "10" - - --feature-gates - - OriginatingIdentity=true - - --feature-gates - - ServicePlanDefaults=false - ports: - - containerPort: 5443 - volumeMounts: - - name: apiservice-cert - mountPath: /var/run/kubernetes-service-catalog - readinessProbe: - httpGet: - port: 5443 - path: /healthz - scheme: HTTPS - failureThreshold: 1 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - livenessProbe: - httpGet: - port: 5443 - path: /healthz - scheme: HTTPS - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - - name: etcd - image: quay.io/coreos/etcd:latest - imagePullPolicy: Always - resources: - limits: - cpu: 100m - memory: 40Mi - requests: - cpu: 100m - memory: 30Mi - env: - - name: ETCD_DATA_DIR - value: /etcd-data-dir - command: - - /usr/local/bin/etcd - - --listen-client-urls - - http://0.0.0.0:2379 - - --advertise-client-urls - - http://localhost:2379 - ports: - - containerPort: 2379 - volumeMounts: - - name: etcd-data-dir - mountPath: /etcd-data-dir - readinessProbe: - httpGet: - port: 2379 - path: /health - failureThreshold: 1 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - livenessProbe: - httpGet: - port: 2379 - path: /health - failureThreshold: 3 - initialDelaySeconds: 10 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - volumes: - - name: etcd-data-dir - emptyDir: {} - - name: svcat-controller-manager - spec: - replicas: 1 - strategy: - type: RollingUpdate - selector: - matchLabels: - app: svcat-controller-manager - template: - metadata: - labels: - app: svcat-controller-manager - spec: - serviceAccountName: svcat-controller-manager - containers: - - name: controller-manager - image: quay.io/kubernetes-service-catalog/service-catalog:v0.1.34 - imagePullPolicy: Always - resources: - limits: - cpu: 100m - memory: 30Mi - requests: - cpu: 100m - memory: 20Mi - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - args: - - controller-manager - - --secure-port - - "8444" - - "--cluster-id-configmap-namespace=default" - - "--leader-elect=false" - - -v - - "10" - - --resync-interval - - 5m - - --broker-relist-interval - - 24h - - --feature-gates - - OriginatingIdentity=true - - --feature-gates - - ServicePlanDefaults=false - ports: - - containerPort: 8444 - readinessProbe: - httpGet: - port: 8444 - path: /healthz - scheme: HTTPS - failureThreshold: 1 - initialDelaySeconds: 20 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - livenessProbe: - httpGet: - port: 8444 - path: /healthz - scheme: HTTPS - failureThreshold: 3 - initialDelaySeconds: 20 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - maturity: alpha - version: 0.1.34 - apiservicedefinitions: - owned: - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ClusterServiceClass - displayName: ClusterServiceClass - description: A service catalog resource - deploymentName: svcat-catalog-apiserver - containerPort: 5443 - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ClusterServicePlan - displayName: ClusterServicePlan - description: A service catalog resource - deploymentName: svcat-catalog-apiserver - containerPort: 5443 - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ClusterServiceBroker - displayName: ClusterServiceBroker - description: A service catalog resource - deploymentName: svcat-catalog-apiserver - containerPort: 5443 - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ServiceInstance - displayName: ServiceInstance - description: A service catalog resource - deploymentName: svcat-catalog-apiserver - containerPort: 5443 - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ServiceBinding - displayName: ServiceBinding - description: A service catalog resource - deploymentName: svcat-catalog-apiserver - containerPort: 5443 - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ServiceClass - displayName: ServiceClass - description: A service catalog resource - deploymentName: svcat-catalog-apiserver - containerPort: 5443 - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ServicePlan - displayName: ServicePlan - description: A service catalog resource - deploymentName: svcat-catalog-apiserver - containerPort: 5443 - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ServiceBroker - displayName: ServiceBroker - description: A service catalog resource - deploymentName: svcat-catalog-apiserver - containerPort: 5443 - customresourcedefinitions: - required: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: service - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - packages: |- - - #! package-manifest: ./deploy/chart/catalog_resources/rh-operators/amq-streams.v1.0.0-clusterserviceversion - packageName: amq-streams - channels: - - name: preview - currentCSV: amqstreams.v1.0.0.beta - - - #! package-manifest: ./deploy/chart/catalog_resources/rh-operators/etcdoperator.v0.9.2.clusterserviceversion.yaml - packageName: etcd - channels: - - name: alpha - currentCSV: etcdoperator.v0.9.2 - - - packageName: federationv2 - channels: - - name: alpha - currentCSV: federationv2.v0.0.2 - - - #! package-manifest: ./deploy/chart/catalog_resources/rh-operators/prometheusoperator.0.22.2.clusterserviceversion.yaml - packageName: prometheus - channels: - - name: preview - currentCSV: prometheusoperator.0.22.2 - - - #! package-manifest: ./deploy/chart/catalog_resources/rh-operators/svcat.v0.1.34.clusterserviceversion.yaml - packageName: svcat - channels: - - name: alpha - currentCSV: svcat.v0.1.34 - - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_09-rh-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_09-rh-operators.catalogsource.yaml deleted file mode 100644 index cf3f008840..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_09-rh-operators.catalogsource.yaml +++ /dev/null @@ -1,16 +0,0 @@ -##--- -# Source: olm/templates/0000_30_09-rh-operators.catalogsource.yaml - -#! validate-crd: ./deploy/chart/templates/05-catalogsource.crd.yaml -#! parse-kind: CatalogSource -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: rh-operators - namespace: olm -spec: - sourceType: internal - configMap: rh-operators - displayName: Red Hat Operators - publisher: Red Hat - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_10-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_10-olm-operator.deployment.yaml deleted file mode 100644 index 412be3b46f..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_10-olm-operator.deployment.yaml +++ /dev/null @@ -1,47 +0,0 @@ -##--- -# Source: olm/templates/0000_30_10-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: olm - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - image: quay.io/coreos/olm@sha256:3f3909a6bdf6f4bf429e114832c8cfc03c731f9403b91417d5dc246ad0448772 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - env: - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator - imagePullSecrets: - - name: coreos-pull-secret diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_11-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_11-catalog-operator.deployment.yaml deleted file mode 100644 index a149519e1e..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_11-catalog-operator.deployment.yaml +++ /dev/null @@ -1,42 +0,0 @@ -##--- -# Source: olm/templates/0000_30_11-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: olm - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - - '-namespace' - - olm - image: quay.io/coreos/olm@sha256:3f3909a6bdf6f4bf429e114832c8cfc03c731f9403b91417d5dc246ad0448772 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - imagePullSecrets: - - name: coreos-pull-secret diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_12-aggregated.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_12-aggregated.clusterrole.yaml deleted file mode 100644 index e91d70cb0a..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_12-aggregated.clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -##--- -# Source: olm/templates/0000_30_12-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "packagemanifests"] - verbs: ["create", "update", "patch", "delete"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "view" default roles - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "packagemanifests"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_13-packageserver.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_13-packageserver.yaml deleted file mode 100644 index d2c16556fc..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.7.4/0000_30_13-packageserver.yaml +++ /dev/null @@ -1,151 +0,0 @@ -##--- -# Source: olm/templates/0000_30_13-packageserver.yaml -apiVersion: apiregistration.k8s.io/v1beta1 -kind: APIService -metadata: - name: v1alpha1.packages.apps.redhat.com -spec: - caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM5VENDQWQyZ0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFjTVJvd0dBWURWUVFERXhGd1lXTnIKWVdkbExYTmxjblpsY2kxallUQWVGdzB4T0RFd01Ua3hPRFEyTlROYUZ3MHlPREV3TVRZeE9EUTJOVE5hTUJ3eApHakFZQmdOVkJBTVRFWEJoWTJ0aFoyVXRjMlZ5ZG1WeUxXTmhNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUFuMm5NaFJYZ0xoSXhBTjA1TjQ0ZURKeU9aVHFwZmlCUW4vTDg3aXVoYktWZjZXTFoKaU9ERWlaeW1aLzYyRWRrVGRraTJTSEsxOEFIWTBjMXNNb004aXF5d0Nqc25nOEdENG5UbC9YTlBiN2tYMjdxSgo4b3lPbWg0VjE0Q1ROYS8xVFNydW9QM2UzOXFORlZvOGIrMzBmcjVqTlM5emZXN1Vicnd3L1RzRFJvMWdoSUtKClcvSHVRYW9sV3ZRaDRqbGhhRjllTWRoU1Z2T0pENUd3MEpHVUhJU0R1dStCWWZOVURxOUJlS2Y1ZFVRYzkwM2IKN0FtTDFXczdncFkyTXJFOTBPT1lMa0NnalZDMWM5MFUvZThhSHpqVmdodGJrdWNkYkFNVUpmam12WG5aejhFTwpiSnhpRlNkYmRmNUsxVUhzaUVNTEtMN2grNXFQTW5MVVhMUCtrUUlEQVFBQm8wSXdRREFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdEUVlKS29aSWh2Y05BUUVMQlFBRGdnRUJBRWE1TE1CT0xJNnFldjEzTEJaWkRIUDVDYnBwaDRGcwp3TTgycTE3SGFvdEJtNi9SWDZ1d2dKdDNMNHk0UEdvajZ3VTZRMjdhdGhROXEyM3dES0NCVVowMjV6ZkR4WHh4CkpsS2tWMk56TFJheFBGdGRjTEk3Tm8zZUV1Qk1US2dnRTRRUDd0TlI2QUxvU1hqUHhVRHBNS0JjU3dXVm1PRVQKV0NIYW9sYlNBTnQyZUJEYUloS09kVUFNVEZJOUlwSG9UUEdJdzcwWjE0UndUV205L2s1T2FsRVA3RzA2VnJWRQorNlNvNjkyWGhYbExJTDlCdlNRZmswTUJMV1BpUDJWV2s0T1pLMzl2QllsZjNpUTlPQndtUERBOTllSFdnOXZoClZkK215UjBrRnprNFBzVkkya2xkRXdGRjZjTXpzK25Pekl0V1QyZ1NmS1gyMm1tZ2Y5T3J4bkE9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - group: packages.apps.redhat.com - groupPriorityMinimum: 2000 - versionPriority: 15 - service: - name: package-server - namespace: olm - version: v1alpha1 ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: packagemanifest:system:auth-delegator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:auth-delegator -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: packagemanifest-auth-reader - namespace: kube-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: extension-apiserver-authentication-reader -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: packagemanifest-view -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: admin -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: package-apiserver-clusterrolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: aggregated-apiserver-clusterrole -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: v1 -kind: Secret -type: kubernetes.io/tls -metadata: - name: package-server-certs - namespace: olm - labels: - app: package-server -data: - tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURKakNDQWc2Z0F3SUJBZ0lCQVRBTkJna3Foa2lHOXcwQkFRc0ZBREFjTVJvd0dBWURWUVFERXhGd1lXTnIKWVdkbExYTmxjblpsY2kxallUQWVGdzB4T0RFd01Ua3hPRFEyTlRSYUZ3MHhPVEV3TVRreE9EUTJOVFJhTUJreApGekFWQmdOVkJBTVREbkJoWTJ0aFoyVXRjMlZ5ZG1WeU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBCk1JSUJDZ0tDQVFFQW5Ndk52MjZTcTlqeHJPNytOKzY1eDhoSFhFM0h2NnlERUlUYmo4ejFZRHVrL1FKc0VNOHYKOHp1ZThPYWtMT0hvek9qTk85T2RuZWVWNW9pUnl5K0I5ZmRDUWQ5WU9SeUpZZkw1ZFMrUS9UVXNDVFQ3RTFYUApQYnErcmkxTERLUjZWcEFpZGpDV01wbjl4UVNyM1ppN1FuK3NGUUxHS3pkZkhiTmlmYmlXcHlqc3JoM2N0NEVUCjNPSDJRZHRDZitJQVd0N0FrRDZQOWNLMTE2Rlc0RkJsTVdLTFZNd3l3Q3VER0FBV0NCUG5nLzlKbStLNkorR0gKWnk3dnMxRkFpamU3Vjdsa25GM1M4aUJNL09lTVVlVk53Tmx4YzJzYVh6ZlVxUlZySlJFMkFudWJHanA5QndnawpvdXNKY0RYYkRpUFQxNHNKNkVqN2htRTVPbWVxUjA1bm53SURBUUFCbzNZd2REQU9CZ05WSFE4QkFmOEVCQU1DCkJhQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUF3R0ExVWRFd0VCL3dRQ01BQXcKTlFZRFZSMFJCQzR3TElJU2NHRmphMkZuWlMxelpYSjJaWEl1YjJ4dGdoWndZV05yWVdkbExYTmxjblpsY2k1dgpiRzB1YzNaak1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQUREN2YzU3lJOXc4REZ3dUdUU0RJWE1ldDBVTzVMCjBYU0czcEZzbW9jVHNrSDdJUGc3ZXFIanI4cmNjajVZUGUvVENBL2hDcjY4N21KM3dQcVpnYklmZnA1cUMzQVQKVGtHNmlWNU1OZVdUNUlLYWF1cE1GVkNTWkNzZ3hHWlhNNzJWOU9lNFJWcUl0SCtlajNOOHI1U1ZRVmI4OUExdQpTaTRKeS9qeVpJaDY2b1k1RCtwQmFYTlhLbkRCWmlaQ0NINjNHc1hUblk4Z0dGVE1lYkIvbXNFTTl2WnNrZTNMCmsvVW9FUHdLWmVqQmNVd1E3ZjRJdEVaZyt6M2FabU1OUkxnc3QwTlJyNHpLbkNzMzVpUEl1UURHVFhrZ1puMWQKMWhvcnZJcyt0NjIvalpmYms5c1VvZk91YjAyL3dIcXFwcDN4MEtkcHp5S05KbmNpTVh3Y0V0aFUKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBbk12TnYyNlNxOWp4ck83K04rNjV4OGhIWEUzSHY2eURFSVRiajh6MVlEdWsvUUpzCkVNOHY4enVlOE9ha0xPSG96T2pOTzlPZG5lZVY1b2lSeXkrQjlmZENRZDlZT1J5SllmTDVkUytRL1RVc0NUVDcKRTFYUFBicStyaTFMREtSNlZwQWlkakNXTXBuOXhRU3IzWmk3UW4rc0ZRTEdLemRmSGJOaWZiaVdweWpzcmgzYwp0NEVUM09IMlFkdENmK0lBV3Q3QWtENlA5Y0sxMTZGVzRGQmxNV0tMVk13eXdDdURHQUFXQ0JQbmcvOUptK0s2CkorR0haeTd2czFGQWlqZTdWN2xrbkYzUzhpQk0vT2VNVWVWTndObHhjMnNhWHpmVXFSVnJKUkUyQW51YkdqcDkKQndna291c0pjRFhiRGlQVDE0c0o2RWo3aG1FNU9tZXFSMDVubndJREFRQUJBb0lCQUU3WlduMURJTFVVb3V4QgpQMHhuVzd1dzV0bnZMMTBmWnNXZTJqOGxaZHZnQXFkTldZVFdmQm1JU1BTQ045dHVPOEVYN1dXQmxJaTgxakFaClM1L3ZJeDdMR2VIQWJFQkVMbjQ0VHVSMGFDZzlYZ2kvUU9mSFJqR1h3SjRjbnRvYnVIM2hlOE1OeWVwbWNDeHMKbmZVUkFsSjltODd4RnpEU1pwMnNBUUtTR2dpekRVa0hBSGs5cFduZWs5NUJERi9jaWNPNmtBOUZwMG1iM2ZCcApLckhLbVVVZkF5NjIwRis0aUx1TzlzZWw0ZXZuOEJOdC95cXZjdWZ6V3RnTXJ5dllzcmowT0MyTXRubDlPWFZLCjF3b2lnWE9tZFFnNmQwZmFZaS9Dd3k0YlRCUWp0Vlh5MU9CT3drZjNwMVdYc3liNGpYcFR4L1hsdGZ6RW0vU1UKYlVVeHo1RUNnWUVBelhySy8vVHdRNEFQbWxNTGJlRjU1MlJPSmczREdlTWE3aDViaElYMEJWRTRySytCSXZuQgpoaEVvVFFJVFBVSmtLQ0VaUm5WQjdTRTRxMlJkaWdTazhDS3JXVkhsekFLZlp6aHF2ei9iWXB6bDA4cmhVQnBtCjdnRWxmTVlyeUxSbkVkV2xpRVVWeUw5cktNWUR6dTlhLzg1MStBeVBaaVdEaEZ0clQ5WlJUNWNDZ1lFQXcxaksKOW13d0hkVm1WZlgzYnVMTlNFNGdxRHFPUFRvUlJ0ci96NFNoWDk2N2F5QnBSdnZUVHB3eDNWYklFTERIUWx1Qgpmc0R2UFlBbDFIMUFTd0ZFYWMyUzlNWXRsTStjbHZ2SWpveG9KTlp5UFZOb2Ztb3Vab1RaMXh1QitjZkpRWGxHCjBIMDRrUXVPMi9DdDU3OG1vS00yOXp1dWplVDFlRlg5M29DL3FUa0NnWUFQd2hVRFlDTjA2Y05Ja0luVjJXN2gKNGYxa1NiWG1yRllLWU9XZjJpNEdvbDM0VUZWVSsxWnVFNjdGaVIwMG0zelczd0x6TmxiaCtxUS84S2lEeHl0bgpCeUdnN2ZqemxsZm5NSnB2SkZTTTBYK0dxSTV5K0ROZ21WSG9xY0g5MkdmM0pDMVhzQVNscXBoclBoUllzRjZJCk02czBaTEl5b1RuZTBxditLVzkrN1FLQmdRQzRHRHZlRTRNYytubGcxVmFEMTVYaWFFNTZmQVNFU3U3eE9YNE8KMFUxTGpocE9FTk5tSS9pMWdwbXpvQThYTzZIdE5WTktZd1NUanVzWDM1bnhsWllscDZpd3FQdFgzSGdVQ2VDdQpCa0EzUnltT0JjYmFLN0xpeHB5TkRjMWwyaFFlY2U1OG1TWHYrMVo4aThzNE5YcHZ0S0VlU2M1c3hyTlczcU5MClIwWlljUUtCZ1FDK0N0aUF1UFJTWlpIQWc2Q0tKUGZZRzFqUkdBRzVVZG5STTRXcTdPQ3ZZZUZobzZkU3NUOWsKeFJrejdUQ1QrNjJDVUZRWis2elJxUkwxMHp4bVhDVVlHa1B1b1E0c3lmWTB6R0NuSlpka0dVempKNWtuWjN1eApMYUJrbFowTUF5OGV2S1NkSit2RWhJR2NZQ2poL1RqT1EzTTlHQWFqME1OSDB2bURuOXowalE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= ---- -apiVersion: apps/v1beta1 -kind: Deployment -metadata: - name: package-server - namespace: olm - labels: - app: package-server -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: package-server - template: - metadata: - labels: - app: package-server - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: package-server - command: - - /bin/package-server - - -v=4 - - --secure-port=5443 - - --global-namespace - - olm - image: quay.io/coreos/olm@sha256:3f3909a6bdf6f4bf429e114832c8cfc03c731f9403b91417d5dc246ad0448772 - imagePullPolicy: Always - ports: - - containerPort: 5443 - volumeMounts: - - name: certs - mountPath: /apiserver.local.config/certificates - readOnly: true - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - volumes: - - name: certs - secret: - secretName: package-server-certs - items: - - key: tls.crt - path: apiserver.crt - - key: tls.key - path: apiserver.key - imagePullSecrets: - - name: coreos-pull-secret ---- -apiVersion: v1 -kind: Service -metadata: - name: package-server - namespace: olm -spec: - ports: - - port: 443 - protocol: TCP - targetPort: 5443 - selector: - app: package-server diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_00-namespace.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_00-namespace.yaml deleted file mode 100644 index eea04be798..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_00-namespace.yaml +++ /dev/null @@ -1,15 +0,0 @@ -##--- -# Source: olm/templates/0000_30_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: olm - labels: - openshift.io/run-level: "1" ---- -apiVersion: v1 -kind: Namespace -metadata: - name: operators - labels: - openshift.io/run-level: "1" diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_01-olm-operator.serviceaccount.yaml deleted file mode 100644 index e75e22e51b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,31 +0,0 @@ -##--- -# Source: olm/templates/0000_30_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] ---- -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-olm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_02-clusterserviceversion.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_02-clusterserviceversion.crd.yaml deleted file mode 100644 index 55ec962996..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_02-clusterserviceversion.crd.yaml +++ /dev/null @@ -1,760 +0,0 @@ -##--- -# Source: olm/templates/0000_30_02-clusterserviceversion.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterserviceversions.operators.coreos.com - annotations: - displayName: Operator Version - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. -spec: - names: - plural: clusterserviceversions - singular: clusterserviceversion - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - shortNames: - - csv - - csvs - categories: - - olm - additionalPrinterColumns: - - name: Display - type: string - description: The name of the CSV - JSONPath: .spec.displayName - - name: Version - type: string - description: The version of the CSV - JSONPath: .spec.version - - name: Replaces - type: string - description: The name of a CSV that this one replaces - JSONPath: .spec.replaces - - name: Phase - type: string - JSONPath: .status.phase - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for a ClusterServiceVersion - required: - - displayName - - install - properties: - displayName: - type: string - description: Human readable name of the application that will be displayed in the ALM UI - - description: - type: string - description: Human readable description of what the application does - - keywords: - type: array - description: List of keywords which will be used to discover and categorize app types - items: - type: string - - maintainers: - type: array - description: Those responsible for the creation of this specific app type - items: - type: object - description: Information for a single maintainer - required: - - name - - email - properties: - name: - type: string - description: Maintainer's name - email: - type: string - description: Maintainer's email address - format: email - optionalProperties: - type: string - description: "Any additional key-value metadata you wish to expose about the maintainer, e.g. github: " - - links: - type: array - description: Interesting links to find more information about the project, such as marketing page, documentation, or github page - items: - type: object - description: A single link to describe one aspect of the project - required: - - name - - url - properties: - name: - type: string - description: Name of the link type, e.g. homepage or github url - url: - type: string - description: URL to which the link should point - format: uri - - icon: - type: array - description: Icon which should be rendered with the application information - required: - - base64data - - mediatype - properties: - base64data: - type: string - description: Base64 binary representation of the icon image - pattern: ^(?:[A-Za-z0-9+/]{4}){0,16250}(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$ - mediatype: - type: string - description: Mediatype for the binary data specified in the base64data property - enum: - - image/gif - - image/jpeg - - image/png - - image/svg+xml - version: - type: string - description: Version string, recommended that users use semantic versioning - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - replaces: - type: string - description: Name of the ClusterServiceVersion custom resource that this version replaces - - maturity: - type: string - description: What level of maturity the software has achieved at this version - enum: - - planning - - pre-alpha - - alpha - - beta - - stable - - mature - - inactive - - deprecated - labels: - type: object - description: Labels that will be applied to associated resources created by the operator. - selector: - type: object - description: Label selector to find resources associated with or managed by the operator - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - nativeAPIs: - type: array - description: What resources are required by the Operator, but must be provided by the underlying cluster and not as an extension. - items: - type: object - required: - - group - - version - - kind - properties: - group: - type: string - description: Group of the API resource - version: - type: string - description: Version of the API resource - kind: - type: string - description: Kind of the API resource - apiservicedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - name - - deploymentName - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - name: - type: string - description: The plural name for the APIService provided - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the APIService - required: - - kind - - version - properties: - name: - type: string - description: If a APIService, the fully qualified name of the APIService (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the API resource and can be found here instead of on the API resource. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the APIService resource. - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this spec is the same for all instances of the API Resource and can be found here instead of on the API resource. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - description: If present, the value of this action is the same for all instances of the API resource and can be found here instead of on the API resource. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - name - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - name: - type: string - description: The plural name for the APIService provided - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the APIService - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API Resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the API Resource and can be found here instead of on the API Resource. - - customresourcedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the CRD - required: - - kind - - version - properties: - name: - type: string - description: If a CRD, the fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this spec is the same for all instances of the CRD and can be found here instead of on the CR. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - description: If present, the value of this action is the same for all instances of the CRD and can be found here instead of on the CR. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - - - install: - type: object - description: Information required to install this specific version of the operator software - oneOf: - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['image'] - spec: - type: object - required: - - image - properties: - image: - type: string - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['deployment'] - spec: - type: object - required: - - deployments - properties: - installModes: - type: array - description: List of supported install modes for the operator - items: - type: object - description: A tuple representing a mode of installation and whether the operator supports it - required: - - type - - supported - properties: - type: - type: string - description: A type of install mode - enum: - - OwnNamespace - - SingleNamespace - - MultiNamespace - - AllNamespaces - supported: - type: boolean - description: Represents if the install mode type is supported - deployments: - type: array - description: List of deployments to create - items: - type: object - description: A name and deployment to create in the cluster - required: - - name - - spec - properties: - name: - type: string - description: the consistent name of the deployment - spec: - type: object - description: The deployment spec to create in the cluster - permissions: - type: array - description: Permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - assign - - get - - list - - watch - - create - - update - - patch - - delete - - deletecollection - - initialize - clusterPermissions: - type: array - description: Cluster permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - required: - - verbs - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - nonResourceURLs: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - assign - - get - - list - - watch - - create - - update - - patch - - put - - post - - delete - - deletecollection - - initialize - - use - status: - type: object - description: Status for a ClusterServiceVersion diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_03-installplan.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_03-installplan.crd.yaml deleted file mode 100644 index 1cdf63651a..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_03-installplan.crd.yaml +++ /dev/null @@ -1,79 +0,0 @@ -##--- -# Source: olm/templates/0000_30_03-installplan.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: installplans.operators.coreos.com - annotations: - displayName: Install Plan - description: Represents a plan to install and resolve dependencies for Cluster Services -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: installplans - singular: installplan - kind: InstallPlan - listKind: InstallPlanList - shortNames: - - ip - categories: - - olm - additionalPrinterColumns: - - name: CSV - type: string - description: The first CSV in the list of clusterServiceVersionNames - JSONPath: .spec.clusterServiceVersionNames[0] - - name: Source - type: string - description: The catalog source for the specified CSVs. - JSONPath: .spec.source - - name: Approval - type: string - description: The approval mode - JSONPath: .spec.approval - - name: Approved - type: boolean - JSONPath: .spec.approved - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for an InstallPlan - required: - - clusterServiceVersionNames - - approval - properties: - source: - type: string - description: Name of the preferred CatalogSource - sourceNamespace: - type: string - description: Namespace that contains the preffered CatalogSource - clusterServiceVersionNames: - type: array - description: A list of the names of the Cluster Services - items: - type: string - anyOf: - - properties: - approval: - enum: - - Manual - approved: - type: boolean - required: - - approved - - properties: - approval: - enum: - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_04-subscription.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_04-subscription.crd.yaml deleted file mode 100644 index 9894ebd30c..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_04-subscription.crd.yaml +++ /dev/null @@ -1,74 +0,0 @@ -##--- -# Source: olm/templates/0000_30_04-subscription.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.operators.coreos.com - annotations: - displayName: Subscription - description: Subcribes service catalog to a source and channel to recieve updates for packages. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: subscriptions - singular: subscription - kind: Subscription - listKind: SubscriptionList - shortNames: - - sub - - subs - categories: - - olm - additionalPrinterColumns: - - name: Package - type: string - description: The package subscribed to - JSONPath: .spec.name - - name: Source - type: string - description: The catalog source for the specified package - JSONPath: .spec.source - - name: Channel - type: string - description: The channel of updates to subscribe to - JSONPath: .spec.channel - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for a Subscription - required: - - source - - name - properties: - source: - type: string - description: Name of a CatalogSource that defines where and how to find the channel - sourceNamespace: - type: string - description: The Kubernetes namespace where the CatalogSource used is located - name: - type: string - description: Name of the package that defines the application - channel: - type: string - description: Name of the channel to track - startingCSV: - type: string - description: Name of the AppType that this subscription tracks - installPlanApproval: - type: string - description: Approval mode for emitted InstallPlans - enum: - - Manual - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_05-catalogsource.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_05-catalogsource.crd.yaml deleted file mode 100644 index 0b17256bd2..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_05-catalogsource.crd.yaml +++ /dev/null @@ -1,120 +0,0 @@ -##--- -# Source: olm/templates/0000_30_05-catalogsource.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: catalogsources.operators.coreos.com - annotations: - displayName: CatalogSource - description: A source configured to find packages and updates. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: catalogsources - singular: catalogsource - kind: CatalogSource - listKind: CatalogSourceList - shortNames: - - catsrc - categories: - - olm - additionalPrinterColumns: - - name: Name - type: string - description: The pretty name of the catalog - JSONPath: .spec.displayName - - name: Type - type: string - description: The type of the catalog - JSONPath: .spec.sourceType - - name: Publisher - type: string - description: The publisher of the catalog - JSONPath: .spec.publisher - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for a catalog source. - required: - - sourceType - properties: - sourceType: - type: string - description: The type of the source. `configmap` is the new name for `internal` - enum: - - internal # deprecated - - configmap - - configMap: - type: string - description: The name of a ConfigMap that holds the entries for an in-memory catalog. - - displayName: - type: string - description: Pretty name for display - - publisher: - type: string - description: The name of an entity that publishes this catalog - - secrets: - type: array - description: A set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. - items: - type: string - description: A name of a secret in the namespace where the CatalogSource is defined. - status: - type: object - description: The status of the CatalogSource - properties: - configMapReference: - type: object - description: If sourceType is `internal` or `configmap`, then this holds a reference to the configmap associated with this CatalogSource. - properties: - name: - type: string - description: name of the configmap - namespace: - type: string - description: namespace of the configmap - resourceVersion: - type: string - description: resourceVersion of the configmap - uid: - type: string - description: uid of the configmap - registryService: - type: object - properties: - protocol: - type: string - description: protocol of the registry service - enum: - - grpc - serviceName: - type: string - description: name of the registry service - serviceNamespace: - type: string - description: namespace of the registry service - port: - type: string - description: port of the registry service - lastSync: - type: string - description: the last time the catalog was updated. If this time is less than the last updated time on the object, the catalog will be re-cached. - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_06-rh-operators.configmap.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_06-rh-operators.configmap.yaml deleted file mode 100644 index 7f926ea867..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_06-rh-operators.configmap.yaml +++ /dev/null @@ -1,13200 +0,0 @@ -##--- -# Source: olm/templates/0000_30_06-rh-operators.configmap.yaml - -kind: ConfigMap -apiVersion: v1 -metadata: - name: rh-operators - namespace: olm - -data: - customResourceDefinitions: |- - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: alertmanagers.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: Alertmanager - plural: alertmanagers - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: 'Specification of the desired behavior of the Alertmanager - cluster. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - affinity: - description: Affinity is a group of affinity scheduling rules. - properties: - nodeAffinity: - description: Node affinity is a group of node affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). - properties: - preference: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - preference - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: A node selector represents the union of the results - of one or more label queries over a set of nodes; that is, - it represents the OR of the selectors represented by the node - selector terms. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - type: array - required: - - nodeSelectorTerms - podAffinity: - description: Pod affinity is a group of inter pod affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - podAntiAffinity: - description: Pod anti affinity is a group of inter pod anti affinity - scheduling rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more - of the expressions. The node that is most preferred is the - one with the greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field - and adding "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - baseImage: - description: Base image that is used to deploy pods, without tag. - type: string - containers: - description: Containers allows injecting additional containers. This - is meant to allow adding an authentication proxy to an Alertmanager - pod. - items: - description: A single application container that you want to run within - a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be - updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The - docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: EnvVarSource represents a source for the value - of an EnvVar. - properties: - configMapKeyRef: - description: Selects a key from a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap or it's - key must be defined - type: boolean - required: - - key - fieldRef: - description: ObjectFieldSelector selects an APIVersioned - field of an object. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - resourceFieldRef: - description: ResourceFieldSelector represents container - resources (cpu, memory) and their output format - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: {} - resource: - description: 'Required: resource to select' - type: string - required: - - resource - secretKeyRef: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's - key must be defined - type: boolean - required: - - key - required: - - name - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be a - C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of - ConfigMaps - properties: - configMapRef: - description: |- - ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. - - The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: |- - SecretEnvSource selects a Secret to populate the environment variables with. - - The contents of the target Secret's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle describes actions that the management system - should take in response to container lifecycle events. For the - PostStart and PreStop lifecycle handlers, management of the - container blocks until the action is complete, unless the container - process fails, in which case the handler is aborted. - properties: - postStart: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - preStop: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - livenessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - name: - description: Name of the container specified as a DNS_LABEL. Each - container in a pod must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about the - network connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Cannot be updated. - items: - description: ContainerPort represents a network port in a single - container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod must - have a unique name. Name for the port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. Must be UDP or TCP. Defaults - to "TCP". - type: string - required: - - containerPort - type: array - readinessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - securityContext: - description: SecurityContext holds security configuration that - will be applied to a container. Some fields are present in both - SecurityContext and PodSecurityContext. When both are set, - the values in SecurityContext take precedence. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: Adds and removes POSIX capabilities from running - containers. - properties: - add: - description: Added capabilities - items: - type: string - type: array - drop: - description: Removed capabilities - items: - type: string - type: array - privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. - type: boolean - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to - the container - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - stdin: - description: Whether this container should allocate a buffer for - stdin in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default is - false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin - channel after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container - start, is empty until the first client attaches to stdin, and - then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container - is restarted. If this flag is false, a container processes that - reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s - termination message will be written is mounted into the container''s - filesystem. Message written is intended to be brief final status, - such as an assertion failure message. Will be truncated by the - node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. - File will use the contents of terminationMessagePath to populate - the container status message on both success and failure. FallbackToLogsOnError - will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. This is an alpha feature and may change - in the future. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - name - - devicePath - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationHostToContainer - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - required: - - name - - mountPath - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might be - configured in the container image. Cannot be updated. - type: string - required: - - name - type: array - externalUrl: - description: The external URL the Alertmanager instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Alertmanager is not served from root of a DNS name. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same namespace - to use for pulling prometheus and alertmanager images from registries - see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to let - you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - type: array - listenLocal: - description: ListenLocal makes the Alertmanager server listen on loopback, - so that it does not bind against the Pod IP. Note this is only for - the Alertmanager UI, not the gossip communication. - type: boolean - logLevel: - description: Log level for Alertmanager to be configured with. - type: string - nodeSelector: - description: Define which Nodes the Pods are scheduled on. - type: object - paused: - description: If set to true all actions on the underlaying managed objects - are not goint to be performed, except for delete actions. - type: boolean - podMetadata: - description: ObjectMeta is metadata that all persisted resources must - have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs to. - This is used to distinguish resources with same name and namespace - in different clusters. This field is not set anywhere right now - and apiserver is going to ignore it if set in create or update - request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to gracefully - terminate before it will be removed from the system. Only set - when deletionTimestamp is also set. May only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted from the - registry. Each entry is an identifier for the responsible component - that will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that must execute - in order before this object is visible. When the last pending - initializer is removed, and no failing result is set, the - initializers struct will be set to nil and the object is considered - as initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible for - initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that don't return - other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of - this representation of an object. Servers should convert - recognized schemas to the latest internal value, and may - reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this status, - 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional properties - that MAY be set by the server to provide additional information - about a response. The Reason field of a Status object - defines what attributes will be set. Clients must ignore - fields that do not match the defined type of each attribute, - and should assume that any attribute may be empty, invalid, - or under defined. - properties: - causes: - description: The Causes array includes more details - associated with the StatusReason failure. Not all - StatusReasons may provide detailed causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases when - multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description of the - cause of the error. This field may be presented - as-is to a reader. - type: string - reason: - description: A machine-readable description of - the cause of the error. If this value is empty - there is no information available. - type: string - type: array - group: - description: The group attribute of the resource associated - with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource associated - with the status StatusReason. On some operations may - differ from the requested resource Kind. More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource associated - with the status StatusReason (when there is a single - name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds before - the operation should be retried. Some errors may indicate - the client must take an alternate action - for those - errors this field may indicate how long to wait before - taking the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there is a - single resource which can be described). More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the status - of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various status - objects. A resource may have only one of {ObjectMeta, - ListMeta}. - properties: - continue: - description: continue may be set if the user set a limit - on the number of items returned, and indicates that - the server has more data available. The value is opaque - and may be used to issue another request to the endpoint - that served this list to retrieve the next set of - available objects. Continuing a list may not be possible - if the server configuration has changed or more than - a few minutes have passed. The resourceVersion field - returned when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s internal - version of this object that can be used by clients - to determine when objects have changed. Value must - be treated as opaque by clients and passed unmodified - back to the server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why this - operation is in the "Failure" status. If this value is - empty there is no information available. A Reason clarifies - an HTTP status code but does not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a client - to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If ALL objects - in the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this - list will point to this controller, with the controller field - set to true. There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information to let - you identify an owning object. Currently, an owning object must - be in the same namespace, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the key-value - store until this reference is removed. Defaults to false. - To set this field, a user needs "delete" permission of the - owner, otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. Populated - by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - replicas: - description: Size is the expected size of the alertmanager cluster. - The controller will eventually make the size of the running cluster - equal to the expected size. - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - routePrefix: - description: The route prefix Alertmanager registers HTTP handlers for. - This is useful, if using ExternalURL and a proxy is rewriting HTTP - routes of a request, and the actual ExternalURL is still true, but - the server serves requests under a different route prefix. For example - for use with `kubectl proxy`. - type: string - secrets: - description: Secrets is a list of Secrets in the same namespace as the - Alertmanager object, which shall be mounted into the Alertmanager - Pods. The Secrets are mounted into /etc/alertmanager/secrets/. - items: - type: string - type: array - securityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in container.securityContext. Field - values of container.securityContext take precedence over field values - of PodSecurityContext. - properties: - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - - If unset, the Kubelet will not modify the ownership and permissions of any volume. - format: int64 - type: integer - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to the - container - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - supplementalGroups: - description: A list of groups applied to the first process run in - each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: array - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to - use to run the Prometheus Pods. - type: string - storage: - description: StorageSpec defines the configured storage for a group - Prometheus servers. - properties: - class: - description: 'Name of the StorageClass to use when requesting storage - provisioning. More info: https://kubernetes.io/docs/user-guide/persistent-volumes/#storageclasses - DEPRECATED' - type: string - emptyDir: - description: Represents an empty directory for a pod. Empty directory - volumes support ownership management and SELinux relabeling. - properties: - medium: - description: 'What type of storage medium should back this directory. - The default is "" which means to use the node''s default medium. - Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: {} - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - volumeClaimTemplate: - description: PersistentVolumeClaim is a user's request for and claim - to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - description: ObjectMeta is metadata that all persisted resources - must have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs - to. This is used to distinguish resources with same name - and namespace in different clusters. This field is not - set anywhere right now and apiserver is going to ignore - it if set in create or update request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to - gracefully terminate before it will be removed from the - system. Only set when deletionTimestamp is also set. May - only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted - from the registry. Each entry is an identifier for the - responsible component that will remove the entry from - the list. If the deletionTimestamp of the object is non-nil, - entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that - must execute in order before this object is visible. - When the last pending initializer is removed, and - no failing result is set, the initializers struct - will be set to nil and the object is considered as - initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible - for initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that - don't return other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal - value, and may reject unrecognized values. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this - status, 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional - properties that MAY be set by the server to provide - additional information about a response. The Reason - field of a Status object defines what attributes - will be set. Clients must ignore fields that do - not match the defined type of each attribute, - and should assume that any attribute may be empty, - invalid, or under defined. - properties: - causes: - description: The Causes array includes more - details associated with the StatusReason failure. - Not all StatusReasons may provide detailed - causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases - when multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description - of the cause of the error. This field - may be presented as-is to a reader. - type: string - reason: - description: A machine-readable description - of the cause of the error. If this value - is empty there is no information available. - type: string - type: array - group: - description: The group attribute of the resource - associated with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource - associated with the status StatusReason. On - some operations may differ from the requested - resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource - associated with the status StatusReason (when - there is a single name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds - before the operation should be retried. Some - errors may indicate the client must take an - alternate action - for those errors this field - may indicate how long to wait before taking - the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there - is a single resource which can be described). - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing - the REST resource this object represents. Servers - may infer this from the endpoint the client submits - requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the - status of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various - status objects. A resource may have only one of - {ObjectMeta, ListMeta}. - properties: - continue: - description: continue may be set if the user - set a limit on the number of items returned, - and indicates that the server has more data - available. The value is opaque and may be - used to issue another request to the endpoint - that served this list to retrieve the next - set of available objects. Continuing a list - may not be possible if the server configuration - has changed or more than a few minutes have - passed. The resourceVersion field returned - when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s - internal version of this object that can be - used by clients to determine when objects - have changed. Value must be treated as opaque - by clients and passed unmodified back to the - server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing - this object. Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why - this operation is in the "Failure" status. If - this value is empty there is no information available. - A Reason clarifies an HTTP status code but does - not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is - required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If - ALL objects in the list have been deleted, this object - will be garbage collected. If this object is managed by - a controller, then an entry in this list will point to - this controller, with the controller field set to true. - There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. Currently, an - owning object must be in the same namespace, so there - is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from - the key-value store until this reference is removed. - Defaults to false. To set this field, a user needs - "delete" permission of the owner, otherwise 422 - (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the - managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - spec: - description: PersistentVolumeClaimSpec describes the common - attributes of storage devices and allows a Source for provider-specific - attributes - properties: - accessModes: - description: 'AccessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - resources: - description: ResourceRequirements describes the compute - resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set - of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - storageClassName: - description: 'Name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not - included in claim spec. This is an alpha feature and may - change in the future. - type: string - volumeName: - description: VolumeName is the binding reference to the - PersistentVolume backing this claim. - type: string - status: - description: PersistentVolumeClaimStatus is the current status - of a persistent volume claim. - properties: - accessModes: - description: 'AccessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - capacity: - description: Represents the actual resources of the underlying - volume. - type: object - conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails details - about state of pvc - properties: - lastProbeTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - lastTransitionTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - message: - description: Human-readable message indicating details - about last transition. - type: string - reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is being - resized. - type: string - status: - type: string - type: - type: string - required: - - type - - status - type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string - tag: - description: Tag of Alertmanager container image to be deployed. Defaults - to the value of `version`. - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: array - version: - description: Version the cluster should be on. - type: string - status: - description: 'Most recent observed status of the Alertmanager cluster. Read-only. - Not included when requesting from the apiserver, only from the Prometheus - Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this Alertmanager cluster. - format: int32 - type: integer - paused: - description: Represents whether any actions on the underlaying managed - objects are being performed. Only delete actions will be performed. - type: boolean - replicas: - description: Total number of non-terminated pods targeted by this Alertmanager - cluster (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: Total number of unavailable pods targeted by this Alertmanager - cluster. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted by this Alertmanager - cluster that have the desired version spec. - format: int32 - type: integer - required: - - paused - - replicas - - updatedReplicas - - availableReplicas - - unavailableReplicas - version: v1 - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkas.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: Kafka - listKind: KafkaList - singular: kafka - plural: kafkas - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - kafka: - type: object - properties: - replicas: - type: integer - minimum: 1 - image: - type: string - storage: - type: object - properties: - class: - type: string - deleteClaim: - type: boolean - selector: - type: object - size: - type: string - type: - type: string - listeners: - type: object - properties: - plain: - type: object - properties: {} - tls: - type: object - properties: - authentication: - type: object - properties: - type: - type: string - authorization: - type: object - properties: - superUsers: - type: array - items: - type: string - type: - type: string - config: - type: object - rack: - type: object - properties: - topologyKey: - type: string - example: failure-domain.beta.kubernetes.io/zone - required: - - topologyKey - brokerRackInitImage: - type: string - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - metrics: - type: object - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - required: - - replicas - - storage - - listeners - zookeeper: - type: object - properties: - replicas: - type: integer - minimum: 1 - image: - type: string - storage: - type: object - properties: - class: - type: string - deleteClaim: - type: boolean - selector: - type: object - size: - type: string - type: - type: string - config: - type: object - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - metrics: - type: object - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - required: - - replicas - - storage - topicOperator: - type: object - properties: - watchedNamespace: - type: string - image: - type: string - reconciliationIntervalSeconds: - type: integer - minimum: 0 - zookeeperSessionTimeoutSeconds: - type: integer - minimum: 0 - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - topicMetadataMaxAttempts: - type: integer - minimum: 0 - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - entityOperator: - type: object - properties: - topicOperator: - type: object - properties: - watchedNamespace: - type: string - image: - type: string - reconciliationIntervalSeconds: - type: integer - minimum: 0 - zookeeperSessionTimeoutSeconds: - type: integer - minimum: 0 - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - topicMetadataMaxAttempts: - type: integer - minimum: 0 - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - userOperator: - type: object - properties: - watchedNamespace: - type: string - image: - type: string - reconciliationIntervalSeconds: - type: integer - minimum: 0 - zookeeperSessionTimeoutSeconds: - type: integer - minimum: 0 - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - tlsSidecar: - type: object - properties: - image: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - required: - - kafka - - zookeeper - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkaconnects.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaConnect - listKind: KafkaConnectList - singular: kafkaconnect - plural: kafkaconnects - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - replicas: - type: integer - image: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - metrics: - type: object - authentication: - type: object - properties: - certificateAndKey: - type: object - properties: - certificate: - type: string - key: - type: string - secretName: - type: string - required: - - certificate - - key - - secretName - type: - type: string - required: - - certificateAndKey - bootstrapServers: - type: string - config: - type: object - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - tls: - type: object - properties: - trustedCertificates: - type: array - items: - type: object - properties: - certificate: - type: string - secretName: - type: string - required: - - certificate - - secretName - required: - - trustedCertificates - required: - - bootstrapServers - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkaconnects2is.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaConnectS2I - listKind: KafkaConnectS2IList - singular: kafkaconnects2i - plural: kafkaconnects2is - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - replicas: - type: integer - image: - type: string - livenessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - readinessProbe: - type: object - properties: - initialDelaySeconds: - type: integer - minimum: 0 - timeoutSeconds: - type: integer - minimum: 0 - jvmOptions: - type: object - properties: - -XX: - type: object - -Xms: - type: string - pattern: '[0-9]+[mMgG]?' - -Xmx: - type: string - pattern: '[0-9]+[mMgG]?' - affinity: - type: object - properties: - nodeAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - preference: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: object - properties: - nodeSelectorTerms: - type: array - items: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - podAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - podAntiAffinity: - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - podAffinityTerm: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - weight: - type: integer - requiredDuringSchedulingIgnoredDuringExecution: - type: array - items: - type: object - properties: - labelSelector: - type: object - properties: - matchExpressions: - type: array - items: - type: object - properties: - key: - type: string - operator: - type: string - values: - type: array - items: - type: string - matchLabels: - type: object - namespaces: - type: array - items: - type: string - topologyKey: - type: string - metrics: - type: object - authentication: - type: object - properties: - certificateAndKey: - type: object - properties: - certificate: - type: string - key: - type: string - secretName: - type: string - required: - - certificate - - key - - secretName - type: - type: string - required: - - certificateAndKey - bootstrapServers: - type: string - config: - type: object - insecureSourceRepository: - type: boolean - logging: - type: object - properties: - loggers: - type: object - name: - type: string - type: - type: string - resources: - type: object - properties: - limits: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - requests: - type: object - properties: - cpu: - type: string - pattern: '[0-9]+m?$' - memory: - type: string - pattern: '[0-9]+([kKmMgGtTpPeE]i?)?$' - tls: - type: object - properties: - trustedCertificates: - type: array - items: - type: object - properties: - certificate: - type: string - secretName: - type: string - required: - - certificate - - secretName - required: - - trustedCertificates - tolerations: - type: array - items: - type: object - properties: - effect: - type: string - key: - type: string - operator: - type: string - tolerationSeconds: - type: integer - value: - type: string - required: - - bootstrapServers - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkatopics.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaTopic - listKind: KafkaTopicList - singular: kafkatopic - plural: kafkatopics - shortNames: - - kt - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - partitions: - type: integer - minimum: 1 - replicas: - type: integer - minimum: 1 - maximum: 32767 - config: - type: object - topicName: - type: string - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: kafkausers.kafka.strimzi.io - labels: - app: strimzi - spec: - group: kafka.strimzi.io - version: v1alpha1 - scope: Namespaced - names: - kind: KafkaUser - listKind: KafkaUserList - singular: kafkauser - plural: kafkausers - shortNames: - - ku - validation: - openAPIV3Schema: - properties: - spec: - type: object - properties: - authentication: - type: object - properties: - type: - type: string - authorization: - type: object - properties: - acls: - type: array - items: - type: object - properties: - host: - type: string - operation: - type: string - enum: - - Read - - Write - - Create - - Delete - - Alter - - Describe - - ClusterAction - - AlterConfigs - - DescribeConfigs - - IdempotentWrite - - All - resource: - type: object - properties: - name: - type: string - patternType: - type: string - enum: - - literal - - prefix - type: - type: string - type: - type: string - enum: - - allow - - deny - required: - - operation - - resource - type: - type: string - required: - - acls - required: - - authentication - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: clusterloggings.logging.openshift.io - spec: - group: logging.openshift.io - names: - kind: ClusterLogging - listKind: ClusterLoggingList - plural: clusterloggings - singular: clusterlogging - scope: Namespaced - version: v1alpha1 - validation: - openAPIV3Schema: - properties: - spec: - description: Specification of the desired behavior of the Logging cluster. - properties: - visualization: - description: Specification of the Visualization component for the cluster - properties: - type: - description: The type of Visualization to configure - type: string - kibana: - description: Specification of the Kibana Visualization component - properties: - resources: - description: The resource requirements for Kibana - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - nodeSelector: - description: Define which Nodes the Pods are scheduled on. - type: object - replicas: - description: Number of instances to deploy for a Kibana deployment - format: int32 - type: integer - proxySpec: - description: Specification of the Kibana Proxy component - properties: - resources: - description: The resource requirements for Kibana - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - required: - - replicas - required: - - type - logStore: - description: Specification of the Log Storage component for the cluster - properties: - type: - description: The type of Log Storage to configure - type: string - elasticsearch: - description: Specification of the Elasticsearch Log Store component - properties: - resources: - description: The resource requirements for Kibana - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - nodeSelector: - description: Define which Nodes the Pods are scheduled on. - type: object - replicas: - description: Number of nodes to deploy for Elasticsearch - format: int32 - type: integer - storage: - description: 'The storage backing for Elasticsearch. More info: ' - type: object - required: - - replicas - - storage - required: - - type - collection: - description: Specification of the Collection component for the cluster - properties: - logCollection: - description: Specification of Log Collection for the cluster - properties: - type: - description: The type of Log Collection to configure - type: string - fluentd: - description: Specification of the Fluentd Log Collection component - properties: - resources: - description: The resource requirements for Fluentd - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - nodeSelector: - description: Define which Nodes the Pods are scheduled on. - type: object - required: - - type - #eventCollection: - #normalizer: - curation: - description: Specification of the Curation component for the cluster - properties: - type: - description: The kind of curation to configure - type: string - curator: - description: The specification of curation to configure - properties: - resources: - description: The resource requirements for Curator - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - nodeSelector: - description: Define which Nodes the Pods are scheduled on. - type: object - schedule: - description: 'The cron schedule that the Curator job is run. Defaults to "30 3 * * *"' - type: string - required: - - schedule - required: - - type - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: deschedulers.descheduler.io - spec: - group: descheduler.io - names: - kind: Descheduler - listKind: DeschedulerList - plural: deschedulers - singular: descheduler - scope: Namespaced - version: v1alpha1 - validation: - openAPIV3Schema: - properties: - spec: - strategies: - type: array - uniqueItems: true - minItems: 1 - maxItems: 4 - collectionFormat: pipes - items: - type: string - schedule: - type: string - pattern: '^(\d+|\*)(/\d+)?(\s+(\d+|\*)(/\d+)?){4}$' - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: elasticsearches.logging.openshift.io - spec: - group: logging.openshift.io - names: - kind: Elasticsearch - listKind: ElasticsearchList - plural: elasticsearches - singular: elasticsearch - scope: Namespaced - version: v1alpha1 - validation: - openAPIV3Schema: - properties: - spec: - description: Specification of the desired behavior of the Elasticsearch cluster - properties: - nodes: - description: Specification of the different Elasticsearch nodes - properties: - roles: - description: The specific Elasticsearch cluster roles the node should perform - type: object - replicas: - description: Number of nodes to deploy - format: int32 - type: integer - spec: - description: Specification of the Elasticsearch node - properties: - image: - description: The image to use for the Elasticsearch node - type: string - resources: - description: The resource requirements for the Elasticsearch node - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - nodeSelector: - description: Define which Nodes the Pods are scheduled on. - type: object - storage: - description: The type of backing storage that should be used for the node - properties: - hostPath: - description: Use host node storage - type: object - emptyDir: - description: Use ephemeral storage - type: object - volumeClaimTemplate: - description: 'Volume claims that act similarly to the VolumeClaimTemplates - field of StatefulSets. A number of PVCs will be generated based on the number of - node replicas' - type: object - persistentVolumeClaim: - description: Use a specifically named Persistent Volume Claim - type: object - nodeSpec: - description: Specification to be applied to all the Elasticsearch nodes - properties: - image: - description: The image to use for the Elasticsearch nodes - type: string - resources: - description: The resource requirements for the Elasticsearch nodes - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - serviceAccountName: - description: The service account for the Elasticsearch nodes in this cluster - type: string - configMapName: - description: The configmap for the Elasticsearch nodes in this cluster - type: string - secretName: - description: The secret for the Elasticsearch nodes in this cluster - type: string - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdbackups.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - kind: EtcdBackup - listKind: EtcdBackupList - plural: etcdbackups - singular: etcdbackup - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdclusters.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - plural: etcdclusters - singular: etcdcluster - kind: EtcdCluster - listKind: EtcdClusterList - shortNames: - - etcdclus - - etcd - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: etcdrestores.etcd.database.coreos.com - spec: - group: etcd.database.coreos.com - version: v1beta2 - scope: Namespaced - names: - kind: EtcdRestore - listKind: EtcdRestoreList - plural: etcdrestores - singular: etcdrestore - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: "" - kubebuilder.k8s.io: 0.1.10 - name: clusters.clusterregistry.k8s.io - spec: - group: clusterregistry.k8s.io - names: - kind: Cluster - plural: clusters - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - authInfo: - properties: - controller: - properties: - kind: - type: string - name: - type: string - namespace: - type: string - type: object - user: - properties: - kind: - type: string - name: - type: string - namespace: - type: string - type: object - type: object - kubernetesApiEndpoints: - properties: - caBundle: - items: - type: byte - type: string - serverEndpoints: - items: - properties: - clientCIDR: - type: string - serverAddress: - type: string - type: object - type: array - type: object - type: object - status: - properties: - conditions: - items: - properties: - lastHeartbeatTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: dnsendpoints.multiclusterdns.federation.k8s.io - spec: - group: multiclusterdns.federation.k8s.io - names: - kind: DNSEndpoint - plural: dnsendpoints - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - endpoints: - items: - properties: - dnsName: - type: string - labels: - type: object - recordTTL: - format: int64 - type: integer - recordType: - type: string - targets: - items: - type: string - type: array - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedclusters.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedCluster - plural: federatedclusters - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterRef: - type: object - secretRef: - type: object - type: object - status: - properties: - conditions: - items: - properties: - lastProbeTime: - format: date-time - type: string - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - - status - type: object - type: array - region: - type: string - zone: - type: string - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedconfigmaps.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedConfigMap - plural: federatedconfigmaps - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedconfigmapoverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedConfigMapOverride - plural: federatedconfigmapoverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - data: - type: object - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedconfigmapplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedConfigMapPlacement - plural: federatedconfigmapplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federateddeployments.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedDeployment - plural: federateddeployments - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federateddeploymentoverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedDeploymentOverride - plural: federateddeploymentoverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - replicas: - format: int32 - type: integer - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federateddeploymentplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedDeploymentPlacement - plural: federateddeploymentplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedingresses.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedIngress - plural: federatedingresses - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedingressplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedIngressPlacement - plural: federatedingressplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedjobs.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedJob - plural: federatedjobs - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedjoboverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedJobOverride - plural: federatedjoboverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - parallelism: - format: int32 - type: integer - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedjobplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedJobPlacement - plural: federatedjobplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatednamespaceplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedNamespacePlacement - plural: federatednamespaceplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedreplicasets.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedReplicaSet - plural: federatedreplicasets - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedreplicasetoverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedReplicaSetOverride - plural: federatedreplicasetoverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - replicas: - format: int32 - type: integer - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedreplicasetplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedReplicaSetPlacement - plural: federatedreplicasetplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedsecrets.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedSecret - plural: federatedsecrets - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedsecretoverrides.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedSecretOverride - plural: federatedsecretoverrides - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - overrides: - items: - properties: - clusterName: - type: string - data: - type: object - type: object - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedsecretplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedSecretPlacement - plural: federatedsecretplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedservices.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedService - plural: federatedservices - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedserviceaccounts.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedServiceAccount - plural: federatedserviceaccounts - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - template: - type: object - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedserviceaccountplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedServiceAccountPlacement - plural: federatedserviceaccountplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedserviceplacements.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedServicePlacement - plural: federatedserviceplacements - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusterNames: - items: - type: string - type: array - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: federatedtypeconfigs.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: FederatedTypeConfig - plural: federatedtypeconfigs - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - comparisonField: - type: string - namespaced: - type: boolean - override: - properties: - group: - type: string - kind: - type: string - pluralName: - type: string - version: - type: string - required: - - kind - type: object - overridePath: - items: - type: string - type: array - placement: - properties: - group: - type: string - kind: - type: string - pluralName: - type: string - version: - type: string - required: - - kind - type: object - propagationEnabled: - type: boolean - target: - properties: - group: - type: string - kind: - type: string - pluralName: - type: string - version: - type: string - required: - - kind - type: object - template: - properties: - group: - type: string - kind: - type: string - pluralName: - type: string - version: - type: string - required: - - kind - type: object - required: - - target - - namespaced - - comparisonField - - propagationEnabled - - template - - placement - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: multiclusteringressdnsrecords.multiclusterdns.federation.k8s.io - spec: - group: multiclusterdns.federation.k8s.io - names: - kind: MultiClusterIngressDNSRecord - plural: multiclusteringressdnsrecords - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - hosts: - items: - type: string - type: array - recordTTL: - format: int64 - type: integer - type: object - status: - properties: - dns: - items: - properties: - cluster: - type: string - loadBalancer: - type: object - type: object - type: array - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: multiclusterservicednsrecords.multiclusterdns.federation.k8s.io - spec: - group: multiclusterdns.federation.k8s.io - names: - kind: MultiClusterServiceDNSRecord - plural: multiclusterservicednsrecords - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - dnsSuffix: - type: string - federationName: - type: string - recordTTL: - format: int64 - type: integer - type: object - status: - properties: - dns: - items: - properties: - cluster: - type: string - loadBalancer: - type: object - region: - type: string - zone: - type: string - type: object - type: array - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: propagatedversions.core.federation.k8s.io - spec: - group: core.federation.k8s.io - names: - kind: PropagatedVersion - plural: propagatedversions - scope: Namespaced - subresources: - status: {} - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - type: object - status: - properties: - clusterVersions: - items: - properties: - clusterName: - type: string - version: - type: string - type: object - type: array - overridesVersion: - type: string - templateVersion: - type: string - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - creationTimestamp: null - labels: - api: federation - kubebuilder.k8s.io: 1.0.3 - name: replicaschedulingpreferences.scheduling.federation.k8s.io - spec: - group: scheduling.federation.k8s.io - names: - kind: ReplicaSchedulingPreference - plural: replicaschedulingpreferences - scope: Namespaced - validation: - openAPIV3Schema: - properties: - apiVersion: - type: string - kind: - type: string - metadata: - type: object - spec: - properties: - clusters: - type: object - rebalance: - type: boolean - targetKind: - type: string - totalReplicas: - format: int32 - type: integer - required: - - targetKind - - totalReplicas - type: object - status: - type: object - version: v1alpha1 - status: - acceptedNames: - kind: "" - plural: "" - conditions: null - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: meterings.metering.openshift.io - annotations: - catalog.app.coreos.com/description: An instance of Metering - catalog.app.coreos.com/displayName: Metering - spec: - group: metering.openshift.io - version: v1alpha1 - scope: Namespaced - names: - plural: meterings - singular: metering - kind: Metering - listKind: MeteringList - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: prestotables.metering.openshift.io - annotations: - catalog.app.coreos.com/displayName: "Metering Presto Table" - catalog.app.coreos.com/description: "A table within PrestoDB" - spec: - group: metering.openshift.io - version: v1alpha1 - scope: Namespaced - names: - plural: prestotables - singular: prestotable - kind: PrestoTable - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: prometheuses.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: Prometheus - plural: prometheuses - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: 'Specification of the desired behavior of the Prometheus cluster. - More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - additionalAlertManagerConfigs: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must be defined - type: boolean - required: - - key - additionalScrapeConfigs: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must be a valid - secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must be defined - type: boolean - required: - - key - affinity: - description: Affinity is a group of affinity scheduling rules. - properties: - nodeAffinity: - description: Node affinity is a group of node affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). - properties: - preference: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - preference - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: A node selector represents the union of the results - of one or more label queries over a set of nodes; that is, - it represents the OR of the selectors represented by the node - selector terms. - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchFields: - description: A list of node selector requirements - by node's fields. - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - type: array - required: - - nodeSelectorTerms - podAffinity: - description: Pod affinity is a group of inter pod affinity scheduling - rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - podAntiAffinity: - description: Pod anti affinity is a group of inter pod anti affinity - scheduling rules. - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more - of the expressions. The node that is most preferred is the - one with the greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field - and adding "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - properties: - podAffinityTerm: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) - that this pod should be co-located (affinity) or not - co-located (anti-affinity) with, where co-located is - defined as running on a node whose value of the label - with key matches that of any node on which - a pod of the set of pods is running - properties: - labelSelector: - description: A label selector is a label query over - a set of resources. The result of matchLabels and - matchExpressions are ANDed. An empty label selector - matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - required: - - topologyKey - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - format: int32 - type: integer - required: - - weight - - podAffinityTerm - type: array - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - properties: - labelSelector: - description: A label selector is a label query over a - set of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - items: - type: string - type: array - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - required: - - topologyKey - type: array - alerting: - description: AlertingSpec defines parameters for alerting configuration - of Prometheus servers. - properties: - alertmanagers: - description: AlertmanagerEndpoints Prometheus should fire alerts - against. - items: - description: AlertmanagerEndpoints defines a selection of a single - Endpoints object containing alertmanager IPs to fire alerts - against. - properties: - bearerTokenFile: - description: BearerTokenFile to read from filesystem to use - when authenticating to Alertmanager. - type: string - name: - description: Name of Endpoints object in Namespace. - type: string - namespace: - description: Namespace of Endpoints object. - type: string - pathPrefix: - description: Prefix for the HTTP path alerts are pushed to. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use when firing alerts. - type: string - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - required: - - namespace - - name - - port - type: array - required: - - alertmanagers - baseImage: - description: Base image to use for a Prometheus deployment. - type: string - containers: - description: Containers allows injecting additional containers. This - is meant to allow adding an authentication proxy to a Prometheus pod. - items: - description: A single application container that you want to run within - a pod. - properties: - args: - description: 'Arguments to the entrypoint. The docker image''s - CMD is used if this is not provided. Variable references $(VAR_NAME) - are expanded using the container''s environment. If a variable - cannot be resolved, the reference in the input string will be - unchanged. The $(VAR_NAME) syntax can be escaped with a double - $$, ie: $$(VAR_NAME). Escaped references will never be expanded, - regardless of whether the variable exists or not. Cannot be - updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - command: - description: 'Entrypoint array. Not executed within a shell. The - docker image''s ENTRYPOINT is used if this is not provided. - Variable references $(VAR_NAME) are expanded using the container''s - environment. If a variable cannot be resolved, the reference - in the input string will be unchanged. The $(VAR_NAME) syntax - can be escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable exists - or not. Cannot be updated. More info: https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell' - items: - type: string - type: array - env: - description: List of environment variables to set in the container. - Cannot be updated. - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previous defined environment variables in the - container and any service environment variables. If a - variable cannot be resolved, the reference in the input - string will be unchanged. The $(VAR_NAME) syntax can be - escaped with a double $$, ie: $$(VAR_NAME). Escaped references - will never be expanded, regardless of whether the variable - exists or not. Defaults to "".' - type: string - valueFrom: - description: EnvVarSource represents a source for the value - of an EnvVar. - properties: - configMapKeyRef: - description: Selects a key from a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap or it's - key must be defined - type: boolean - required: - - key - fieldRef: - description: ObjectFieldSelector selects an APIVersioned - field of an object. - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - resourceFieldRef: - description: ResourceFieldSelector represents container - resources (cpu, memory) and their output format - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: {} - resource: - description: 'Required: resource to select' - type: string - required: - - resource - secretKeyRef: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's - key must be defined - type: boolean - required: - - key - required: - - name - type: array - envFrom: - description: List of sources to populate environment variables - in the container. The keys defined within a source must be a - C_IDENTIFIER. All invalid keys will be reported as an event - when the container is starting. When a key exists in multiple - sources, the value associated with the last source will take - precedence. Values defined by an Env with a duplicate key will - take precedence. Cannot be updated. - items: - description: EnvFromSource represents the source of a set of - ConfigMaps - properties: - configMapRef: - description: |- - ConfigMapEnvSource selects a ConfigMap to populate the environment variables with. - The contents of the target ConfigMap's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the ConfigMap must be defined - type: boolean - prefix: - description: An optional identifier to prepend to each key - in the ConfigMap. Must be a C_IDENTIFIER. - type: string - secretRef: - description: |- - SecretEnvSource selects a Secret to populate the environment variables with. - The contents of the target Secret's Data field will represent the key-value pairs as environment variables. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret must be defined - type: boolean - type: array - image: - description: 'Docker image name. More info: https://kubernetes.io/docs/concepts/containers/images - This field is optional to allow higher level config management - to default or override container images in workload controllers - like Deployments and StatefulSets.' - type: string - imagePullPolicy: - description: 'Image pull policy. One of Always, Never, IfNotPresent. - Defaults to Always if :latest tag is specified, or IfNotPresent - otherwise. Cannot be updated. More info: https://kubernetes.io/docs/concepts/containers/images#updating-images' - type: string - lifecycle: - description: Lifecycle describes actions that the management system - should take in response to container lifecycle events. For the - PostStart and PreStop lifecycle handlers, management of the - container blocks until the action is complete, unless the container - process fails, in which case the handler is aborted. - properties: - postStart: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - preStop: - description: Handler defines a specific action that should - be taken - properties: - exec: - description: ExecAction describes a "run in container" - action. - properties: - command: - description: Command is the command line to execute - inside the container, the working directory for - the command is root ('/') in the container's filesystem. - The command is simply exec'd, it is not run inside - a shell, so traditional shell instructions ('|', - etc) won't work. To use a shell, you need to explicitly - call out to that shell. Exit status of 0 is treated - as live/healthy and non-zero is unhealthy. - items: - type: string - type: array - httpGet: - description: HTTPGetAction describes an action based on - HTTP Get requests. - properties: - host: - description: Host name to connect to, defaults to - the pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. - HTTP allows repeated headers. - items: - description: HTTPHeader describes a custom header - to be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - tcpSocket: - description: TCPSocketAction describes an action based - on opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - livenessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - name: - description: Name of the container specified as a DNS_LABEL. Each - container in a pod must have a unique name (DNS_LABEL). Cannot - be updated. - type: string - ports: - description: List of ports to expose from the container. Exposing - a port here gives the system additional information about the - network connections a container uses, but is primarily informational. - Not specifying a port here DOES NOT prevent that port from being - exposed. Any port which is listening on the default "0.0.0.0" - address inside a container will be accessible from the network. - Cannot be updated. - items: - description: ContainerPort represents a network port in a single - container. - properties: - containerPort: - description: Number of port to expose on the pod's IP address. - This must be a valid port number, 0 < x < 65536. - format: int32 - type: integer - hostIP: - description: What host IP to bind the external port to. - type: string - hostPort: - description: Number of port to expose on the host. If specified, - this must be a valid port number, 0 < x < 65536. If HostNetwork - is specified, this must match ContainerPort. Most containers - do not need this. - format: int32 - type: integer - name: - description: If specified, this must be an IANA_SVC_NAME - and unique within the pod. Each named port in a pod must - have a unique name. Name for the port that can be referred - to by services. - type: string - protocol: - description: Protocol for port. Must be UDP or TCP. Defaults - to "TCP". - type: string - required: - - containerPort - type: array - readinessProbe: - description: Probe describes a health check to be performed against - a container to determine whether it is alive or ready to receive - traffic. - properties: - exec: - description: ExecAction describes a "run in container" action. - properties: - command: - description: Command is the command line to execute inside - the container, the working directory for the command is - root ('/') in the container's filesystem. The command - is simply exec'd, it is not run inside a shell, so traditional - shell instructions ('|', etc) won't work. To use a shell, - you need to explicitly call out to that shell. Exit - status of 0 is treated as live/healthy and non-zero - is unhealthy. - items: - type: string - type: array - failureThreshold: - description: Minimum consecutive failures for the probe to - be considered failed after having succeeded. Defaults to - 3. Minimum value is 1. - format: int32 - type: integer - httpGet: - description: HTTPGetAction describes an action based on HTTP - Get requests. - properties: - host: - description: Host name to connect to, defaults to the - pod IP. You probably want to set "Host" in httpHeaders - instead. - type: string - httpHeaders: - description: Custom headers to set in the request. HTTP - allows repeated headers. - items: - description: HTTPHeader describes a custom header to - be used in HTTP probes - properties: - name: - description: The header field name - type: string - value: - description: The header field value - type: string - required: - - name - - value - type: array - path: - description: Path to access on the HTTP server. - type: string - port: - anyOf: - - type: string - - type: integer - scheme: - description: Scheme to use for connecting to the host. - Defaults to HTTP. - type: string - required: - - port - initialDelaySeconds: - description: 'Number of seconds after the container has started - before liveness probes are initiated. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - periodSeconds: - description: How often (in seconds) to perform the probe. - Default to 10 seconds. Minimum value is 1. - format: int32 - type: integer - successThreshold: - description: Minimum consecutive successes for the probe to - be considered successful after having failed. Defaults to - 1. Must be 1 for liveness. Minimum value is 1. - format: int32 - type: integer - tcpSocket: - description: TCPSocketAction describes an action based on - opening a socket - properties: - host: - description: 'Optional: Host name to connect to, defaults - to the pod IP.' - type: string - port: - anyOf: - - type: string - - type: integer - required: - - port - timeoutSeconds: - description: 'Number of seconds after which the probe times - out. Defaults to 1 second. Minimum value is 1. More info: - https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes' - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - securityContext: - description: SecurityContext holds security configuration that - will be applied to a container. Some fields are present in both - SecurityContext and PodSecurityContext. When both are set, - the values in SecurityContext take precedence. - properties: - allowPrivilegeEscalation: - description: 'AllowPrivilegeEscalation controls whether a - process can gain more privileges than its parent process. - This bool directly controls if the no_new_privs flag will - be set on the container process. AllowPrivilegeEscalation - is true always when the container is: 1) run as Privileged - 2) has CAP_SYS_ADMIN' - type: boolean - capabilities: - description: Adds and removes POSIX capabilities from running - containers. - properties: - add: - description: Added capabilities - items: - type: string - type: array - drop: - description: Removed capabilities - items: - type: string - type: array - privileged: - description: Run container in privileged mode. Processes in - privileged containers are essentially equivalent to root - on the host. Defaults to false. - type: boolean - readOnlyRootFilesystem: - description: Whether this container has a read-only root filesystem. - Default is false. - type: boolean - runAsGroup: - description: The GID to run the entrypoint of the container - process. Uses runtime default if unset. May also be set - in PodSecurityContext. If set in both SecurityContext and - PodSecurityContext, the value specified in SecurityContext - takes precedence. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail - to start the container if it does. If unset or false, no - such validation will be performed. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container - process. Defaults to user specified in image metadata if - unspecified. May also be set in PodSecurityContext. If - set in both SecurityContext and PodSecurityContext, the - value specified in SecurityContext takes precedence. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to - the container - properties: - level: - description: Level is SELinux level label that applies - to the container. - type: string - role: - description: Role is a SELinux role label that applies - to the container. - type: string - type: - description: Type is a SELinux type label that applies - to the container. - type: string - user: - description: User is a SELinux user label that applies - to the container. - type: string - stdin: - description: Whether this container should allocate a buffer for - stdin in the container runtime. If this is not set, reads from - stdin in the container will always result in EOF. Default is - false. - type: boolean - stdinOnce: - description: Whether the container runtime should close the stdin - channel after it has been opened by a single attach. When stdin - is true the stdin stream will remain open across multiple attach - sessions. If stdinOnce is set to true, stdin is opened on container - start, is empty until the first client attaches to stdin, and - then remains open and accepts data until the client disconnects, - at which time stdin is closed and remains closed until the container - is restarted. If this flag is false, a container processes that - reads from stdin will never receive an EOF. Default is false - type: boolean - terminationMessagePath: - description: 'Optional: Path at which the file to which the container''s - termination message will be written is mounted into the container''s - filesystem. Message written is intended to be brief final status, - such as an assertion failure message. Will be truncated by the - node if greater than 4096 bytes. The total message length across - all containers will be limited to 12kb. Defaults to /dev/termination-log. - Cannot be updated.' - type: string - terminationMessagePolicy: - description: Indicate how the termination message should be populated. - File will use the contents of terminationMessagePath to populate - the container status message on both success and failure. FallbackToLogsOnError - will use the last chunk of container log output if the termination - message file is empty and the container exited with an error. - The log output is limited to 2048 bytes or 80 lines, whichever - is smaller. Defaults to File. Cannot be updated. - type: string - tty: - description: Whether this container should allocate a TTY for - itself, also requires 'stdin' to be true. Default is false. - type: boolean - volumeDevices: - description: volumeDevices is the list of block devices to be - used by the container. This is an alpha feature and may change - in the future. - items: - description: volumeDevice describes a mapping of a raw block - device within a container. - properties: - devicePath: - description: devicePath is the path inside of the container - that the device will be mapped to. - type: string - name: - description: name must match the name of a persistentVolumeClaim - in the pod - type: string - required: - - name - - devicePath - type: array - volumeMounts: - description: Pod volumes to mount into the container's filesystem. - Cannot be updated. - items: - description: VolumeMount describes a mounting of a Volume within - a container. - properties: - mountPath: - description: Path within the container at which the volume - should be mounted. Must not contain ':'. - type: string - mountPropagation: - description: mountPropagation determines how mounts are - propagated from the host to container and the other way - around. When not set, MountPropagationHostToContainer - is used. This field is beta in 1.10. - type: string - name: - description: This must match the Name of a Volume. - type: string - readOnly: - description: Mounted read-only if true, read-write otherwise - (false or unspecified). Defaults to false. - type: boolean - subPath: - description: Path within the volume from which the container's - volume should be mounted. Defaults to "" (volume's root). - type: string - required: - - name - - mountPath - type: array - workingDir: - description: Container's working directory. If not specified, - the container runtime's default will be used, which might be - configured in the container image. Cannot be updated. - type: string - required: - - name - type: array - evaluationInterval: - description: Interval between consecutive evaluations. - type: string - externalLabels: - description: The labels to add to any time series or alerts when communicating - with external systems (federation, remote storage, Alertmanager). - type: object - externalUrl: - description: The external URL the Prometheus instances will be available - under. This is necessary to generate correct URLs. This is necessary - if Prometheus is not served from root of a DNS name. - type: string - imagePullSecrets: - description: An optional list of references to secrets in the same namespace - to use for pulling prometheus and alertmanager images from registries - see http://kubernetes.io/docs/user-guide/images#specifying-imagepullsecrets-on-a-pod - items: - description: LocalObjectReference contains enough information to let - you locate the referenced object inside the same namespace. - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - type: array - listenLocal: - description: ListenLocal makes the Prometheus server listen on loopback, - so that it does not bind against the Pod IP. - type: boolean - logLevel: - description: Log level for Prometheus to be configured with. - type: string - nodeSelector: - description: Define which Nodes the Pods are scheduled on. - type: object - paused: - description: When a Prometheus deployment is paused, no actions except - for deletion will be performed on the underlying objects. - type: boolean - podMetadata: - description: ObjectMeta is metadata that all persisted resources must - have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs to. - This is used to distinguish resources with same name and namespace - in different clusters. This field is not set anywhere right now - and apiserver is going to ignore it if set in create or update - request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to gracefully - terminate before it will be removed from the system. Only set - when deletionTimestamp is also set. May only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports correct - marshaling to YAML and JSON. Wrappers are provided for many of - the factory methods that the time package offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted from the - registry. Each entry is an identifier for the responsible component - that will remove the entry from the list. If the deletionTimestamp - of the object is non-nil, entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that must execute - in order before this object is visible. When the last pending - initializer is removed, and no failing result is set, the - initializers struct will be set to nil and the object is considered - as initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible for - initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that don't return - other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of - this representation of an object. Servers should convert - recognized schemas to the latest internal value, and may - reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this status, - 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional properties - that MAY be set by the server to provide additional information - about a response. The Reason field of a Status object - defines what attributes will be set. Clients must ignore - fields that do not match the defined type of each attribute, - and should assume that any attribute may be empty, invalid, - or under defined. - properties: - causes: - description: The Causes array includes more details - associated with the StatusReason failure. Not all - StatusReasons may provide detailed causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases when - multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description of the - cause of the error. This field may be presented - as-is to a reader. - type: string - reason: - description: A machine-readable description of - the cause of the error. If this value is empty - there is no information available. - type: string - type: array - group: - description: The group attribute of the resource associated - with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource associated - with the status StatusReason. On some operations may - differ from the requested resource Kind. More info: - https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource associated - with the status StatusReason (when there is a single - name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds before - the operation should be retried. Some errors may indicate - the client must take an alternate action - for those - errors this field may indicate how long to wait before - taking the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there is a - single resource which can be described). More info: - http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing the REST - resource this object represents. Servers may infer this - from the endpoint the client submits requests to. Cannot - be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the status - of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various status - objects. A resource may have only one of {ObjectMeta, - ListMeta}. - properties: - continue: - description: continue may be set if the user set a limit - on the number of items returned, and indicates that - the server has more data available. The value is opaque - and may be used to issue another request to the endpoint - that served this list to retrieve the next set of - available objects. Continuing a list may not be possible - if the server configuration has changed or more than - a few minutes have passed. The resourceVersion field - returned when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s internal - version of this object that can be used by clients - to determine when objects have changed. Value must - be treated as opaque by clients and passed unmodified - back to the server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why this - operation is in the "Failure" status. If this value is - empty there is no information available. A Reason clarifies - an HTTP status code but does not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a client - to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If ALL objects - in the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in this - list will point to this controller, with the controller field - set to true. There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information to let - you identify an owning object. Currently, an owning object must - be in the same namespace, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the key-value - store until this reference is removed. Defaults to false. - To set this field, a user needs "delete" permission of the - owner, otherwise 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. Populated - by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - remoteRead: - description: If specified, the remote_read spec. This is an experimental - feature, it may change in any upcoming release in a breaking way. - items: - description: RemoteReadSpec defines the remote_read configuration - for prometheus. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - username: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bearerToken: - description: bearer token for remote read. - type: string - bearerTokenFile: - description: File to read bearer token for remote read. - type: string - proxyUrl: - description: Optional ProxyURL - type: string - readRecent: - description: Whether reads should be made for queries for time - ranges that the local storage should have complete data for. - type: boolean - remoteTimeout: - description: Timeout for requests to the remote read endpoint. - type: string - requiredMatchers: - description: An optional list of equality matchers which have - to be present in a selector to query the remote read endpoint. - type: object - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - url: - description: The URL of the endpoint to send samples to. - type: string - required: - - url - type: array - remoteWrite: - description: If specified, the remote_write spec. This is an experimental - feature, it may change in any upcoming release in a breaking way. - items: - description: RemoteWriteSpec defines the remote_write configuration - for prometheus. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - username: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bearerToken: - description: File to read bearer token for remote write. - type: string - bearerTokenFile: - description: File to read bearer token for remote write. - type: string - proxyUrl: - description: Optional ProxyURL - type: string - queueConfig: - description: QueueConfig allows the tuning of remote_write queue_config - parameters. This object is referenced in the RemoteWriteSpec - object. - properties: - batchSendDeadline: - description: BatchSendDeadline is the maximum time a sample - will wait in buffer. - type: string - capacity: - description: Capacity is the number of samples to buffer per - shard before we start dropping them. - format: int32 - type: integer - maxBackoff: - description: MaxBackoff is the maximum retry delay. - type: string - maxRetries: - description: MaxRetries is the maximum number of times to - retry a batch on recoverable errors. - format: int32 - type: integer - maxSamplesPerSend: - description: MaxSamplesPerSend is the maximum number of samples - per send. - format: int32 - type: integer - maxShards: - description: MaxShards is the maximum number of shards, i.e. - amount of concurrency. - format: int32 - type: integer - minBackoff: - description: MinBackoff is the initial retry delay. Gets doubled - for every retry. - type: string - remoteTimeout: - description: Timeout for requests to the remote write endpoint. - type: string - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - url: - description: The URL of the endpoint to send samples to. - type: string - writeRelabelConfigs: - description: The list of remote write relabel configurations. - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It defines - ``-section of Prometheus configuration. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - description: Action to perform based on regex matching. - Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label - values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. defailt is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular expression - for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: array - required: - - url - type: array - replicas: - description: Number of instances to deploy for a Prometheus deployment. - format: int32 - type: integer - resources: - description: ResourceRequirements describes the compute resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - retention: - description: Time duration Prometheus shall retain data for. - type: string - routePrefix: - description: The route prefix Prometheus registers HTTP handlers for. - This is useful, if using ExternalURL and a proxy is rewriting HTTP - routes of a request, and the actual ExternalURL is still true, but - the server serves requests under a different route prefix. For example - for use with `kubectl proxy`. - type: string - ruleNamespaceSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - ruleSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - scrapeInterval: - description: Interval between consecutive scrapes. - type: string - secrets: - description: Secrets is a list of Secrets in the same namespace as the - Prometheus object, which shall be mounted into the Prometheus Pods. - The Secrets are mounted into /etc/prometheus/secrets/. - Secrets changes after initial creation of a Prometheus object are - not reflected in the running Pods. To change the secrets mounted into - the Prometheus Pods, the object must be deleted and recreated with - the new list of secrets. - items: - type: string - type: array - securityContext: - description: PodSecurityContext holds pod-level security attributes - and common container settings. Some fields are also present in container.securityContext. Field - values of container.securityContext take precedence over field values - of PodSecurityContext. - properties: - fsGroup: - description: |- - A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: - 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- - If unset, the Kubelet will not modify the ownership and permissions of any volume. - format: int64 - type: integer - runAsGroup: - description: The GID to run the entrypoint of the container process. - Uses runtime default if unset. May also be set in SecurityContext. If - set in both SecurityContext and PodSecurityContext, the value - specified in SecurityContext takes precedence for that container. - format: int64 - type: integer - runAsNonRoot: - description: Indicates that the container must run as a non-root - user. If true, the Kubelet will validate the image at runtime - to ensure that it does not run as UID 0 (root) and fail to start - the container if it does. If unset or false, no such validation - will be performed. May also be set in SecurityContext. If set - in both SecurityContext and PodSecurityContext, the value specified - in SecurityContext takes precedence. - type: boolean - runAsUser: - description: The UID to run the entrypoint of the container process. - Defaults to user specified in image metadata if unspecified. May - also be set in SecurityContext. If set in both SecurityContext - and PodSecurityContext, the value specified in SecurityContext - takes precedence for that container. - format: int64 - type: integer - seLinuxOptions: - description: SELinuxOptions are the labels to be applied to the - container - properties: - level: - description: Level is SELinux level label that applies to the - container. - type: string - role: - description: Role is a SELinux role label that applies to the - container. - type: string - type: - description: Type is a SELinux type label that applies to the - container. - type: string - user: - description: User is a SELinux user label that applies to the - container. - type: string - supplementalGroups: - description: A list of groups applied to the first process run in - each container, in addition to the container's primary GID. If - unspecified, no groups will be added to any container. - items: - format: int64 - type: integer - type: array - sysctls: - description: Sysctls hold a list of namespaced sysctls used for - the pod. Pods with unsupported sysctls (by the container runtime) - might fail to launch. - items: - description: Sysctl defines a kernel parameter to be set - properties: - name: - description: Name of a property to set - type: string - value: - description: Value of a property to set - type: string - required: - - name - - value - type: array - serviceAccountName: - description: ServiceAccountName is the name of the ServiceAccount to - use to run the Prometheus Pods. - type: string - serviceMonitorNamespaceSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - serviceMonitorSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - storage: - description: StorageSpec defines the configured storage for a group - Prometheus servers. - properties: - class: - description: 'Name of the StorageClass to use when requesting storage - provisioning. More info: https://kubernetes.io/docs/user-guide/persistent-volumes/#storageclasses - DEPRECATED' - type: string - emptyDir: - description: Represents an empty directory for a pod. Empty directory - volumes support ownership management and SELinux relabeling. - properties: - medium: - description: 'What type of storage medium should back this directory. - The default is "" which means to use the node''s default medium. - Must be an empty string (default) or Memory. More info: https://kubernetes.io/docs/concepts/storage/volumes#emptydir' - type: string - sizeLimit: {} - resources: - description: ResourceRequirements describes the compute resource - requirements. - properties: - limits: - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - volumeClaimTemplate: - description: PersistentVolumeClaim is a user's request for and claim - to a persistent volume - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - metadata: - description: ObjectMeta is metadata that all persisted resources - must have, which includes all objects users must create. - properties: - annotations: - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not - queryable and should be preserved when modifying objects. - More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - clusterName: - description: The name of the cluster which the object belongs - to. This is used to distinguish resources with same name - and namespace in different clusters. This field is not - set anywhere right now and apiserver is going to ignore - it if set in create or update request. - type: string - creationTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - deletionGracePeriodSeconds: - description: Number of seconds allowed for this object to - gracefully terminate before it will be removed from the - system. Only set when deletionTimestamp is also set. May - only be shortened. Read-only. - format: int64 - type: integer - deletionTimestamp: - description: Time is a wrapper around time.Time which supports - correct marshaling to YAML and JSON. Wrappers are provided - for many of the factory methods that the time package - offers. - format: date-time - type: string - finalizers: - description: Must be empty before the object is deleted - from the registry. Each entry is an identifier for the - responsible component that will remove the entry from - the list. If the deletionTimestamp of the object is non-nil, - entries in this list can only be removed. - items: - type: string - type: array - generateName: - description: |- - GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided. If this field is used, the name returned to the client will be different than the name passed. This value will also be combined with a unique suffix. The provided value has the same validation rules as the Name field, and may be truncated by the length of the suffix required to make the value unique on the server. - If this field is specified and the generated name exists, the server will NOT return a 409 - instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted, and the client should retry (optionally after the time indicated in the Retry-After header). - Applied only if Name is not specified. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#idempotency - type: string - generation: - description: A sequence number representing a specific generation - of the desired state. Populated by the system. Read-only. - format: int64 - type: integer - initializers: - description: Initializers tracks the progress of initialization. - properties: - pending: - description: Pending is a list of initializers that - must execute in order before this object is visible. - When the last pending initializer is removed, and - no failing result is set, the initializers struct - will be set to nil and the object is considered as - initialized and visible to all clients. - items: - description: Initializer is information about an initializer - that has not yet completed. - properties: - name: - description: name of the process that is responsible - for initializing this object. - type: string - required: - - name - type: array - result: - description: Status is a return value for calls that - don't return other objects. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema - of this representation of an object. Servers should - convert recognized schemas to the latest internal - value, and may reject unrecognized values. More - info: https://git.k8s.io/community/contributors/devel/api-conventions.md#resources' - type: string - code: - description: Suggested HTTP return code for this - status, 0 if not set. - format: int32 - type: integer - details: - description: StatusDetails is a set of additional - properties that MAY be set by the server to provide - additional information about a response. The Reason - field of a Status object defines what attributes - will be set. Clients must ignore fields that do - not match the defined type of each attribute, - and should assume that any attribute may be empty, - invalid, or under defined. - properties: - causes: - description: The Causes array includes more - details associated with the StatusReason failure. - Not all StatusReasons may provide detailed - causes. - items: - description: StatusCause provides more information - about an api.Status failure, including cases - when multiple errors are encountered. - properties: - field: - description: |- - The field of the resource that has caused this error, as named by its JSON serialization. May include dot and postfix notation for nested attributes. Arrays are zero-indexed. Fields may appear more than once in an array of causes due to fields having multiple errors. Optional. - Examples: - "name" - the field "name" on the current resource - "items[0].name" - the field "name" on the first array entry in "items" - type: string - message: - description: A human-readable description - of the cause of the error. This field - may be presented as-is to a reader. - type: string - reason: - description: A machine-readable description - of the cause of the error. If this value - is empty there is no information available. - type: string - type: array - group: - description: The group attribute of the resource - associated with the status StatusReason. - type: string - kind: - description: 'The kind attribute of the resource - associated with the status StatusReason. On - some operations may differ from the requested - resource Kind. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: The name attribute of the resource - associated with the status StatusReason (when - there is a single name which can be described). - type: string - retryAfterSeconds: - description: If specified, the time in seconds - before the operation should be retried. Some - errors may indicate the client must take an - alternate action - for those errors this field - may indicate how long to wait before taking - the alternate action. - format: int32 - type: integer - uid: - description: 'UID of the resource. (when there - is a single resource which can be described). - More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - kind: - description: 'Kind is a string value representing - the REST resource this object represents. Servers - may infer this from the endpoint the client submits - requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - message: - description: A human-readable description of the - status of this operation. - type: string - metadata: - description: ListMeta describes metadata that synthetic - resources must have, including lists and various - status objects. A resource may have only one of - {ObjectMeta, ListMeta}. - properties: - continue: - description: continue may be set if the user - set a limit on the number of items returned, - and indicates that the server has more data - available. The value is opaque and may be - used to issue another request to the endpoint - that served this list to retrieve the next - set of available objects. Continuing a list - may not be possible if the server configuration - has changed or more than a few minutes have - passed. The resourceVersion field returned - when using this continue value will be identical - to the value in the first response. - type: string - resourceVersion: - description: 'String that identifies the server''s - internal version of this object that can be - used by clients to determine when objects - have changed. Value must be treated as opaque - by clients and passed unmodified back to the - server. Populated by the system. Read-only. - More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency' - type: string - selfLink: - description: selfLink is a URL representing - this object. Populated by the system. Read-only. - type: string - reason: - description: A machine-readable description of why - this operation is in the "Failure" status. If - this value is empty there is no information available. - A Reason clarifies an HTTP status code but does - not override it. - type: string - status: - description: 'Status of the operation. One of: "Success" - or "Failure". More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status' - type: string - required: - - pending - labels: - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is - required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: |- - Namespace defines the space within each name must be unique. An empty namespace is equivalent to the "default" namespace, but "default" is the canonical representation. Not all objects are required to be scoped to a namespace - the value of this field for those objects will be empty. - Must be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces - type: string - ownerReferences: - description: List of objects depended by this object. If - ALL objects in the list have been deleted, this object - will be garbage collected. If this object is managed by - a controller, then an entry in this list will point to - this controller, with the controller field set to true. - There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. Currently, an - owning object must be in the same namespace, so there - is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from - the key-value store until this reference is removed. - Defaults to false. To set this field, a user needs - "delete" permission of the owner, otherwise 422 - (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the - managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - uid: - description: 'UID of the referent. More info: http://kubernetes.io/docs/user-guide/identifiers#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: array - resourceVersion: - description: |- - An opaque value that represents the internal version of this object that can be used by clients to determine when objects have changed. May be used for optimistic concurrency, change detection, and the watch operation on a resource or set of resources. Clients must treat these values as opaque and passed unmodified back to the server. They may only be valid for a particular resource or set of resources. - Populated by the system. Read-only. Value must be treated as opaque by clients and . More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#concurrency-control-and-consistency - type: string - selfLink: - description: SelfLink is a URL representing this object. - Populated by the system. Read-only. - type: string - uid: - description: |- - UID is the unique in time and space value for this object. It is typically generated by the server on successful creation of a resource and is not allowed to change on PUT operations. - Populated by the system. Read-only. More info: http://kubernetes.io/docs/user-guide/identifiers#uids - type: string - spec: - description: PersistentVolumeClaimSpec describes the common - attributes of storage devices and allows a Source for provider-specific - attributes - properties: - accessModes: - description: 'AccessModes contains the desired access modes - the volume should have. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - resources: - description: ResourceRequirements describes the compute - resource requirements. - properties: - limits: - description: 'Limits describes the maximum amount of - compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - requests: - description: 'Requests describes the minimum amount - of compute resources required. If Requests is omitted - for a container, it defaults to Limits if that is - explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - selector: - description: A label selector is a label query over a set - of resources. The result of matchLabels and matchExpressions - are ANDed. An empty label selector matches all objects. - A null label selector matches no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be empty. - This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - storageClassName: - description: 'Name of the StorageClass required by the claim. - More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#class-1' - type: string - volumeMode: - description: volumeMode defines what type of volume is required - by the claim. Value of Filesystem is implied when not - included in claim spec. This is an alpha feature and may - change in the future. - type: string - volumeName: - description: VolumeName is the binding reference to the - PersistentVolume backing this claim. - type: string - status: - description: PersistentVolumeClaimStatus is the current status - of a persistent volume claim. - properties: - accessModes: - description: 'AccessModes contains the actual access modes - the volume backing the PVC has. More info: https://kubernetes.io/docs/concepts/storage/persistent-volumes#access-modes-1' - items: - type: string - type: array - capacity: - description: Represents the actual resources of the underlying - volume. - type: object - conditions: - description: Current Condition of persistent volume claim. - If underlying persistent volume is being resized then - the Condition will be set to 'ResizeStarted'. - items: - description: PersistentVolumeClaimCondition contails details - about state of pvc - properties: - lastProbeTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - lastTransitionTime: - description: Time is a wrapper around time.Time which - supports correct marshaling to YAML and JSON. Wrappers - are provided for many of the factory methods that - the time package offers. - format: date-time - type: string - message: - description: Human-readable message indicating details - about last transition. - type: string - reason: - description: Unique, this should be a short, machine - understandable string that gives the reason for - condition's last transition. If it reports "ResizeStarted" - that means the underlying persistent volume is being - resized. - type: string - status: - type: string - type: - type: string - required: - - type - - status - type: array - phase: - description: Phase represents the current phase of PersistentVolumeClaim. - type: string - tag: - description: Tag of Prometheus container image to be deployed. Defaults - to the value of `version`. - type: string - thanos: - description: ThanosSpec defines parameters for a Prometheus server within - a Thanos deployment. - properties: - baseImage: - description: Thanos base image if other than default. - type: string - gcs: - description: ThanosGCSSpec defines parameters for use of Google - Cloud Storage (GCS) with Thanos. - properties: - bucket: - description: Google Cloud Storage bucket name for stored blocks. - If empty it won't store any block inside Google Cloud Storage. - type: string - peers: - description: Peers is a DNS name for Thanos to discover peers through. - type: string - s3: - description: ThanosSpec defines parameters for of AWS Simple Storage - Service (S3) with Thanos. (S3 compatible services apply as well) - properties: - accessKey: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bucket: - description: S3-Compatible API bucket name for stored blocks. - type: string - endpoint: - description: S3-Compatible API endpoint for stored blocks. - type: string - insecure: - description: Whether to use an insecure connection with an S3-Compatible - API. - type: boolean - secretKey: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - signatureVersion2: - description: Whether to use S3 Signature Version 2; otherwise - Signature Version 4 will be used. - type: boolean - tag: - description: Tag of Thanos sidecar container image to be deployed. - Defaults to the value of `version`. - type: string - version: - description: Version describes the version of Thanos to use. - type: string - tolerations: - description: If specified, the pod's tolerations. - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - type: array - version: - description: Version of Prometheus to be deployed. - type: string - status: - description: 'Most recent observed status of the Prometheus cluster. Read-only. - Not included when requesting from the apiserver, only from the Prometheus - Operator API itself. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#spec-and-status' - properties: - availableReplicas: - description: Total number of available pods (ready for at least minReadySeconds) - targeted by this Prometheus deployment. - format: int32 - type: integer - paused: - description: Represents whether any actions on the underlaying managed - objects are being performed. Only delete actions will be performed. - type: boolean - replicas: - description: Total number of non-terminated pods targeted by this Prometheus - deployment (their labels match the selector). - format: int32 - type: integer - unavailableReplicas: - description: Total number of unavailable pods targeted by this Prometheus - deployment. - format: int32 - type: integer - updatedReplicas: - description: Total number of non-terminated pods targeted by this Prometheus - deployment that have the desired version spec. - format: int32 - type: integer - required: - - paused - - replicas - - updatedReplicas - - availableReplicas - - unavailableReplicas - version: v1 - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: prometheusrules.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: PrometheusRule - plural: prometheusrules - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: PrometheusRuleSpec contains specification parameters for a - Rule. - properties: - groups: - description: Content of Prometheus rule file - items: - description: RuleGroup is a list of sequentially evaluated recording - and alerting rules. - properties: - interval: - type: string - name: - type: string - rules: - items: - description: Rule describes an alerting or recording rule. - properties: - alert: - type: string - annotations: - type: object - expr: - type: string - for: - type: string - labels: - type: object - record: - type: string - required: - - expr - type: array - required: - - name - - rules - type: array - version: v1 - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reports.metering.openshift.io - annotations: - catalog.app.coreos.com/displayName: "Metering Report" - catalog.app.coreos.com/description: "A metering report summarizes metrics based on the query specified" - spec: - group: metering.openshift.io - version: v1alpha1 - scope: Namespaced - names: - plural: reports - kind: Report - additionalPrinterColumns: - - name: Query - type: string - JSONPath: .spec.generationQuery - - name: Schedule - type: string - JSONPath: .spec.schedule.period - - name: Running - type: string - JSONPath: .status.conditions[?(@.type=="Running")].reason - - name: Failed - type: string - JSONPath: .status.conditions[?(@.type=="Failure")].reason - - name: Table Name - type: string - JSONPath: .status.tableName - - name: Last Report Time - type: string - JSONPath: .status.lastReportTime - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reportdatasources.metering.openshift.io - annotations: - catalog.app.coreos.com/displayName: "Metering data source" - catalog.app.coreos.com/description: "A resource describing a source of data for usage by Report Generation Queries" - spec: - group: metering.openshift.io - version: v1alpha1 - scope: Namespaced - names: - plural: reportdatasources - singular: reportdatasource - kind: ReportDataSource - shortNames: - - datasource - - datasources - additionalPrinterColumns: - - name: Table Name - type: string - JSONPath: .status.tableName - - name: Earliest Metric - type: string - JSONPath: .status.prometheusMetricImportStatus.earliestImportedMetricTime - - name: Newest Metric - type: string - JSONPath: .status.prometheusMetricImportStatus.newestImportedMetricTime - - name: Last Import Time - type: string - JSONPath: .status.prometheusMetricImportStatus.lastImportTime - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reportgenerationqueries.metering.openshift.io - annotations: - catalog.app.coreos.com/displayName: "Metering generation query" - catalog.app.coreos.com/description: "A SQL query used by Metering to generate reports" - spec: - group: metering.openshift.io - version: v1alpha1 - scope: Namespaced - names: - plural: reportgenerationqueries - singular: reportgenerationquery - kind: ReportGenerationQuery - shortNames: - - rgq - additionalPrinterColumns: - - name: View Disabled - type: string - JSONPath: .spec.view.disabled - - name: View Name - type: string - JSONPath: .status.viewName - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: reportprometheusqueries.metering.openshift.io - annotations: - catalog.app.coreos.com/displayName: "Metering prometheus query" - catalog.app.coreos.com/description: "A Prometheus query by Metering to do metering" - spec: - group: metering.openshift.io - version: v1alpha1 - scope: Namespaced - names: - plural: reportprometheusqueries - singular: reportprometheusquery - kind: ReportPrometheusQuery - shortNames: - - rpq - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: servicemonitors.monitoring.coreos.com - spec: - group: monitoring.coreos.com - names: - kind: ServiceMonitor - plural: servicemonitors - scope: Namespaced - validation: - openAPIV3Schema: - properties: - spec: - description: ServiceMonitorSpec contains specification parameters for a - ServiceMonitor. - properties: - endpoints: - description: A list of endpoints allowed as part of this ServiceMonitor. - items: - description: Endpoint defines a scrapeable endpoint serving Prometheus - metrics. - properties: - basicAuth: - description: 'BasicAuth allow an endpoint to authenticate over - basic authentication More info: https://prometheus.io/docs/operating/configuration/#endpoints' - properties: - password: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - username: - description: SecretKeySelector selects a key of a Secret. - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - optional: - description: Specify whether the Secret or it's key must - be defined - type: boolean - required: - - key - bearerTokenFile: - description: File to read bearer token for scraping targets. - type: string - honorLabels: - description: HonorLabels chooses the metric's labels on collisions - with target labels. - type: boolean - interval: - description: Interval at which metrics should be scraped - type: string - metricRelabelings: - description: MetricRelabelConfigs to apply to samples before ingestion. - items: - description: 'RelabelConfig allows dynamic rewriting of the - label set, being applied to samples before ingestion. It defines - ``-section of Prometheus configuration. - More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#metric_relabel_configs' - properties: - action: - description: Action to perform based on regex matching. - Default is 'replace' - type: string - modulus: - description: Modulus to take of the hash of the source label - values. - format: int64 - type: integer - regex: - description: Regular expression against which the extracted - value is matched. defailt is '(.*)' - type: string - replacement: - description: Replacement value against which a regex replace - is performed if the regular expression matches. Regex - capture groups are available. Default is '$1' - type: string - separator: - description: Separator placed between concatenated source - label values. default is ';'. - type: string - sourceLabels: - description: The source labels select values from existing - labels. Their content is concatenated using the configured - separator and matched against the configured regular expression - for the replace, keep, and drop actions. - items: - type: string - type: array - targetLabel: - description: Label to which the resulting value is written - in a replace action. It is mandatory for replace actions. - Regex capture groups are available. - type: string - type: array - params: - description: Optional HTTP URL parameters - type: object - path: - description: HTTP path to scrape for metrics. - type: string - port: - description: Name of the service port this endpoint refers to. - Mutually exclusive with targetPort. - type: string - proxyUrl: - description: ProxyURL eg http://proxyserver:2195 Directs scrapes - to proxy through this endpoint. - type: string - scheme: - description: HTTP scheme to use for scraping. - type: string - scrapeTimeout: - description: Timeout after which the scrape is ended - type: string - targetPort: - anyOf: - - type: string - - type: integer - tlsConfig: - description: TLSConfig specifies TLS configuration parameters. - properties: - caFile: - description: The CA cert to use for the targets. - type: string - certFile: - description: The client cert file for the targets. - type: string - insecureSkipVerify: - description: Disable target certificate validation. - type: boolean - keyFile: - description: The client key file for the targets. - type: string - serverName: - description: Used to verify the hostname for the targets. - type: string - type: array - jobLabel: - description: The label to use to retrieve the job name from. - type: string - namespaceSelector: - description: A selector for selecting namespaces either selecting all - namespaces or a list of namespaces. - properties: - any: - description: Boolean describing whether all namespaces are selected - in contrast to a list restricting them. - type: boolean - matchNames: - description: List of namespace names. - items: - type: string - type: array - selector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array - required: - - key - - operator - type: array - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - targetLabels: - description: TargetLabels transfers labels on the Kubernetes Service - onto the target. - items: - type: string - type: array - required: - - endpoints - - selector - version: v1 - - - apiVersion: apiextensions.k8s.io/v1beta1 - kind: CustomResourceDefinition - metadata: - name: storagelocations.metering.openshift.io - annotations: - catalog.app.coreos.com/displayName: "Metering storage location" - catalog.app.coreos.com/description: "Represents a configurable storage location for Metering to store metering and report data" - spec: - group: metering.openshift.io - version: v1alpha1 - scope: Namespaced - names: - plural: storagelocations - kind: StorageLocation - - clusterServiceVersions: |- - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: amqstreams.v1.0.0.beta - namespace: placeholder - annotations: - alm-examples: '[{"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"Kafka","metadata":{"name":"my-cluster"},"spec":{"kafka":{"replicas":3,"listeners":{"plain":{},"tls":{}},"config":{"offsets.topic.replication.factor":3,"transaction.state.log.replication.factor":3,"transaction.state.log.min.isr":2},"storage":{"type":"ephemeral"}},"zookeeper":{"replicas":3,"storage":{"type":"ephemeral"}},"entityOperator":{"topicOperator":{},"userOperator":{}}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaConnect","metadata":{"name":"my-connect-cluster"},"spec":{"replicas":1,"bootstrapServers":"my-cluster-kafka-bootstrap:9093","tls":{"trustedCertificates":[{"secretName":"my-cluster-cluster-ca-cert","certificate":"ca.crt"}]}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaConnectS2I","metadata":{"name":"my-connect-cluster"},"spec":{"replicas":1,"bootstrapServers":"my-cluster-kafka-bootstrap:9093","tls":{"trustedCertificates":[{"secretName":"my-cluster-cluster-ca-cert","certificate":"ca.crt"}]}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaTopic","metadata":{"name":"my-topic","labels":{"strimzi.io/cluster":"my-cluster"}},"spec":{"partitions":10,"replicas":3,"config":{"retention.ms":604800000,"segment.bytes":1073741824}}}, {"apiVersion":"kafka.strimzi.io/v1alpha1","kind":"KafkaUser","metadata":{"name":"my-user","labels":{"strimzi.io/cluster":"my-cluster"}},"spec":{"authentication":{"type":"tls"},"authorization":{"type":"simple","acls":[{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Read","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Describe","host":"*"},{"resource":{"type":"group","name":"my-group","patternType":"literal"},"operation":"Read","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Write","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Create","host":"*"},{"resource":{"type":"topic","name":"my-topic","patternType":"literal"},"operation":"Describe","host":"*"}]}}}]' - spec: - displayName: AMQ Streams - description: | - **Red Hat AMQ Streams** is a massively scalable, distributed, and high performance data streaming platform based on the Apache Kafka project. - AMQ Streams provides an event streaming backbone that allows microservices and other application components to exchange data with extremely high throughput and low latency. - - **The core capabilities include** - * A pub/sub messaging model, similar to a traditional enterprise messaging system, in which application components publish and consume events to/from an ordered stream - * The long term, fault-tolerant storage of events - * The ability for a consumer to replay streams of events - * The ability to partition topics for horizontal scalability - - # Before you start - - 1\. Create AMQ Streams Cluster Roles - ``` - $ oc apply -f http://amq.io/amqstreams/rbac.yaml - ``` - 2\. Create following bindings - ``` - $ oc adm policy add-cluster-role-to-user strimzi-cluster-operator -z strimzi-cluster-operator --namespace - $ oc adm policy add-cluster-role-to-user strimzi-kafka-broker -z strimzi-cluster-operator --namespace - ``` - keywords: ['amq', 'streams', 'messaging', 'kafka', 'streaming'] - version: 1.0.0-Beta - maturity: beta - maintainers: - - name: Red Hat, Inc. - email: customerservice@redhat.com - provider: - name: Red Hat, Inc. - links: - - name: Product Page - url: https://access.redhat.com/products/red-hat-amq-streams - - name: Documentation - url: https://access.redhat.com/documentation/en-us/red_hat_amq_streams/1.0-beta/html-single/using_amq_streams/ - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAQAAAAEACAYAAABccqhmAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAIj5JREFUeNrsnX1wVOW9x5/dBBIgLxvAKFFkGape0Zo4tFNfppLcueKlRQlzi0A7HRKsdG5va5Iy3r96b7Ktf9w71Ztgp+OI1Sx3Wt/wDol2ZLRqFjuibaEktmClRQJULOElGxKSAHm553dyTrpJNpvz9pzzPOd8vzPbDUKzZ3fP5/v8fr/neX5PiEHS6qPrWUR5KtP+WK49L1EeUe3n1L+3qnblkdR+7lQex7WfE/rf33xi/O8hyRTCRyAF6GUa1PRcqoFdLthlJjSj6NBMo1MxhnZ8ezAAyDzs5RroZQ6M4J6qcMOW9qJvfqd94MC+jv7f/jpx3VO7YAowACgF+HIN+JUCjur24P9aFVv0RPOE/3bpsML/rNmJ4XNde/s/2Ju4qq4hgbsABhDEEX6t34CfCf50uvLXTjYy0J8Y+vR4a/LlZkQIMABfQl+pjfCV7O8FOhZ0+NPpcudfOofPn2np2RXfu+i/drTg7oEByAz9Wg36SFDetx34p0QHJz5JhnLntPS99Vpr0Te+DTOAAUgR3tcEDXoe8Kczg0t/PtwyOjiwvWDNg0gTYADCQE+gV2ngR4P6OfCEf7IG2n/TmRVZsP2TlTfEsQYBBuAV+OXK02YN/kDLTfhTNXIhyUYGB+LJ53fsxGwCDMAt8An4+iCP9iLAP1lUPLx06GBMSQ/i+FZgADzC/FotzI/gExEL/lQN93QnL33Usf3EhoompAcwALvgRzXoqwC++PBPNoLR/ovx5EvPblfSg058YzAAs+DXI7+XE/7JdYLLx4/G+97+ZQxGAAMwGurX49OQH/7JRhAuiMT+tCSE1AAGgBw/SPCjRgADyAR/FUNVPxDwTzCC5PnO/vfeDvysQSjA4NOqvUbm4w05gN+AEZw7k+j/IFEX1NWFoQCCH9FG/FqgHWz4dfV3/Y31dp1u6v5qWSxoaUEoYPDTGv1m5PmAX9fg4CDr7e1Vfx69kEwOf3q8umTlvS0wAH+BH9XAR7gP+NPCPyEt+OTjxOW3Xq1e8oMfd8IA5Idfn9bDqM8ZfiWXVqfbBg93TPjvWQWFLGd5GctVHuGCiNDwpyh5Zd/bsWsrNzXBAOTN9Xdj1OcHP7X36n2zlfW90aJAb6yGNuu6KJt7RznLv28ty1tVKSr84xrpPpcIFy1YV1xcnIQBINcH/Ip6Xomz7me3G4Z+OmUp0UDRQ7Vs/pYa1yIDM/Dr8nNtIOQz8FHh5wh/35st7HSsTu3j56TcMgIr8E+IBk6f8t1MQchH8Jdpo34ZcHYWfsrrP9tWrYT7fAdASg/oOihFEA3+FLVTgfC6r3+rHQaAkN/38FNh79OH17HhC+4NegvrGtjC2noR4ddFH0Z1cXGx9ClB2Afw02q+3YDfefgp1z+xocJV+ElnGxvUiENQ+Jl2r+3+2x/aG2W/B7Ilz/dR5ecIv1MQWhG9PsnOWgRO8I/ryu/erdVSz3Wy1gXCksJPH3ob4Pcn/E5cB2/4L/3yRdbX8AjT7sE27Z6UTlkSwk8f+B6G3Xtc4Ke5/VPf3cRGLw0Kcb3qUWKhkKnCoIvw67pGeWz8biH7zU971BOUpVFIMvir2FixD+IAP1X7Kee3O7/PQ9e/1GbIBDyAf7KqlXQgjhTAefgbAD8/+Ennn9suJPwkI6mAAPCTmrV7FSmAg/DTnYvFPRzhp8U9NN0nqig6yZQKCAK/rnIlHYgq6UArIgBn4K8CxvzgJ51tjAn/XrqfbRozArHh11Wl3bswAMAvNvw0+uvTbiKL1iNMvk5B4ZfGBMKCgh9RHgcBP3/4ST2v7JTmfZ1/drss8KeawEFt3QoMwAj8bGyOH2v6XYBfNYBdcWneG0UrNDUoCfy6ynpHWNu7JeKZgIgRAOB3EX6Cyendfbx15tWXZIKfKfCzwZGxxWuimYBQBqDlS4DfJfhJtNlHNl367a9lg388EmBjy9dhANPAj5zfRfhVA3h/r3Tv9cqB92SEX1e5EgU0wwAAv+fwk9ze6eeUho78UUb4dVWJYgJhAeBvAPzewC9rCkAa7b0gK/ypJtAYaANIOZYL8gB+mTXy2QmZ4ddVq5hAVSANQNvVh7X9gN+aAZw6KTv8upoVE6gMlAFoe6d3A2PA75UEgT/VBMoCYQDaQh/07wP8tpR1461+gZ9d/WBV5M5D53aPjo5GfG8A2siPuX5B4KdOvDIqlF/oF/jZjY3NLDsyPzpw9OM2XxuA1sCzHCiLM/LLagDZN97iG/h1zVl2U1lvx/5mXxqA1robe/oFC/vn3imfH9PobzYCEB1+XXm3rai6+PGhKl8ZQMqhHZBgOX/u8lLpPpNZK+7yJfzjpnzj8sYzr71c5gsDQNFPXPjVEWdVpXSfy+zy1b6FX1Nk4Zr1zW5sHHIjAqCFPij6CQh/6mtJZQArV/sZfl1lX/r9qUapDQB5v/jwq6+3frM0n03O/RsN5f+Swz9mdFcvqurt2F8ppQGkhP6QwPCrOecd5dLMBuSs2RgI+MdTtNtWNB9/oiEqnQEwnNcnBfy6FtaJvyVj1oq7ZywA+gl+vR6waPN3mqUyAGX0p7C/HEjLAb/++jyO5XY0Utn2o6DBP2Z8C64qP//O67VSGIACP4Ur2OEnEfzjN2y9uIfd5m7ayrIzLP/1K/y6iipW1/NIBXhEAJjykxB+Nb9eXiakCRD487Y9Flj4eaYCjp4NqFX9scvPZfipqWffmy3sysnjaY/2otV+tOCHQvxwwczeTMdwiXJOAFX8C57ePe3oHxD4x9V/5HD1vJtuiQtnAFrV/xhGf3fgH9EOyaA++Wa6+pIJ0LTfTHP/natv9/ycQMCfVtTDbWkoFEqKZgAUO2LOnzP8BD4d4knHZNnp50fTflT5n84IvD4pGPBPr8unP4vnXFNSLYwBaGv9DwJtvvBTD/+/PrzO0T7+FBFc98zuaVMDL9IBwD+zet5PVETuqkjY/T1OFQEbgTZf+AnCY0pY7vQhHtQU9OjdS1VzSSe6XioMZhW4k9nRXH/Rq/sB/0zGfdOtjjBnOwLQGntixR9n+Gkk5ikC/PqX2tSZgHQi46Fr4NVFmEb9edt+lHGlH+CfoupQKBT3zAC0wh+F/lEgLi/8Rk1AjxjoKHGnjIDAn7NpqzrPn2mNP+CfqqGe7mR2YZGtgqBdA2hgWPTDDX6CjApxbopMYNl7x2acLqSUgWYg6BqtpCW0pVd9rFw94+YewJ9RMcUAGlw3AEz78YWfqvA8cn4jyl9Vya59xthyjoGBAZb8/Qds6MA+9bQeatc9/NmJCW27Ka8fe75LbeZJz0Y7+gD+GWVrWjDbxgvXAn4+8JMozPbq1N7eN1vUkX2mvQF0RHdfX59asMu20aUX8NtSpO/DA1QQtJQnWooAtPX+x4A5H/gJfKrMeylaJ0CpQCb4JTyi22/wp4qiANMjhtVpQOT9nOAn9byy0/P3QSY0XaEP8IunkZERS0yaNgBt9K8C6nzgVw1gV1yI99OzayfglwD+oaEhdvZ4Z9XhHz4adSMCqAHq/OCn6rpXuf9k0QYjwC8+/MlkkoXy8lnePavquRqAVvnH6M8JfvWmfbNVmPdFew30NADwiwv/6Oio+ufZi6NVXV1dEW4GwFD55wo/qf/9hFDvjyISwC8+/CrMY1OrpjbkmZ0GRPjPEX7SyIWkUO/xYtdpNgT4uYiiq/4P9k74b0b6NqSDPyVqq3m3hDXdc4oZupEMTwNizT9/+El/WhIS6n3SIh7amQf4nTN4I9u56f6i7dqTuzVngj9F1cXFxXGnUwBM/XGGP0gKIvxUVKX1HWcbG2bs5UB7QNR/2xQzCz8b7uk2zKohA1BG/3KGDT+AH/BbFgFNvRzMNnEhs6DNYEbhJ2UVFkU7X28pdzIC2Izb1h34c5eLdYqa2YM4AX96+O3s6FTN4wf/Zgh+XbOX3lDjiAFg6s/dkT9cINYki9ljuAH/RNGajq5Yne3fM/jCDnblwD7D/z57wVWVRhYGGYkAAL+LYT918BVJWQ5t8glqtZ9G/mGHZnb6Yt8zd98+sLHKCQOoAfzu5fz5q9YKNfo7kQIEFf5M+ymsiLZY05Zrw9HkvLzNtgxAa/YZBfzuibrxiHJQJzXsAPx2cn/nN3Vdeu1F49GbgWLgTBFADeD34LXXi5F1GTmJF/BPLx6rOoePHDJn4kuWbbZjAJWA34vX937SJVyy2Fb4j+W9jMumLuq2ZCqNy8mptGQA2jFfEcDvvsYO7Wjw9Bry6n8C+AU0gNRWa4bSgIJI5ETiV5VWIoC1gN87zd9S41ktgHJ/q6M/4J9o5I7/Tq2/ohnlLi9da8UAKgG/hyF4QcST66HKf179k4BfUAOg1MyCzEUAQQv/RV3eS7vC3Lwu/UguK4t/AH+a74/Dmg6LkVnkyFOPV5qJAFYC/mBd30zn8QF+K9/dZse/IzpHwYry7rlvrRkDqAT8wblOwM8vBZiptboZzZnh9KRMyr7q6nJDBhCUxT+y7eqj612656DjeeVMh3ECfnuie8yJg1Xp+6Hj02woevQXPyszEgGUA34xRasEqVc/TRHavamomJTX8CRyfheigOJ6ewf5qgenKt+V3Y1Z+fc+MIXtUJoIoM3PJuCX/fzUWYa2iVLr7sFpjvaebsTPuX+DrVV+gN+8zr/0HOv694dcTc8ma7j7XGLRTTdXzGQAo4BfLumbTi4d6mC9Hb9LA/1d6ohv5CBOwO+89GYel/e/p+7oM7qYh9Zj0JSsU1uyR3p72DXLbghNawBa5582wC+n0L1XXPhTm3nQ53jptZfYlQPvpR3xCXyK0JxuxkLq37+vIvqVysR4bSEI+T/gB/xeiKC/cOHClE4+BLeegqU2+QjlF3A5ZHVCNFiymBif1gBWAn7AD/idgZ9G/uHh4RlqMne5el3hOXMnMB72cwQA+AG/l/BT+C+aQtnZ5WkNQJv/B/yAH/D7FH71O2jbw94t+TvrYT+O/oAf8AP+qep59UX22X8+MoH1VAMoBfyAH/D7Hv4JrKcaQBngB/yA3/fwT2DdNwYA+AE/4DcE/1QDkL0ACPgBP+A3DL8qvRCoRwBRwA/4AX8w4E+NAsIyh/+AH/ADfkvwjw/6ugGUAn7AD/gDA/848/pS4AjgH9tVR2e4977Ryi4dbp9wpluudmJP3n1rWf6qSu6HeAJ+wM8R/vEIQN0NKNMWYB7w01bas40xU+e40XUsrKvn0vkV8AN+zvCruucUC4W047+7gwg/NdWg01t7lVHfqqg7z8LaesAP+KWCX1MR1QDKggg/hfjHVt9uC37S2cYG9unD61QzAfyAXyL4SWXhoMJ/YkOFY0c3kYnQ77NjAoAf8LsMPylCRcDyoIX9BOuwAyP2BIAVU6F04tpndgN+j+Cn75bMuP/9vaq505/pmZqpkuigjvxVa8f/HHD41QiAagANyg/1QYCfRPCbKfaZvrnrG1nRllrA7yL8BDkVcalJqhFR4Xb+QzXTfk8BgZ8UoxRgSVDgpxuEJ/xjNYGY4VQA8Nsf8btidezo3UsNw68bxmnt/zf5fggQ/KRSMoBoEODX4eQtSi2MvA7gd6aOc/65JluRA/0OMpEAwq/WAMJBgZ8W+PA4r326SAPw84ffzHkImUQmcur7m4MGvyoygIjf4Vdv4jdaXXsfFAX0TTO9CPjth/08irgX/u9/2cWWnwcKfor+hVkHwHttP+/cf8rrvb8X8HMo+P314XWOwz8eJSqf3dCRPwYF/nED8D38er7npiaHp4DfmdSKt5FfbHgkKPCPpwC+h9/t0X+y4QB+Z+RGEZciAPo8gwC/5wbg5y29ugEAfofCcxeLuIPP7wgE/J4aAPbzA35T1+ZiEZeigJHPTvoefs8MwG34c5e7X+ekY7gBv7MRgJu6nNjje/g9MQAvRn5q3sFj337G1yxZDPgdTKd4Vf4zRQF+h991A/Ay7J97R7nLEcBdgN9BA3BbI6dO+h5+Vw3A65w//761rqcAgB8SGX7XDECEgl/eqkrX0oCc+zey8KLFgB8SGn5XDECkaj/18HMl3dj6KOCXXKH8At/Dz90ARJvqo+vhPSOQu2mro6M/4He/fkPKvvFW38PP1QBEneenjj1ZnFp6003j5OgP+FOM1eWp3GwONRzR4OdmACIv8qE6wPUvtTluAqH8Qpb/xE71GfBzuKfWb3Yx/C/kMosjGvxcDECGFX7UE85JE6CRP/L8O46F/oB/qqiI65bmKGlcEOB33ABkWt5LJhDdc9B2fjm7fDUreHo34HchcqP7y43RP9dhAxAVft0A2oMG/+R0gK7b7BQhzfMXPN3C8h9H2O+WqOFqFucj2aiG49T3KTr8ijqpK3Abs9ka3C8be2jbcN8brepzunZTFOpnK7khzfM7XSUG/MZEewKoKQiXAUE19d1BgZ+UsG0AQdjVNzAwwPr6+rj9fsBvEqxX4uoZDE6KDJ3gd2r0lwB+1QAoBegE/NOLtvQCfrFU8C+bWeEPfwr47StJBnAc8E8PP7b0iiW9dXf2V9azQpp5sbnrkgp+AYWf1BEG/IBfNvj11t3q9Osv3rFUuNOLuPO2PRZU+FVRDYDy/zbAD/hlgn/K3/f2sMt796iNPK4c2Kf+OV2oz6uIKyP8itaZMgDAD/hFhD+dqKXXcMqefl79GSSGn1RBBkATq92AH/D7BX43JTH8pKIQ/a9iAqOAH/AD/kDBz+45xUJ6ETAB+AE/4A8O/ExbAawbQBLwA37AHxj4SZ2pBtAB+AE/4A8M/OPMh1PDAcAP+AF/IOCfEgF0An7AD/gDA//4oB/S/0QzAYAf8AP+QMCvzgCkRgCscMOWdsAP+AG//+FPTfnHDaDom99pB/yAH/D7Hv70BjBwYF8H4Af8gN/38JM6phhA/29/nXDr1emsN+q6Q48Rzoc+An7AD/inaJz10ARYDh0czeHUf51aOfXs2qlCP/mkV+rHl7+qkhU9VOPo8V2A375RpzuYk3r0hy325gP83ksvAE41gCOH2nJuWF7uKCSH29npWJ0KvhHRTAQ1fwzbbP4I+M2LorFexaj1voiZjuQmo6aOynToqtGW3YBfjNFfMYCKtAZw8f22BuVLdewAPau92+jmuu6Z3cxqNAL4zYN/tjGmfl/DFlIy+r7o3MVMbbsBvzCKKQbQMKUGoNYBPtib8Bp+PfQ8saFCjR4AP1/4u59rYkfvXsrOK8/DFusx9H3Rd02/J12kB/jFzP+nRACkyyePjdrNwwncY6tvt32ludoJPkbTAcBvbtSn9tpGUzMzWljXwBbW1gN+wfP/KRGAemMM9Nu+I5xq2Uy9+c8/tx3wOwy/btA84CedbWxQ7wHAL/bon9YAhj493mo39B887Nyaou5nm2acKgT85tOrdNV9R+FS7oOjq25jV7rPAX5x1DqjASRfbrY1LFAF2UkNa5VpwO9M2P+pEvYPc157MT6YHPkj64s9AvhligCue2pX++XOv1geHjLB6rSpAH7zqZmT0ZkRUZfewRd2AH7v1ank/+0zGoA66p4/Y4niS5xurnQ3LeA3aaKKMfMwZyPq3/FjtUsv4Bdr9J/WAHp2xfdaDdd5aHK+CvjNixZjeSXq0U8mAPjFyv+nNYBF/7Wj5cqJT5IivgvAb+HmfyXOveg34+f62oueRQGAnyWV8L/FsAGQQrlzTMeLTq7jTxUtOQX81tX97HYh7sKB558G/N5oWpanNYC+t15rtWIAWTbX8KcTLQgC/NbTJ7cLf9OJju4C/OKE/xkNoOgb37aUBhjdGGJGI5//AuC3qD6PCn9pv8dTJ9WpQcAvRvif0QBUMP582PTdU7h+s6NXT8c/Z315FeC3WjM5JFafl2EXDADwGwv/ZzSA0cEB08mjukXUwShg3vcfA/w2UwCRNHLqJOB3VzstG0DBmgfbB9p/Y/oOouaiTtQCZpevVh+A37p4rfe3bEgH9gF+90SLfxKWDYCUFVlgOgqg3Xu0i8+OCdD57Xn1TwJ+CPBzGv0NGcAnK2+IW+nbl6Nt5bUyNUijfsHTu1kovxDwQ4DfuuK2DeDmEyw5MjgQt/LqZAJL9xxk87fUGoscShaz/Md3qg/A70+F8gsAvztqUcL/TtsGQEo+v2On1augdKC4vpEte++Y2uuPioSpqQHN8VMrqUjjz1nRqweQ8zssfRGVKKLUDvC7IkOpe8gwQMf+fGx29HNRHleKRT78RDsAaSmwKMpreJLlrNkI+PmKin9LDQ3QhiE6dDAG+OUL++feuVKoO3PWirsBP38ZZtWwARSseTA+3NOdBPxy5fwipQAU/ocXLQb8fEWMtjhuACpQH3VsB/zywK+OuFr/fhGUc/9GwO9C7q+E/0kuBnBiQ0WTE1EA4HdXTi/PtiKa1clZswHw81eTmX9sygBoSnC0/2Ic8MsDv2oAX6vitlXbqOZs2mp5ahfwG1bczOivGrPZVzjT2BCdv6XmmJWjuwD/zKKlu9RabfhCD+t/PzHh72j6NOeWMgXmJWpYbwZq+r3UDdir0b/o1f2WDADwm9JSI3P/tgyANPDh/ubcz6+oAvz24U89j89szz79UFUK8Y0co+bVlCAt7LKyvgPwmx79TR/IYckAzEYBgD89+HbO45ssWlBFpytnOp+PXpOiADcbhOQqof+8bY8BfgFHf8sGQBodHW1QnuoBv3n4zzbF1ANPeDRRJSMo1lZcem0CVPW3sqEL8Lsz+tsygI+uZ5EbPjx/LKuwKAL4jcFPub1bvflp/wWd2Ds5SqPjurpPHmfnH7qfa3cewO+aktrob2k0CVt9VZoRyLQuAPBPurGVUJ/O43Mr/KbTficfAaaf1Tc8Zx4rfP4dNTznIQr5Ab9r2m4VflsRwHgU0HHuYFZkfhTwN2cM+enATC+UpfVmmH1zadqDOqlBR1/se4506qFlvnO3/cjShh/A7/7ob9sASBd++XJV/lfXNwP+9OqK1amjsZciEyjc0cpCn7s54+eqnuBjwQgI/DlbH1We77J0fYDfsqoV+ON2fkHIiasYOtvVlrXgqnLAPzXsd+qodLsyOhdPdQE6xGNIiQwy1QgIer1lm531/YDfstoV+G+3fV84cSVKFFCW9cUvH7wYygL8+vUquT7l/CKJQnPK/c2ITvMZTokKsm+8xbFmLYDflipm6vfnmgGQ/vaH9sbw1SW1gH9sqo3gF60jL2muEqpTuO61AL8tWZ72m6ywU1fU/dWy2OiFZDLo8JNogY+I8JMoz3frcA7Az0XEmGMnvTpmADQtOPzp8eqgw0/ge130m9EEnvgPwC+v6uxU/bkZAKlk5b0tw598nAgq/ProL7quHHiPa39+wM9NCbtVf64GQLr81qvVWpgSOPhp9Bep/14mDb7wNOCXL/R3fErJcQNY8oMfd17Z93YsaPCrN/krO6W5my4n9qgVfsAvjWJWNvu4bgCkays3NY10n0sECX71Rt8Vl+qOIhMA/NKE/lwKS2FeVxwuWrDOzKyA7PBT+C9q5T9TLQDwBzP0524AxcXFhmcF/NLJRzbxjAAAv2Oq5hH6czcAEs0KjJw+1eR3+NX3cahDyruLx5oAwO+YaMFPC88XCPN+B7RASHlq9zP8JDe77DgpJ3YBAn4uohuqjveLcDcAWiCUbmrQb917Rzh093FDww5GAIDf2bzfyQU/nhkA6bqvf6s9tZDhx9bdskYAgF9I0Wo/V26osFvvqLi4WK0HoG8/4IdmzPvjbr1Ytpvv7JrPl9V9dD2j/tXlgB/wQ1Pzfqd2+QkXAaRoHWP2wxvR4M810Jcf8EMZ1Kk8XD+5xXUDoKKgVg9I+gV+9YO0cFKSCMq2eFw34HdUxMI6N4p+IkQAZALtWiTgm7Bf1ggglF8A+L1XtVtFPyEMQDOBBDO5xFHknD/nllI5IwCTHXwBPxf4W7x68bCX71wxgbjyFJMdftJ0J/GILLPn9QF+x9XkZsVfOAPQTKBBeYrLDD+JDuqULQ2YZSL/B/yOi6b76ry+iLAIn4RiAtXTmYBMU310Sq9MylmzAfB7B78Q/eLDonwi6UxAtnn+vFWVUoX/Rtp7A37HlRAFfqEMIMUE2mWEX08DMh3PLZJyN30b8Lsvy7NfgTAATRUK/O2yrvCjE3llyP1nOsYL8HOBv8KLuX6pDIAWCinwVzCLqwW9Xt5LUcDCugah78S8hicBP+AXNgJg2gdFJpCQCX5d87fUqEYgouhkoExn+QF+53N+UeEnhUT/9N4tYUR0lSzw6xLxbEAK/Que3g343VNcpIKfNBHApGhg2ilCUeEn5SwvY4ueEOeawiWLWf7jccAP+CcoS4ZPsrmXtVbnM9ptc4cM8OuihUGzFkdZ35ut3oZ5+YWs4CcvsqyS6wG/O6IVfv8qw4VmyfKJKibwhmICx5UfK2WAfzwSuLmUDc0vZpfaXvcOfiXsn27NP+B3XLS2/79ludgsmT5ZxQTaFROg9rv/rMCfKzr8o6OjLElHIyy7WRl9F4+dx3f5kmuvT9BHnn8HI787oiLfJgX+F2W66JCMn/S7JazszkPndmdH5kdFh39oaGj8v1EL7osNj7hyPHfupq1s3rbHkPO7o042tp9fusaQIVk/cQWwyMDRj9vmLLupTAb4UzWw48ds4IUdbLS3x/HXpkr/nK2PZlzoA/gdlbBz/L42AF29Hfub825bUSUL/OP/ToF/UDEBp4yAwM+5fwPLWbMx478D/I5Kikq/rw2AdPHjQ1Vzb1zeqPwYkQH+yaJOyXRMF9UIzJgBTe3NXrlaAX+jocYegN/RfL/O6738MIAUnXnt5bKFa9ZTVbBMJvgni0yADusgIxhSny9MAD5rkfJQYM++6daMK/oAP9eQv1rGfN/XBkB6t4RFvvT7U42zr15UJSP8vAT4nQv5tZE/6Zc3FPLjt9Tbsb8y77YVzW6kBIA/MCG/p737eCnsx28rv/QLLSf+J3b7lXNnEoAf8NsU3UO3+xF+30YAqTr/zuu1RRWr652OBgB/IEb9mAJ+k5/fZNjv3+L8f/xKk9PRAOAPzKjf5Pc3GgrSt0rThbOvXtSYXVgUAfzQNKO+L6b3YADTAxzp+/BAo5XFQ4Df14ozn1X4kQKkc7xQKJlf+oVqJS2ouHL+bDvgD7z0pbzVQYM/kBGAlbQA8CPchwH4WLSA6IsfHKvNXRytYZNmCwC/L8HfzsaadiSD/mHAANLUB3Kjy6qyCyKAH3k+DCCIOv5EQ3T+P62pH4wsqBqdMw/w+wN8mtPvxEcBAzCswz98NJp3z6r62YujVWEDx2gBfoAPA/Churq6qC5QO3whWZNVEIkAfuT4MIAAioqF/9DeVTnc012fVVgUBfxCiUb5mPJoAfgwAP532+st5bOX3lCTveCqSsDvqWiTznYF+gQ+ChiAJ3WCwgc2VoXn5W3mFRUA/rSj/U421pIL+T0MQKCoYMmyzaGcnEqnagWAf0JuT6P9Toz2MADhdSLxq8rc5aVr2dhBJhHAbwv6Vr/ux4cBBEBHnnq8Mu+e+9ZmX3V1ufLHKOCfMbxPAHoYgC919Bc/K8u/94Hy4e5za0PZ2eXp1hcEEH4VeHr2S7NNGABkuG4wq2RxeXjO3JVkCL1te4IAPwG/VwMe+TwMANJFx54pT5QqlLKxFudlkr+ldu3RgREeBgBZN4UyrX5Qqj2XCQh6pwY6PbcDdhgAxNcYIpoRRFIMoZT9fdYhygwWHTNlKdqDlNQA14FPaqBj5Z2k+n8BBgCYs/pPRyOn1wAAAABJRU5ErkJggg== - mediatype: image/png - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: false - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: strimzi-cluster-operator - rules: - - apiGroups: - - "" - resources: - - serviceaccounts - verbs: - - get - - create - - delete - - patch - - update - - apiGroups: - - rbac.authorization.k8s.io - resources: - - clusterrolebindings - - rolebindings - verbs: - - get - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - kafka.strimzi.io - resources: - - kafkas - - kafkaconnects - - kafkaconnects2is - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - pods - verbs: - - get - - list - - watch - - delete - - apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - endpoints - verbs: - - get - - list - - watch - - apiGroups: - - extensions - resources: - - deployments - - deployments/scale - - replicasets - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - apps - resources: - - deployments - - deployments/scale - - deployments/status - - statefulsets - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - events - verbs: - - create - - apiGroups: - - extensions - resources: - - replicationcontrollers - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - apps.openshift.io - resources: - - deploymentconfigs - - deploymentconfigs/scale - - deploymentconfigs/status - - deploymentconfigs/finalizers - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - build.openshift.io - resources: - - buildconfigs - - builds - verbs: - - create - - delete - - get - - list - - patch - - watch - - update - - apiGroups: - - image.openshift.io - resources: - - imagestreams - - imagestreams/status - verbs: - - create - - delete - - get - - list - - watch - - patch - - update - - apiGroups: - - "" - resources: - - replicationcontrollers - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - - list - - create - - delete - - patch - - update - - apiGroups: - - "" - resources: - - nodes - verbs: - - get - - apiGroups: - - kafka.strimzi.io - resources: - - kafkatopics - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - - apiGroups: - - "" - resources: - - events - verbs: - - create - - apiGroups: - - kafka.strimzi.io - resources: - - kafkausers - verbs: - - get - - list - - watch - - create - - patch - - update - - delete - deployments: - - name: strimzi-cluster-operator - spec: - replicas: 1 - selector: - matchLabels: - name: strimzi-cluster-operator-alm-owned - template: - metadata: - name: strimzi-cluster-operator-alm-owned - labels: - name: strimzi-cluster-operator-alm-owned - spec: - serviceAccountName: strimzi-cluster-operator - containers: - - name: cluster-operator - image: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-clusteroperator-openshift:1.0.0-beta - env: - - name: STRIMZI_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: STRIMZI_FULL_RECONCILIATION_INTERVAL_MS - value: "120000" - - name: STRIMZI_OPERATION_TIMEOUT_MS - value: "300000" - - name: STRIMZI_DEFAULT_ZOOKEEPER_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-zookeeper-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafka-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_CONNECT_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkaconnect-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_CONNECT_S2I_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkaconnects2i-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TOPIC_OPERATOR_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-topicoperator-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_USER_OPERATOR_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-useroperator-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_KAFKA_INIT_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkainit-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TLS_SIDECAR_ZOOKEEPER_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-zookeeperstunnel-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TLS_SIDECAR_KAFKA_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-kafkastunnel-openshift:1.0.0-beta - - name: STRIMZI_DEFAULT_TLS_SIDECAR_ENTITY_OPERATOR_IMAGE - value: registry.access.redhat.com/amqstreams-1-tech-preview/amqstreams10-entityoperatorstunnel-openshift:1.0.0-beta - - name: STRIMZI_LOG_LEVEL - value: INFO - customresourcedefinitions: - owned: - - name: kafkas.kafka.strimzi.io - version: v1alpha1 - kind: Kafka - displayName: Kafka - description: Represents a Kafka cluster - specDescriptors: - - description: The desired number of Kafka brokers. - displayName: Kafka Brokers - path: kafka.replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: The type of storage used by Kafka brokers - displayName: Kafka storage - path: kafka.storage.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Kafka Resource Requirements - path: kafka.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - description: The desired number of Zookeeper nodes. - displayName: Zookeeper Nodes - path: zookeeper.replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: The type of storage used by Zookeeper nodes - displayName: Zookeeper storage - path: zookeeper.storage.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Zookeeper Resource Requirements - path: zookeeper.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: kafkaconnects.kafka.strimzi.io - version: v1alpha1 - kind: KafkaConnect - displayName: Kafka Connect - description: Represents a Kafka Connect cluster - specDescriptors: - - description: The desired number of Kafka Connect nodes. - displayName: Connect nodes - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: The address of the bootstrap server - displayName: Bootstrap server - path: bootstrapServers - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: kafkaconnects2is.kafka.strimzi.io - version: v1alpha1 - kind: KafkaConnectS2I - displayName: Kafka Connect S2I - description: Represents a Kafka Connect cluster with Source 2 Image support - specDescriptors: - - description: The desired number of Kafka Connect nodes. - displayName: Connect nodes - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: The address of the bootstrap server - displayName: Bootstrap server - path: bootstrapServers - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: kafkatopics.kafka.strimzi.io - version: v1alpha1 - kind: KafkaTopic - displayName: Kafka Topic - description: Represents a topic inside a Kafka cluster - specDescriptors: - - description: The number of partitions - displayName: Partitions - path: partitions - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: The number of replicas - displayName: Replication factor - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - name: kafkausers.kafka.strimzi.io - version: v1alpha1 - kind: KafkaUser - displayName: Kafka User - description: Represents a user inside a Kafka cluster - specDescriptors: - - description: Authentication type - displayName: Authentication type - path: authentication.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: Authorization type - displayName: Authorization type - path: authorization.type - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: clusterlogging.v0.0.1 - namespace: placeholder - annotations: - olm-examples: '[{"apiVersion": "logging.openshift.io/v1alpha1","kind": "ClusterLogging","metadata":{"name": "example","annotations":{"io.openshift.clusterlogging.alpha/allinone": ""}},"spec": {"logStore":{"type": "elasticsearch","elasticsearch":{"replicas":1,"storage":{"emptyDir": {}}}},"visualization":{"type": "kibana","kibana":{"replicas": 1}},"curation":{"type": "curator","curator": {"schedule": "30 3 * * *"}},"collection": {"logCollection":{"type": "fluentd","fluentd":{"nodeSelector":{"logging-infra-fluentd: "true"}}}}}]' - test: "yes" - spec: - displayName: Cluster Logging - - description: | - The Cluster Logging Operator for OKD provides a means for configuring and managing your aggregated logging stack. - - Once installed, the Cluster Logging Operator provides the following features: - * **Create/Destroy**: Launch and create an aggregated logging stack in the `openshift-logging` namespace. - * **Simplified Configuration**: Configure your aggregated logging cluster's structure like components and end points easily. - - keywords: ['elasticsearch', 'kibana', 'fluentd', 'logging', 'aggregated', 'efk'] - - maintainers: - - name: Red Hat - email: aos-logging@redhat.com - - provider: - name: Red Hat - - links: - - name: Elastic - url: https://www.elastic.co/ - - name: Fluentd - url: https://www.fluentd.org/ - - name: Documentation - url: https://github.com/openshift/cluster-logging-operator/blob/master/README.md - - name: Cluster Logging Operator - url: https://github.com/openshift/cluster-logging-operator - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: false - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: cluster-logging-operator - rules: - - apiGroups: - - logging.openshift.io - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - - serviceaccounts - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - "*" - - apiGroups: - - route.openshift.io - resources: - - routes - - routes/custom-host - verbs: - - "*" - - apiGroups: - - batch - resources: - - cronjobs - verbs: - - "*" - - apiGroups: - - rbac.authorization.k8s.io - resources: - - roles - - rolebindings - verbs: - - "*" - - serviceAccountName: elasticsearch-operator - rules: - - apiGroups: - - logging.openshift.io - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - pods/exec - - services - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - - serviceaccounts - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - "*" - - apiGroups: - - monitoring.coreos.com - resources: - - prometheusrules - - servicemonitors - verbs: - - "*" - clusterPermissions: - - serviceAccountName: cluster-logging-operator - rules: - - apiGroups: - - scheduling.k8s.io - resources: - - priorityclasses - verbs: - - "*" - - apiGroups: - - oauth.openshift.io - resources: - - oauthclients - verbs: - - "*" - deployments: - - name: cluster-logging-operator - spec: - replicas: 1 - selector: - matchLabels: - name: cluster-logging-operator - template: - metadata: - labels: - name: cluster-logging-operator - spec: - serviceAccountName: cluster-logging-operator - containers: - - name: cluster-logging-operator - image: quay.io/openshift/cluster-logging-operator:latest - imagePullPolicy: IfNotPresent - command: - - cluster-logging-operator - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: "cluster-logging-operator" - - name: ELASTICSEARCH_IMAGE - value: "docker.io/openshift/origin-logging-elasticsearch5:latest" - - name: FLUENTD_IMAGE - value: "docker.io/openshift/origin-logging-fluentd:latest" - - name: KIBANA_IMAGE - value: "docker.io/openshift/origin-logging-kibana5:latest" - - name: CURATOR_IMAGE - value: "docker.io/openshift/origin-logging-curator5:latest" - - name: OAUTH_PROXY_IMAGE - value: "docker.io/openshift/oauth-proxy:latest" - - name: RSYSLOG_IMAGE - value: "docker.io/viaq/rsyslog:latest" - - name: elasticsearch-operator - spec: - replicas: 1 - selector: - matchLabels: - name: elasticsearch-operator - template: - metadata: - labels: - name: elasticsearch-operator - spec: - serviceAccountName: elasticsearch-operator - containers: - - name: elasticsearch-operator - image: quay.io/openshift/elasticsearch-operator:latest - imagePullPolicy: IfNotPresent - command: - - elasticsearch-operator - ports: - - containerPort: 60000 - name: metrics - env: - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: "elasticsearch-operator" - maturity: alpha - version: 0.0.1 - customresourcedefinitions: - owned: - - name: clusterloggings.logging.openshift.io - version: v1alpha1 - kind: ClusterLogging - displayName: Cluster Logging - description: A Cluster Logging instance - resources: - - kind: Deployment - version: v1 - - kind: DaemonSet - version: v1 - - kind: CronJob - version: v1beta1 - - kind: ReplicaSet - version: v1 - - kind: Pod - version: v1 - - kind: ConfigMap - version: v1 - - kind: Secret - version: v1 - - kind: Service - version: v1 - - kind: Route - version: v1 - - kind: Elasticsearch - version: v1alpha1 - specDescriptors: - - description: The desired number of Kibana Pods for the Visualization component - displayName: Kibana Size - path: visualization.kibana.replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Resource requirements for the Kibana pods - displayName: Kibana Resource Requirements - path: visualization.kibana.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - description: The node selector to use for the Kibana Visualization component - displayName: Kibana Node Selector - path: visualization.kibana.nodeSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:nodeSelector' - - description: The desired number of Elasticsearch Pods for the Log Storage component - displayName: Elasticsearch Size - path: logStore.elasticsearch.replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Resource requirements for the Elasticsearch pods - displayName: Elasticsearch Resource Requirements - path: logStore.elasticsearch.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - description: The node selector to use for the Elasticsearch Log Storage component - displayName: Elasticsearch Node Selector - path: logStore.elasticsearch.nodeSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:nodeSelector' - - description: Resource requirements for the Fluentd pods - displayName: Fluentd Resource Requirements - path: collection.logCollection.fluentd.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - description: The node selector to use for the Fluentd log collection component - displayName: Fluentd node selector - path: collection.logCollection.fluentd.nodeSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:nodeSelector' - - description: Resource requirements for the Rsyslog pods - displayName: Rsyslog Resource Requirements - path: collection.logCollection.rsyslog.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - description: The node selector to use for the Rsyslog log collection component - displayName: Rsyslog node selector - path: collection.logCollection.rsyslog.nodeSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:nodeSelector' - - description: Resource requirements for the Curator pods - displayName: Curator Resource Requirements - path: curation.curator.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - description: The node selector to use for the Curator component - displayName: Curator Node Selector - path: curation.curator.nodeSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:nodeSelector' - - description: The cron schedule for the Curator component - displayName: Curation Schedule - path: curation.curator.schedule - statusDescriptors: - - description: The status for each of the Kibana pods for the Visualization component - displayName: Kibana Status - path: visualization.kibanaStatus.pods - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The status for each of the Elasticsearch Client pods for the Log Storage component - displayName: Elasticsearch Client Pod Status - path: logStore.elasticsearchStatus.pods.client - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The status for each of the Elasticsearch Data pods for the Log Storage component - displayName: Elasticsearch Data Pod Status - path: logStore.elasticsearchStatus.pods.data - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The status for each of the Elasticsearch Master pods for the Log Storage component - displayName: Elasticsearch Master Pod Status - path: logStore.elasticsearchStatus.pods.master - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The cluster status for each of the Elasticsearch Clusters for the Log Storage component - displayName: Elasticsearch Cluster Health - path: logstore.elasticsearchStatus.clusterHealth - - description: The status for each of the Fluentd pods for the Log Collection component - displayName: Fluentd status - path: collection.logCollection.fluentdStatus.pods - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The status for each of the Rsyslog pods for the Log Collection component - displayName: Rsyslog status - path: collection.logCollection.rsyslogStatus.pods - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - name: elasticsearches.logging.openshift.io - version: v1alpha1 - kind: Elasticsearch - displayName: Elasticsearch - description: An Elasticsearch cluster instance - resources: - - kind: Deployment - version: v1 - - kind: StatefulSet - version: v1 - - kind: ReplicaSet - version: v1 - - kind: Pod - version: v1 - - kind: ConfigMap - version: v1 - - kind: Service - version: v1 - - kind: Route - version: v1 - specDescriptors: - - description: The name of the serviceaccount used by the Elasticsearch pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: The name of the configmap used by the Elasticsearch pods - displayName: Config Map - path: configMapName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ConfigMap' - - description: The name of the secret used by the Elasticsearch pods - displayName: Secret - path: secretName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: nodeSpec.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The current health of Elasticsearch Cluster - displayName: Elasticsearch Cluster Health - path: clusterHealth - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: The status for each of the Elasticsearch pods with the Client role - displayName: Elasticsearch Client Status - path: pods.client - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The status for each of the Elasticsearch pods with the Data role - displayName: Elasticsearch Data Status - path: pods.data - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The status for each of the Elasticsearch pods with the Master role - displayName: Elasticsearch Master Status - path: pods.master - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - annotations: - categories: openshift optional - certifiedLevel: Primed - containerImage: registry.svc.ci.openshift.org/openshift/origin-v4.0:descheduler-operator - createdAt: 2019/11/15 - description: An operator to run the OpenShift descheduler - healthIndex: B - repository: https://github.com/openshift/descheduler-operator - support: Red Hat - name: descheduler.v0.0.1 - namespace: openshift-descheduler-operator - spec: - description: | - # Descheduler for Kubernetes - - ## Introduction - - Scheduling in Kubernetes is the process of binding pending pods to nodes, and is performed by - a component of Kubernetes called kube-scheduler. The scheduler's decisions, whether or where a - pod can or can not be scheduled, are guided by its configurable policy which comprises of set of - rules, called predicates and priorities. The scheduler's decisions are influenced by its view of - a Kubernetes cluster at that point of time when a new pod appears first time for scheduling. - As Kubernetes clusters are very dynamic and their state change over time, there may be desired - to move already running pods to some other nodes for various reasons - - * Some nodes are under or over utilized. - * The original scheduling decision does not hold true any more, as taints or labels are added to - or removed from nodes, pod/node affinity requirements are not satisfied any more. - * Some nodes failed and their pods moved to other nodes. - New nodes are added to clusters. - - Consequently, there might be several pods scheduled on less desired nodes in a cluster. - Descheduler, based on its policy, finds pods that can be moved and evicts them. Please - note, in current implementation, descheduler does not schedule replacement of evicted pods - but relies on the default scheduler for that. - - ## Note - - Any api could be changed any time with out any notice. That said, your feedback is - very important and appreciated to make this project more stable and useful. - - customresourcedefinitions: - owned: - - description: Represents an instance of a Descheduler application - displayName: Descheduler Operator - kind: Descheduler - name: deschedulers.descheduler.io - version: v1alpha1 - displayName: Descheduler - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: false - - type: AllNamespaces - supported: true - install: - spec: - clusterPermissions: - - rules: - - apiGroups: - - "" - resources: - - services - - pods - - configmaps - - secrets - - names - - nodes - - pods/eviction - verbs: - - '*' - - apiGroups: - - apps - resources: - - deployments - verbs: - - '*' - - apiGroups: - - batch - - extensions - resources: - - jobs - verbs: - - '*' - - apiGroups: - - descheduler.io - resources: - - '*' - verbs: - - '*' - serviceAccountName: openshift-descheduler - deployments: - - name: descheduler-operator - spec: - replicas: 1 - selector: - matchLabels: - app: descheduler-operator - template: - metadata: - labels: - app: descheduler-operator - spec: - containers: - - command: - - descheduler-operator - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: WATCH_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: descheduler-operator - image: registry.svc.ci.openshift.org/openshift/origin-v4.0:descheduler-operator - imagePullPolicy: Always - name: descheduler-operator - restartPolicy: Always - serviceAccount: openshift-descheduler - serviceAccountName: openshift-descheduler - terminationGracePeriodSeconds: 5 - strategy: deployment - labels: - olm-owner-enterprise-app: descheduler-operator - olm-status-descriptors: descheduler.v0.0.1 - maintainers: - - email: support@redhat.com - name: Red Hat - provider: - name: Red Hat - version: 0.0.1 - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: etcdoperator.v0.6.1 - namespace: placeholder - annotations: - tectonic-visibility: ocs - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - **High availability** - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - **Automated updates** - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - **Backups included** - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.6.1 - maturity: alpha - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-status-descriptors: etcdoperator.v0.6.1 - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: false - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - verbs: - - "*" - - apiGroups: - - storage.k8s.io - resources: - - storageclasses - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:bd944a211eaf8f31da5e6d69e8541e7cada8f16a9f7a5a570b22478997819943 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: service - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: etcdoperator.v0.9.0 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdCluster","metadata":{"name":"example","namespace":"default"},"spec":{"size":3,"version":"3.2.13"}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdRestore","metadata":{"name":"example-etcd-cluster"},"spec":{"etcdCluster":{"name":"example-etcd-cluster"},"backupStorageType":"S3","s3":{"path":"","awsSecret":""}}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdBackup","metadata":{"name":"example-etcd-cluster-backup"},"spec":{"etcdEndpoints":[""],"storageType":"S3","s3":{"path":"","awsSecret":""}}}]' - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - - - **Automated updates** - - - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - - - **Backups included** - - - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.9.0 - maturity: alpha - replaces: etcdoperator.v0.6.1 - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: false - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - - etcdbackups - - etcdrestores - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-backup-operator - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - command: - - etcd-backup-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-restore-operator - image: quay.io/coreos/etcd-operator@sha256:db563baa8194fcfe39d1df744ed70024b0f1f9e9b55b5923c2f3a413c44dc6b8 - command: - - etcd-restore-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: pod.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdbackups.etcd.database.coreos.com - version: v1beta2 - kind: EtcdBackup - displayName: etcd Backup - description: Represents the intent to backup an etcd cluster. - specDescriptors: - - description: Specifies the endpoints of an etcd cluster. - displayName: etcd Endpoint(s) - path: etcdEndpoints - x-descriptors: - - 'urn:alm:descriptor:etcd:endpoint' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the backup was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any backup related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdrestores.etcd.database.coreos.com - version: v1beta2 - kind: EtcdRestore - displayName: etcd Restore - description: Represents the intent to restore an etcd cluster from a backup. - specDescriptors: - - description: References the EtcdCluster which should be restored, - displayName: etcd Cluster - path: etcdCluster.name - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:EtcdCluster' - - 'urn:alm:descriptor:text' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the restore was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any restore related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: etcdoperator.v0.9.2 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdCluster","metadata":{"name":"example","namespace":"default"},"spec":{"size":3,"version":"3.2.13"}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdRestore","metadata":{"name":"example-etcd-cluster"},"spec":{"etcdCluster":{"name":"example-etcd-cluster"},"backupStorageType":"S3","s3":{"path":"","awsSecret":""}}},{"apiVersion":"etcd.database.coreos.com/v1beta2","kind":"EtcdBackup","metadata":{"name":"example-etcd-cluster-backup"},"spec":{"etcdEndpoints":[""],"storageType":"S3","s3":{"path":"","awsSecret":""}}}]' - spec: - displayName: etcd - description: | - etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines. It’s open-source and available on GitHub. etcd gracefully handles leader elections during network partitions and will tolerate machine failure, including the leader. Your applications can read and write data into etcd. - A simple use-case is to store database connection details or feature flags within etcd as key value pairs. These values can be watched, allowing your app to reconfigure itself when they change. Advanced uses take advantage of the consistency guarantees to implement database leader elections or do distributed locking across a cluster of workers. - - _The etcd Open Cloud Service is Public Alpha. The goal before Beta is to fully implement backup features._ - - ### Reading and writing to etcd - - Communicate with etcd though its command line utility `etcdctl` or with the API using the automatically generated Kubernetes Service. - - [Read the complete guide to using the etcd Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/etcd-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances of etcd are networked together and secured. Individual failures or networking issues are transparently handled to keep your cluster up and running. - - - **Automated updates** - - - Rolling out a new etcd version works like all Kubernetes rolling updates. Simply declare the desired version, and the etcd service starts a safe rolling update to the new version automatically. - - - **Backups included** - - - Coming soon, the ability to schedule backups to happen on or off cluster. - keywords: ['etcd', 'key value', 'database', 'coreos', 'open source'] - version: 0.9.2 - maturity: alpha - replaces: etcdoperator.v0.9.0 - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - labels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - selector: - matchLabels: - alm-owner-etcd: etcdoperator - operated-by: etcdoperator - links: - - name: Blog - url: https://coreos.com/etcd - - name: Documentation - url: https://coreos.com/operators/etcd/docs/latest/ - - name: etcd Operator Source Code - url: https://github.com/coreos/etcd-operator - - icon: - - base64data: iVBORw0KGgoAAAANSUhEUgAAAOEAAADZCAYAAADWmle6AAAACXBIWXMAAAsTAAALEwEAmpwYAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEKlJREFUeNrsndt1GzkShmEev4sTgeiHfRYdgVqbgOgITEVgOgLTEQydwIiKwFQCayoCU6+7DyYjsBiBFyVVz7RkXvqCSxXw/+f04XjGQ6IL+FBVuL769euXgZ7r39f/G9iP0X+u/jWDNZzZdGI/Ftama1jjuV4BwmcNpbAf1Fgu+V/9YRvNAyzT2a59+/GT/3hnn5m16wKWedJrmOCxkYztx9Q+py/+E0GJxtJdReWfz+mxNt+QzS2Mc0AI+HbBBwj9QViKbH5t64DsP2fvmGXUkWU4WgO+Uve2YQzBUGd7r+zH2ZG/tiUQc4QxKwgbwFfVGwwmdLL5wH78aPC/ZBem9jJpCAX3xtcNASSNgJLzUPSQyjB1zQNl8IQJ9MIU4lx2+Jo72ysXYKl1HSzN02BMa/vbZ5xyNJIshJzwf3L0dQhJw4Sih/SFw9Tk8sVeghVPoefaIYCkMZCKbrcP9lnZuk0uPUjGE/KE8JQry7W2tgfuC3vXgvNV+qSQbyFtAtyWk7zWiYevvuUQ9QEQCvJ+5mmu6dTjz1zFHLFj8Eb87MtxaZh/IQFIHom+9vgTWwZxAQjT9X4vtbEVPojwjiV471s00mhAckpwGuCn1HtFtRDaSh6y9zsL+LNBvCG/24ThcxHObdlWc1v+VQJe8LcO0jwtuF8BwnAAUgP9M8JPU2Me+Oh12auPGT6fHuTePE3bLDy+x9pTLnhMn+07TQGh//Bz1iI0c6kvtqInjvPZcYR3KsPVmUsPYt9nFig9SCY8VQNhpPBzn952bbgcsk2EvM89wzh3UEffBbyPqvBUBYQ8ODGPFOLsa7RF096WJ69L+E4EmnpjWu5o4ChlKaRTKT39RMMaVPEQRsz/nIWlDN80chjdJlSd1l0pJCAMVZsniobQVuxceMM9OFoaMd9zqZtjMEYYDW38Drb8Y0DYPLShxn0pvIFuOSxd7YCPet9zk452wsh54FJoeN05hcgSQoG5RR0Qh9Q4E4VvL4wcZq8UACgaRFEQKgSwWrkr5WFnGxiHSutqJGlXjBgIOayhwYBTA0ER0oisIVSUV0AAMT0IASCUO4hRIQSAEECMCCEPwqyQA0JCQBzEGjWNAqHiUVAoXUWbvggOIQCEAOJzxTjoaQ4AIaE64/aZridUsBYUgkhB15oGg1DBIl8IqirYwV6hPSGBSFteMCUBSVXwfYixBmamRubeMyjzMJQBDDowE3OesDD+zwqFoDqiEwXoXJpljB+PvWJGy75BKF1FPxhKygJuqUdYQGlLxNEXkrYyjQ0GbaAwEnUIlLRNvVjQDYUAsJB0HKLE4y0AIpQNgCIhBIhQTgCKhZBBpAN/v6LtQI50JfUgYOnnjmLUFHKhjxbAmdTCaTiBm3ovLPqG2urWAij6im0Nd9aTN9ygLUEt9LgSRnohxUPIKxlGaE+/6Y7znFf0yX+GnkvFFWmarkab2o9PmTeq8sbd2a7DaysXz7i64VeznN4jCQhN9gdDbRiuWrfrsq0mHIrlaq+hlotCtd3Um9u0BYWY8y5D67wccJoZjFca7iUs9VqZcfsZwTd1sbWGG+OcYaTnPAP7rTQVVlM4Sg3oGvB1tmNh0t/HKXZ1jFoIMwCQjtqbhNxUmkGYqgZEDZP11HN/S3gAYRozf0l8C5kKEKUvW0t1IfeWG/5MwgheZTT1E0AEhDkAePQO+Ig2H3DncAkQM4cwUQCD530dU4B5Yvmi2LlDqXfWrxMCcMth51RToRMNUXFnfc2KJ0+Ryl0VNOUwlhh6NoxK5gnViTgQpUG4SqSyt5z3zRJpuKmt3Q1614QaCBPaN6je+2XiFcWAKOXcUfIYKRyL/1lb7pe5VxSxxjQ6hImshqGRt5GWZVKO6q2wHwujfwDtIvaIdexj8Cm8+a68EqMfox6x/voMouZF4dHnEGNeCDMwT6vdNfekH1MafMk4PI06YtqLVGl95aEM9Z5vAeCTOA++YLtoVJRrsqNCaJ6WRmkdYaNec5BT/lcTRMqrhmwfjbpkj55+OKp8IEbU/JLgPJE6Wa3TTe9sHS+ShVD5QIyqIxMEwKh12olC6mHIed5ewEop80CNlfIOADYOT2nd6ZXCop+Ebqchc0JqxKcKASxChycJgUh1rnHA5ow9eTrhqNI7JWiAYYwBGGdpyNLoGw0Pkh96h1BpHihyywtATDM/7Hk2fN9EnH8BgKJCU4ooBkbXFMZJiPbrOyecGl3zgQDQL4hk10IZiOe+5w99Q/gBAEIJgPhJM4QAEEoFREAIAAEiIASAkD8Qt4AQAEIAERAGFlX4CACKAXGVM4ivMwWwCLFAlyeoaa70QePKm5Dlp+/n+ye/5dYgva6YsUaVeMa+tzNFeJtWwc+udbJ0Fg399kLielQJ5Ze61c2+7ytA6EZetiPxZC6tj22yJCv6jUwOyj/zcbqAxOMyAKEbfeHtNa7DtYXptjsk2kJxR+eIeim/tHNofUKYy8DMrQcAKWz6brpvzyIAlpwPhQ49l6b7skJf5Z+YTOYQc4FwLDxvoTDwaygQK+U/kVr+ytSFBG01Q3gnJJR4cNiAhx4HDub8/b5DULXlj6SVZghFiE+LdvE9vo/o8Lp1RmH5hzm0T6wdbZ6n+D6i44zDRc3ln6CpAEJfXiRU45oqLz8gFAThWsh7ughrRibc0QynHgZpNJa/ENJ+loCwu/qOGnFIjYR/n7TfgycULhcQhu6VC+HfF+L3BoAQ4WiZTw1M+FPCnA2gKC6/FAhXgDC+ojQGh3NuWsvfF1L/D5ohlCKtl1j2ldu9a/nPAKFwN56Bst10zCG0CPleXN/zXPgHQZXaZaBgrbzyY5V/mUA+6F0hwtGN9rwu5DVZPuwWqfxdFz1LWbJ2lwKEa+0Qsm4Dl3fp+Pu0lV97PgwIPfSsS+UQhj5Oo+vvFULazRIQyvGEcxPuNLCth2MvFsrKn8UOilAQShkh7TTczYNMoS6OdP47msrPi82lXKGWhCdMZYS0bFy+vcnGAjP1CIfvgbKNA9glecEH9RD6Ol4wRuWyN/G9MHnksS6o/GPf5XcwNSUlHzQhDuAKtWJmkwKElU7lylP5rgIcsquh/FI8YZCDpkJBuE4FQm7Icw8N+SrUGaQKyi8FwiDt1ve5o+Vu7qYHy/psgK8cvh+FTYuO77bhEC7GuaPiys/L1X4IgXDL+e3M5+ovLxBy5VLuIebw1oqcHoPfoaMJUsHays878r8KbDc3xtPx/84gZPBG/JwaufrsY/SRG/OY3//8QMNdsvdZCFtbW6f8pFuf5bflILAlX7O+4fdfugKyFYS8T2zAsXthdG0VurPGKwI06oF5vkBgHWkNp6ry29+lsPZMU3vijnXFNmoclr+6+Ou/FIb8yb30sS8YGjmTqCLyQsi5N/6ZwKs0Yenj68pfPjF6N782Dp2FzV9CTyoSeY8mLK16qGxIkLI8oa1n8tz9juP40DlK0epxYEbojbq+9QfurBeVIlCO9D2396bxiV4lkYQ3hOAFw2pbhqMGISkkQOMcQ9EqhDmGZZdo92JC0YHRNTfoSg+5e0IT+opqCKHoIU+4ztQIgBD1EFNrQAgIpYSil9lDmPHqkROPt+JC6AgPquSuumJmg0YARVCuneDfvPVeJokZ6pIXDkNxQtGzTF9/BQjRG0tQznfb74RwCQghpALBtIQnfK4zhxdyQvVCUeknMIT3hLyY+T5jo0yABqKPQNpUNw/09tGZod5jgCaYFxyYvJcNPkv9eof+I3pnCFEHIETjSM8L9tHZHYCQT9PaZGycU6yg8S4akDnJ+P03L0+t23XGzCLzRgII/Wqa+fv/xlfvmKvMUOcOrlCDdoei1MGdZm6G5VEIfRzzjd4aQs69n699Rx7ewhvCGzr2gmTPs8zNsJOrXt24FbkhhOjCfT4ICA/rPbyhUy94Dks0gJCX1NzCZui9YUd3oei+c257TalFbgg19ILHrlrL2gvWgXAL26EX76gZTNASQnad8Ibwhl284NhgXpB0c+jKhWO3Ms1hP9ihJYB9eMF6qd1BCPk0qA1s+LimFIu7m4nsdQIzPK4VbQ8hYvrnuSH2G9b2ggP78QmWqBdF9Vx8SSY6QYdUW7BTA1schZATyhvY8lHvcRbNUS9YGFy2U+qmzh2YPVc0I7yAOFyHfRpyUwtCSzOdPXMHmz7qDIM0e0V2wZTEk+6Ym6N63eBLp/b5Bts+2cKCSJ/LuoZO3ANSiE5hKAZjnvNSS4931jcw9jpwT0feV/qSJ1pVtCyfHKDkvK8Ejx7pUxGh2xFNSwx8QTi2H9ceC0/nni64MS/5N5dG39pDqvRV+WgGk71c9VFXF9b+xYvOw/d61iv7m3MvEHryhvecwC52jSSx4VIIgwnMNT/UsTxIgpPt3K/ARj15CptwL3Zd/ceDSATj2DGQjbxgWwhdeMMte7zpy5On9vymRm/YxBYljGVjKWF9VJf7I1+sex3wY8w/V1QPTborW/72gkdsRDaZMJBdbdHIC7aCkAu9atlLbtnrzerMnyToDaGwelOnk3/hHSem/ZK7e/t7jeeR20LYBgqa8J80gS8jbwi5F02Uj1u2NYJxap8PLkJfLxA2hIJyvnHX/AfeEPLpBfe0uSFHbnXaea3Qd5d6HcpYZ8L6M7lnFwMQ3MNg+RxUR1+6AshtbsVgfXTEg1sIGax9UND2p7f270wdG3eK9gXVGHdw2k5sOyZv+Nbs39Z308XR9DqWb2J+PwKDhuKHPobfuXf7gnYGHdCs7bhDDadD4entDug7LWNsnRNW4mYqwJ9dk+GGSTPBiA2j0G8RWNM5upZtcG4/3vMfP7KnbK2egx6CCnDPhRn7NgD3cghLIad5WcM2SO38iqHvvMOosyeMpQ5zlVCaaj06GVs9xUbHdiKoqrHWgquFEFMWUEWfXUxJAML23hAHFOctmjZQffKD2pywkhtSGHKNtpitLroscAeE7kCkSsC60vxEl6yMtL9EL5HKGCMszU5bk8gdkklAyEn5FO0yK419rIxBOIqwFMooDE0tHEVYijAUECIshRCGIhxFWIowFJ5QkEYIS5PTJrUwNGlPyN6QQPyKtpuM1E/K5+YJDV/MiA3AaehzqgAm7QnZG9IGYKo8bHnSK7VblLL3hOwNHziPuEGOqE5brrdR6i+atCfckyeWD47HkAkepRGLY/e8A8J0gCwYSNypF08bBm+e6zVz2UL4AshhBUjML/rXLefqC82bcQFhGC9JDwZ1uuu+At0S5gCETYHsV4DUeD9fDN2Zfy5OXaW2zAwQygCzBLJ8cvaW5OXKC1FxfTggFAHmoAJnSiOw2wps9KwRWgJCLaEswaj5NqkLwAYIU4BxqTSXbHXpJdRMPZgAOiAMqABCNGYIEEJutEK5IUAIwYMDQgiCACEEAcJs1Vda7gGqDhCmoiEghAAhBAHCrKXVo2C1DCBMRlp37uMIEECoX7xrX3P5C9QiINSuIcoPAUI0YkAICLNWgfJDh4T9hH7zqYH9+JHAq7zBqWjwhPAicTVCVQJCNF50JghHocahKK0X/ZnQKyEkhSdUpzG8OgQI42qC94EQjsYLRSmH+pbgq73L6bYkeEJ4DYTYmeg1TOBFc/usTTp3V9DdEuXJ2xDCUbXhaXk0/kAYmBvuMB4qkC35E5e5AMKkwSQgyxufyuPy6fMMgAFCSI73LFXU/N8AmEL9X4ABACNSKMHAgb34AAAAAElFTkSuQmCC - mediatype: image/png - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: false - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: etcd-operator - rules: - - apiGroups: - - etcd.database.coreos.com - resources: - - etcdclusters - - etcdbackups - - etcdrestores - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - verbs: - - "*" - - apiGroups: - - "" - resources: - - secrets - verbs: - - get - deployments: - - name: etcd-operator - spec: - replicas: 1 - selector: - matchLabels: - name: etcd-operator-alm-owned - template: - metadata: - name: etcd-operator-alm-owned - labels: - name: etcd-operator-alm-owned - spec: - serviceAccountName: etcd-operator - containers: - - name: etcd-operator - command: - - etcd-operator - - --create-crd=false - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-backup-operator - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - command: - - etcd-backup-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: etcd-restore-operator - image: quay.io/coreos/etcd-operator@sha256:c0301e4686c3ed4206e370b42de5a3bd2229b9fb4906cf85f3f30650424abec2 - command: - - etcd-restore-operator - - --create-crd=false - env: - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - customresourcedefinitions: - owned: - - name: etcdclusters.etcd.database.coreos.com - version: v1beta2 - kind: EtcdCluster - displayName: etcd Cluster - description: Represents a cluster of etcd nodes. - resources: - - kind: Service - version: v1 - - kind: Pod - version: v1 - specDescriptors: - - description: The desired number of member Pods for the etcd cluster. - displayName: Size - path: size - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: pod.resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The status of each of the member Pods for the etcd cluster. - displayName: Member Status - path: members - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podStatuses' - - description: The service at which the running etcd cluster can be accessed. - displayName: Service - path: serviceName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Service' - - description: The current size of the etcd cluster. - displayName: Cluster Size - path: size - - description: The current version of the etcd cluster. - displayName: Current Version - path: currentVersion - - description: 'The target version of the etcd cluster, after upgrading.' - displayName: Target Version - path: targetVersion - - description: The current status of the etcd cluster. - displayName: Status - path: phase - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase' - - description: Explanation for the current status of the cluster. - displayName: Status Details - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdbackups.etcd.database.coreos.com - version: v1beta2 - kind: EtcdBackup - displayName: etcd Backup - description: Represents the intent to backup an etcd cluster. - specDescriptors: - - description: Specifies the endpoints of an etcd cluster. - displayName: etcd Endpoint(s) - path: etcdEndpoints - x-descriptors: - - 'urn:alm:descriptor:etcd:endpoint' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the backup was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any backup related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - name: etcdrestores.etcd.database.coreos.com - version: v1beta2 - kind: EtcdRestore - displayName: etcd Restore - description: Represents the intent to restore an etcd cluster from a backup. - specDescriptors: - - description: References the EtcdCluster which should be restored, - displayName: etcd Cluster - path: etcdCluster.name - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:EtcdCluster' - - 'urn:alm:descriptor:text' - - description: The full AWS S3 path where the backup is saved. - displayName: S3 Path - path: s3.path - x-descriptors: - - 'urn:alm:descriptor:aws:s3:path' - - description: The name of the secret object that stores the AWS credential and config files. - displayName: AWS Secret - path: s3.awsSecret - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:Secret' - statusDescriptors: - - description: Indicates if the restore was successful. - displayName: Succeeded - path: succeeded - x-descriptors: - - 'urn:alm:descriptor:text' - - description: Indicates the reason for any restore related failures. - displayName: Reason - path: reason - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes.phase:reason' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: federationv2.v0.0.2 - namespace: placeholder - spec: - displayName: FederationV2 - description: | - Kubernetes Federation V2 namespace-scoped installation - version: 0.0.2 - maturity: alpha - provider: - name: Red Hat, Inc - labels: - alm-owner-federationv2: federationv2 - alm-status-descriptors: federationv2.v0.0.2 - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: false - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: federation-controller-manager - rules: - - apiGroups: - - clusterregistry.k8s.io - resources: - - clusters - verbs: - - "*" - - apiGroups: - - core.federation.k8s.io - resources: - - "*" - verbs: - - "*" - - apiGroups: - - multiclusterdns.federation.k8s.io - resources: - - "*" - verbs: - - "*" - - apiGroups: - - scheduling.federation.k8s.io - resources: - - "*" - verbs: - - "*" - - apiGroups: - - "" - resources: - - pods - - services - - endpoints - - persistentvolumeclaims - - events - - configmaps - - secrets - verbs: - - "*" - - apiGroups: - - apps - resources: - - deployments - - daemonsets - - replicasets - - statefulsets - verbs: - - "*" - # TODO(font): use statefulset - deployments: - - name: federation-controller-manager - spec: - replicas: 1 - selector: - matchLabels: - app: federation-controller-manager - template: - metadata: - labels: - app: federation-controller-manager - spec: - containers: - - name: controller-manager - image: quay.io/kubernetes-multicluster/federation-v2:v0.0.2-rc.1 - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 100m - memory: 64Mi - command: - - /root/controller-manager - args: - - --federation-namespace=$(FEDERATION_NAMESPACE) - - --install-crds=false - - --limited-scope=true - - --registry-namespace=$(CLUSTER_REGISTRY_NAMESPACE) - imagePullPolicy: Always - env: - - name: FEDERATION_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: CLUSTER_REGISTRY_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - restartPolicy: Always - terminationGracePeriodSeconds: 5 - serviceAccountName: federation-controller-manager - serviceAccount: federation-controller-manager - customresourcedefinitions: - owned: - # TODO(font): Move Cluster CRD to required once OLM supports CSVs - # without a deployment. - - description: Represents an instance of a Cluster Registry - displayName: Cluster Registry Application - kind: Cluster - name: clusters.clusterregistry.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedCluster resource - displayName: FederatedCluster Resource - kind: FederatedCluster - name: federatedclusters.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedConfigMap resource - displayName: FederatedConfigMap Resource - kind: FederatedConfigMap - name: federatedconfigmaps.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedConfigMapOverride resource - displayName: FederatedConfigMapOverride Resource - kind: FederatedConfigMapOverride - name: federatedconfigmapoverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedConfigMapPlacement resource - displayName: FederatedConfigMapPlacement Resource - kind: FederatedConfigMapPlacement - name: federatedconfigmapplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedDeployment resource - displayName: FederatedDeployment Resource - kind: FederatedDeployment - name: federateddeployments.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedDeploymentOverride resource - displayName: FederatedDeploymentOverride Resource - kind: FederatedDeploymentOverride - name: federateddeploymentoverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedDeploymentPlacement resource - displayName: FederatedDeploymentPlacement Resource - kind: FederatedDeploymentPlacement - name: federateddeploymentplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedIngress resource - displayName: FederatedIngress Resource - kind: FederatedIngress - name: federatedingresses.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedIngressPlacement resource - displayName: FederatedIngressPlacement Resource - kind: FederatedIngressPlacement - name: federatedingressplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedJob resource - displayName: FederatedJob Resource - kind: FederatedJob - name: federatedjobs.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedJobOverride resource - displayName: FederatedJobOverride Resource - kind: FederatedJobOverride - name: federatedjoboverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedJobPlacement resource - displayName: FederatedJobPlacement Resource - kind: FederatedJobPlacement - name: federatedjobplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedNamespacePlacement resource - displayName: FederatedNamespacePlacement Resource - kind: FederatedNamespacePlacement - name: federatednamespaceplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedReplicaSet resource - displayName: FederatedReplicaSet Resource - kind: FederatedReplicaSet - name: federatedreplicasets.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedReplicaSetOverride resource - displayName: FederatedReplicaSetOverride Resource - kind: FederatedReplicaSetOverride - name: federatedreplicasetoverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedReplicaSetPlacement resource - displayName: FederatedReplicaSetPlacement Resource - kind: FederatedReplicaSetPlacement - name: federatedreplicasetplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedSecret resource - displayName: FederatedSecret Resource - kind: FederatedSecret - name: federatedsecrets.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedSecretOverride resource - displayName: FederatedSecretOverride Resource - kind: FederatedSecretOverride - name: federatedsecretoverrides.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedSecretPlacement resource - displayName: FederatedSecretPlacement Resource - kind: FederatedSecretPlacement - name: federatedsecretplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedService resource - displayName: FederatedService Resource - kind: FederatedService - name: federatedservices.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedServiceAccount resource - displayName: FederatedServiceAccount Resource - kind: FederatedServiceAccount - name: federatedserviceaccounts.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedServiceAccountPlacement resource - displayName: FederatedServiceAccountPlacement Resource - kind: FederatedServiceAccountPlacement - name: federatedserviceaccountplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederatedServicePlacement resource - displayName: FederatedServicePlacement Resource - kind: FederatedServicePlacement - name: federatedserviceplacements.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a FederationV2 sync controller - displayName: FederationV2 Push Reconciler Application - kind: FederatedTypeConfig - name: federatedtypeconfigs.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a PropagatedVersion resource - displayName: PropagatedVersion Resource - kind: PropagatedVersion - name: propagatedversions.core.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a DNSEndpoint resource - displayName: DNSEndpoint Resource - kind: DNSEndpoint - name: dnsendpoints.multiclusterdns.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a MultiClusterIngressDNSRecord resource - displayName: MultiClusterIngressDNSRecord Resource - kind: MultiClusterIngressDNSRecord - name: multiclusteringressdnsrecords.multiclusterdns.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a MultiClusterServiceDNSRecord resource - displayName: MultiClusterServiceDNSRecord Resource - kind: MultiClusterServiceDNSRecord - name: multiclusterservicednsrecords.multiclusterdns.federation.k8s.io - version: v1alpha1 - - description: Represents an instance of a ReplicaSchedulingPreference resource - displayName: ReplicaSchedulingPreference Resource - kind: ReplicaSchedulingPreference - name: replicaschedulingpreferences.scheduling.federation.k8s.io - version: v1alpha1 - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: metering-operator.v0.12.0 - namespace: placeholder - labels: - operator-metering: "true" - spec: - displayName: Metering - description: Metering can generate reports based on historical usage data from a cluster, providing accountability for how resources have been used. - keywords: [metering metrics reporting] - version: 0.12.0 - maturity: alpha - maintainers: - - email: sd-operator-metering@redhat.com - name: Red Hat - provider: - name: Red Hat - labels: - alm-owner-metering: metering-operator - alm-status-descriptors: metering-operator.v0.12.0 - selector: - matchLabels: - alm-owner-metering: metering-operator - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: false - - type: MultiNamespace - supported: false - - type: AllNamespaces - supported: false - install: - strategy: deployment - spec: - permissions: - - rules: - - apiGroups: - - metering.openshift.io - resources: - - '*' - verbs: - - '*' - - apiGroups: - - "" - resources: - - pods - - pods/attach - - pods/exec - - pods/portforward - - pods/proxy - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - configmaps - - endpoints - - persistentvolumeclaims - - replicationcontrollers - - replicationcontrollers/scale - - secrets - - serviceaccounts - - services - - services/proxy - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - "" - resources: - - bindings - - events - - limitranges - - namespaces/status - - pods/log - - pods/status - - replicationcontrollers/status - - resourcequotas - - resourcequotas/status - verbs: - - get - - list - - watch - - apiGroups: - - "" - resources: - - events - verbs: - - create - - update - - patch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - get - - list - - watch - - apiGroups: - - apps - resources: - - deployments - - deployments/rollback - - deployments/scale - - statefulsets - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - batch - resources: - - cronjobs - - jobs - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - deployments/rollback - - deployments/scale - - replicasets - - replicasets/scale - - replicationcontrollers/scale - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - rbac.authorization.k8s.io - resources: - - rolebindings - - roles - verbs: - - create - - delete - - deletecollection - - get - - list - - patch - - update - - watch - - apiGroups: - - route.openshift.io - resources: - - routes - verbs: - - create - - get - - list - - watch - - update - - delete - serviceAccountName: metering-operator - deployments: - - name: metering-operator - spec: - replicas: 1 - selector: - matchLabels: - app: metering-operator - strategy: - type: Recreate - template: - metadata: - labels: - app: metering-operator - spec: - containers: - - args: - - run-operator.sh - env: - - name: HELM_RELEASE_CRD_NAME - value: Metering - - name: HELM_RELEASE_CRD_API_GROUP - value: metering.openshift.io - - name: HELM_CHART_PATH - value: /openshift-metering-0.1.0.tgz - - name: MY_POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: MY_POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: HELM_HOST - value: 127.0.0.1:44134 - - name: HELM_WAIT - value: "false" - - name: HELM_RECONCILE_INTERVAL_SECONDS - value: "30" - - name: RELEASE_HISTORY_LIMIT - value: "3" - image: quay.io/coreos/metering-helm-operator:0.12.0 - imagePullPolicy: Always - name: metering-operator - resources: - limits: - cpu: 50m - memory: 25Mi - requests: - cpu: 50m - memory: 25Mi - - args: - - tiller - env: - - name: TILLER_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: TILLER_HISTORY_MAX - value: "3" - image: quay.io/coreos/metering-helm-operator:0.12.0 - imagePullPolicy: Always - livenessProbe: - failureThreshold: 3 - httpGet: - path: /liveness - port: 44135 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - name: tiller - readinessProbe: - failureThreshold: 3 - httpGet: - path: /readiness - port: 44135 - scheme: HTTP - initialDelaySeconds: 1 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 1 - resources: - limits: - cpu: 50m - memory: 100Mi - requests: - cpu: 50m - memory: 50Mi - restartPolicy: Always - securityContext: - runAsNonRoot: true - serviceAccount: metering-operator - terminationGracePeriodSeconds: 30 - customresourcedefinitions: - owned: - - description: An instance of Metering - displayName: Metering - kind: Metering - name: meterings.metering.openshift.io - version: v1alpha1 - - description: A table within PrestoDB - displayName: Metering Presto Table - kind: PrestoTable - name: prestotables.metering.openshift.io - version: v1alpha1 - - description: A resource describing a source of data for usage by Report Generation - Queries - displayName: Metering data source - kind: ReportDataSource - name: reportdatasources.metering.openshift.io - version: v1alpha1 - - description: A SQL query used by Metering to generate reports - displayName: Metering generation query - kind: ReportGenerationQuery - name: reportgenerationqueries.metering.openshift.io - version: v1alpha1 - - description: A Prometheus query by Metering to do metering - displayName: Metering prometheus query - kind: ReportPrometheusQuery - name: reportprometheusqueries.metering.openshift.io - version: v1alpha1 - - description: A metering report for a specific time interval - displayName: Metering Report - kind: Report - name: reports.metering.openshift.io - version: v1alpha1 - - description: Represents a configurable storage location for Metering to store metering - and report data - displayName: Metering storage location - kind: StorageLocation - name: storagelocations.metering.openshift.io - version: v1alpha1 - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: prometheusoperator.0.14.0 - namespace: placeholder - spec: - displayName: Prometheus - description: | - An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. - - _The Prometheus Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Monitoring applications - - Prometheus scrapes your application metrics based on targets maintained in a ServiceMonitor object. When alerts need to be sent, they are processsed by an AlertManager. - - [Read the complete guide to monitoring applications with the Prometheus Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/prometheus-ocs.html) - - ## Supported Features - - **High availability** - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - **Updates via automated operations** - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - **Handles the dynamic nature of containers** - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator Source Code - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.14.0 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: false - - type: AllNamespaces - supported: true - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-14-0 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: ["get", "list"] - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - servicemonitors - verbs: - - "*" - - apiGroups: - - apps - resources: - - statefulsets - verbs: ["*"] - - apiGroups: [""] - resources: - - configmaps - - secrets - verbs: ["*"] - - apiGroups: [""] - resources: - - pods - verbs: ["list", "delete"] - - apiGroups: [""] - resources: - - services - - endpoints - verbs: ["get", "create", "update"] - - apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] - - apiGroups: [""] - resources: - - namespaces - verbs: ['list'] - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-14-0 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:5037b4e90dbb03ebdefaa547ddf6a1f748c8eeebeedf6b9d9f0913ad662b5731 - command: - - sh - - -c - - > - /bin/operator --namespace=$K8S_NAMESPACE --crd-apigroup monitoring.coreos.com - --labels alm-status-descriptors=prometheusoperator.0.14.0,alm-owner-prometheus=prometheusoperator - --kubelet-service=kube-system/kubelet - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - maturity: alpha - version: 0.14.0 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:monitoring.coreos.com:v1:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Define resources requests and limits for single Pods - displayName: Resource Request - path: resources.requests - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The current number of Pods for the cluster - displayName: Cluster Size - path: replicas - - path: prometheusSelector - displayName: Prometheus Service Selector - description: Label selector to find the service that routes to this prometheus - x-descriptors: - - 'urn:alm:descriptor:label:selector' - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Selector to select which namespaces the Endpoints objects are discovered from - displayName: Monitoring Namespaces - path: namespaceSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:namespaceSelector' - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alert Manager - description: Configures an Alert Manager for the namespace - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: prometheusoperator.0.15.0 - namespace: placeholder - annotations: - tectonic-visibility: ocs - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v1.7.0","serviceAccountName":"prometheus-k8s","serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"resources":{"requests":{"memory":"400Mi"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus","prometheus":"k8s"}},"namespaceSelector":{"matchNames":["monitoring"]},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3}}]' - spec: - replaces: prometheusoperator.0.14.0 - displayName: Prometheus - description: | - An open-source monitoring system with a dimensional data model, flexible query language, efficient time series database and modern alerting approach. - - _The Prometheus Open Cloud Service is Public Alpha. The goal before Beta is for additional user testing and minor bug fixes._ - - ### Monitoring applications - - Prometheus scrapes your application metrics based on targets maintained in a ServiceMonitor object. When alerts need to be sent, they are processsed by an AlertManager. - - [Read the complete guide to monitoring applications with the Prometheus Open Cloud Service](https://coreos.com/tectonic/docs/latest/alm/prometheus-ocs.html) - - ### Supported Features - - - **High availability** - - - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - - - **Updates via automated operations** - - - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - - - **Handles the dynamic nature of containers** - - - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: CoreOS, Inc - email: support@coreos.com - - provider: - name: CoreOS, Inc - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator Source Code - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.15.0 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: false - - type: AllNamespaces - supported: true - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-14-0 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: ["get", "list"] - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - servicemonitors - verbs: - - "*" - - apiGroups: - - apps - resources: - - statefulsets - verbs: ["*"] - - apiGroups: [""] - resources: - - configmaps - - secrets - verbs: ["*"] - - apiGroups: [""] - resources: - - pods - verbs: ["list", "delete"] - - apiGroups: [""] - resources: - - services - - endpoints - verbs: ["get", "create", "update"] - - apiGroups: [""] - resources: - - nodes - verbs: ["list", "watch"] - - apiGroups: [""] - resources: - - namespaces - verbs: ['list'] - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-14-0 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:0e92dd9b5789c4b13d53e1319d0a6375bcca4caaf0d698af61198061222a576d - command: - - sh - - -c - - > - /bin/operator --namespace=$K8S_NAMESPACE --crd-apigroup monitoring.coreos.com - --labels alm-status-descriptors=prometheusoperator.0.15.0,alm-owner-prometheus=prometheusoperator - --kubelet-service=kube-system/kubelet - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - maturity: alpha - version: 0.15.0 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:monitoring.coreos.com:v1:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - statusDescriptors: - - description: The current number of Pods for the cluster - displayName: Cluster Size - path: replicas - - path: prometheusSelector - displayName: Prometheus Service Selector - description: Label selector to find the service that routes to this prometheus - x-descriptors: - - 'urn:alm:descriptor:label:selector' - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: Selector to select which namespaces the Endpoints objects are discovered from - displayName: Monitoring Namespaces - path: namespaceSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:namespaceSelector' - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alert Manager - description: Configures an Alert Manager for the namespace - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: prometheusoperator.0.22.2 - namespace: placeholder - annotations: - alm-examples: '[{"apiVersion":"monitoring.coreos.com/v1","kind":"Prometheus","metadata":{"name":"example","labels":{"prometheus":"k8s"}},"spec":{"replicas":2,"version":"v2.3.2","serviceAccountName":"prometheus-k8s","securityContext": {}, "serviceMonitorSelector":{"matchExpressions":[{"key":"k8s-app","operator":"Exists"}]},"ruleSelector":{"matchLabels":{"role":"prometheus-rulefiles","prometheus":"k8s"}},"alerting":{"alertmanagers":[{"namespace":"monitoring","name":"alertmanager-main","port":"web"}]}}},{"apiVersion":"monitoring.coreos.com/v1","kind":"ServiceMonitor","metadata":{"name":"example","labels":{"k8s-app":"prometheus"}},"spec":{"selector":{"matchLabels":{"k8s-app":"prometheus"}},"endpoints":[{"port":"web","interval":"30s"}]}},{"apiVersion":"monitoring.coreos.com/v1","kind":"Alertmanager","metadata":{"name":"alertmanager-main"},"spec":{"replicas":3, "securityContext": {}}}]' - spec: - replaces: prometheusoperator.0.15.0 - displayName: Prometheus Operator - description: | - The Prometheus Operator for Kubernetes provides easy monitoring definitions for Kubernetes services and deployment and management of Prometheus instances. - - Once installed, the Prometheus Operator provides the following features: - - * **Create/Destroy**: Easily launch a Prometheus instance for your Kubernetes namespace, a specific application or team easily using the Operator. - - * **Simple Configuration**: Configure the fundamentals of Prometheus like versions, persistence, retention policies, and replicas from a native Kubernetes resource. - - * **Target Services via Labels**: Automatically generate monitoring target configurations based on familiar Kubernetes label queries; no need to learn a Prometheus specific configuration language. - - ### Other Supported Features - - **High availability** - - Multiple instances are run across failure zones and data is replicated. This keeps your monitoring available during an outage, when you need it most. - - **Updates via automated operations** - - New Prometheus versions are deployed using a rolling update with no downtime, making it easy to stay up to date. - - **Handles the dynamic nature of containers** - - Alerting rules are attached to groups of containers instead of individual instances, which is ideal for the highly dynamic nature of container deployment. - - keywords: ['prometheus', 'monitoring', 'tsdb', 'alerting'] - - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - - provider: - name: Red Hat - - links: - - name: Prometheus - url: https://www.prometheus.io/ - - name: Documentation - url: https://coreos.com/operators/prometheus/docs/latest/ - - name: Prometheus Operator - url: https://github.com/coreos/prometheus-operator - - labels: - alm-status-descriptors: prometheusoperator.0.22.2 - alm-owner-prometheus: prometheusoperator - - selector: - matchLabels: - alm-owner-prometheus: prometheusoperator - - icon: - - base64data: PHN2ZyB3aWR0aD0iMjQ5MCIgaGVpZ2h0PSIyNTAwIiB2aWV3Qm94PSIwIDAgMjU2IDI1NyIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiBwcmVzZXJ2ZUFzcGVjdFJhdGlvPSJ4TWlkWU1pZCI+PHBhdGggZD0iTTEyOC4wMDEuNjY3QzU3LjMxMS42NjcgMCA1Ny45NzEgMCAxMjguNjY0YzAgNzAuNjkgNTcuMzExIDEyNy45OTggMTI4LjAwMSAxMjcuOTk4UzI1NiAxOTkuMzU0IDI1NiAxMjguNjY0QzI1NiA1Ny45NyAxOTguNjg5LjY2NyAxMjguMDAxLjY2N3ptMCAyMzkuNTZjLTIwLjExMiAwLTM2LjQxOS0xMy40MzUtMzYuNDE5LTMwLjAwNGg3Mi44MzhjMCAxNi41NjYtMTYuMzA2IDMwLjAwNC0zNi40MTkgMzAuMDA0em02MC4xNTMtMzkuOTRINjcuODQyVjE3OC40N2gxMjAuMzE0djIxLjgxNmgtLjAwMnptLS40MzItMzMuMDQ1SDY4LjE4NWMtLjM5OC0uNDU4LS44MDQtLjkxLTEuMTg4LTEuMzc1LTEyLjMxNS0xNC45NTQtMTUuMjE2LTIyLjc2LTE4LjAzMi0zMC43MTYtLjA0OC0uMjYyIDE0LjkzMyAzLjA2IDI1LjU1NiA1LjQ1IDAgMCA1LjQ2NiAxLjI2NSAxMy40NTggMi43MjItNy42NzMtOC45OTQtMTIuMjMtMjAuNDI4LTEyLjIzLTMyLjExNiAwLTI1LjY1OCAxOS42OC00OC4wNzkgMTIuNTgtNjYuMjAxIDYuOTEuNTYyIDE0LjMgMTQuNTgzIDE0LjggMzYuNTA1IDcuMzQ2LTEwLjE1MiAxMC40Mi0yOC42OSAxMC40Mi00MC4wNTYgMC0xMS43NjkgNy43NTUtMjUuNDQgMTUuNTEyLTI1LjkwNy02LjkxNSAxMS4zOTYgMS43OSAyMS4xNjUgOS41MyA0NS40IDIuOTAyIDkuMTAzIDIuNTMyIDI0LjQyMyA0Ljc3MiAzNC4xMzguNzQ0LTIwLjE3OCA0LjIxMy00OS42MiAxNy4wMTQtNTkuNzg0LTUuNjQ3IDEyLjguODM2IDI4LjgxOCA1LjI3IDM2LjUxOCA3LjE1NCAxMi40MjQgMTEuNDkgMjEuODM2IDExLjQ5IDM5LjYzOCAwIDExLjkzNi00LjQwNyAyMy4xNzMtMTEuODQgMzEuOTU4IDguNDUyLTEuNTg2IDE0LjI4OS0zLjAxNiAxNC4yODktMy4wMTZsMjcuNDUtNS4zNTVjLjAwMi0uMDAyLTMuOTg3IDE2LjQwMS0xOS4zMTQgMzIuMTk3eiIgZmlsbD0iI0RBNEUzMSIvPjwvc3ZnPg== - mediatype: image/svg+xml - - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: false - - type: AllNamespaces - supported: true - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: prometheus-k8s - rules: - - apiGroups: [""] - resources: - - nodes - - services - - endpoints - - pods - verbs: ["get", "list", "watch"] - - apiGroups: [""] - resources: - - configmaps - verbs: ["get"] - - serviceAccountName: prometheus-operator-0-22-2 - rules: - - apiGroups: - - apiextensions.k8s.io - resources: - - customresourcedefinitions - verbs: - - '*' - - apiGroups: - - monitoring.coreos.com - resources: - - alertmanagers - - prometheuses - - prometheuses/finalizers - - alertmanagers/finalizers - - servicemonitors - - prometheusrules - verbs: - - '*' - - apiGroups: - - apps - resources: - - statefulsets - verbs: - - '*' - - apiGroups: - - "" - resources: - - configmaps - - secrets - verbs: - - '*' - - apiGroups: - - "" - resources: - - pods - verbs: - - list - - delete - - apiGroups: - - "" - resources: - - services - - endpoints - verbs: - - get - - create - - update - - apiGroups: - - "" - resources: - - nodes - verbs: - - list - - watch - - apiGroups: - - "" - resources: - - namespaces - verbs: - - list - - watch - deployments: - - name: prometheus-operator - spec: - replicas: 1 - selector: - matchLabels: - k8s-app: prometheus-operator - template: - metadata: - labels: - k8s-app: prometheus-operator - spec: - serviceAccount: prometheus-operator-0-22-2 - containers: - - name: prometheus-operator - image: quay.io/coreos/prometheus-operator@sha256:3daa69a8c6c2f1d35dcf1fe48a7cd8b230e55f5229a1ded438f687debade5bcf - args: - - -namespace=$(K8S_NAMESPACE) - - -manage-crds=false - - -logtostderr=true - - --config-reloader-image=quay.io/coreos/configmap-reload:v0.0.1 - - --prometheus-config-reloader=quay.io/coreos/prometheus-config-reloader:v0.22.2 - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - ports: - - containerPort: 8080 - name: http - resources: - limits: - cpu: 200m - memory: 100Mi - requests: - cpu: 100m - memory: 50Mi - securityContext: - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - nodeSelector: - beta.kubernetes.io/os: linux - maturity: beta - version: 0.22.2 - customresourcedefinitions: - owned: - - name: prometheuses.monitoring.coreos.com - version: v1 - kind: Prometheus - displayName: Prometheus - description: A running Prometheus instance - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - - kind: ConfigMap - version: v1 - - kind: Service - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: A selector for the ConfigMaps from which to load rule files - displayName: Rule Config Map Selector - path: ruleSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:core:v1:ConfigMap' - - description: ServiceMonitors to be selected for target discovery - displayName: Service Monitor Selector - path: serviceMonitorSelector - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:selector:monitoring.coreos.com:v1:ServiceMonitor' - - description: The ServiceAccount to use to run the Prometheus pods - displayName: Service Account - path: serviceAccountName - x-descriptors: - - 'urn:alm:descriptor:io.kubernetes:ServiceAccount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - name: prometheusrules.monitoring.coreos.com - version: v1 - kind: PrometheusRule - displayName: Prometheus Rule - description: A Prometheus Rule configures groups of sequentially evaluated recording and alerting rules. - - name: servicemonitors.monitoring.coreos.com - version: v1 - kind: ServiceMonitor - displayName: Service Monitor - description: Configures prometheus to monitor a particular k8s service - resources: - - kind: Pod - version: v1 - specDescriptors: - - description: The label to use to retrieve the job name from - displayName: Job Label - path: jobLabel - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:label' - - description: A list of endpoints allowed as part of this ServiceMonitor - displayName: Endpoints - path: endpoints - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:endpointList' - - name: alertmanagers.monitoring.coreos.com - version: v1 - kind: Alertmanager - displayName: Alertmanager - description: Configures an Alertmanager for the namespace - resources: - - kind: StatefulSet - version: v1beta2 - - kind: Pod - version: v1 - - kind: Service - version: v1 - specDescriptors: - - description: Desired number of Pods for the cluster - displayName: Size - path: replicas - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:podCount' - - description: Limits describes the minimum/maximum amount of compute resources required/allowed - displayName: Resource Requirements - path: resources - x-descriptors: - - 'urn:alm:descriptor:com.tectonic.ui:resourceRequirements' - - - #! validate-crd: deploy/chart/templates/0000_30_02-clusterserviceversion.crd.yaml - #! parse-kind: ClusterServiceVersion - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: svcat.v0.1.34 - namespace: placeholder - spec: - displayName: Service Catalog - description: Service Catalog lets you provision cloud services directly from the comfort of native Kubernetes tooling. This project is in incubation to bring integration with service brokers to the Kubernetes ecosystem via the Open Service Broker API. - keywords: ['catalog', 'service', 'svcat', 'osb', 'broker'] - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - provider: - name: Red Hat - links: - - name: Documentation - url: https://svc-cat.io/docs - - name: Service Catalog - url: https://github.com/kubernetes-incubator/service-catalog - - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: false - - type: AllNamespaces - supported: true - - install: - strategy: deployment - spec: - permissions: - - serviceAccountName: service-catalog-controller - rules: - - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["cluster-info"] - verbs: ["get","create","list","watch","update"] - - apiGroups: [""] - resources: ["configmaps"] - verbs: ["create", "list", "watch", "get", "update"] - - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["service-catalog-controller-manager"] - verbs: ["get","update"] - clusterPermissions: - - serviceAccountName: service-catalog-controller - rules: - - apiGroups: [""] - resources: ["events"] - verbs: ["create","patch","update"] - - apiGroups: [""] - resources: ["secrets"] - verbs: ["get","create","update","delete","list","watch","patch"] - - apiGroups: [""] - resources: ["pods"] - verbs: ["get","list","update", "patch", "watch", "delete", "initialize"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get","list","watch"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["clusterserviceclasses"] - verbs: ["get","list","watch","create","patch","update","delete"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["clusterserviceplans"] - verbs: ["get","list","watch","create","patch","update","delete"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["clusterservicebrokers"] - verbs: ["get","list","watch"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["serviceinstances","servicebindings"] - verbs: ["get","list","watch", "update"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["clusterservicebrokers/status","clusterserviceclasses/status","clusterserviceplans/status","serviceinstances/status","serviceinstances/reference","servicebindings/status","servicebindings/finalizers"] - verbs: ["update"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["serviceclasses"] - verbs: ["get","list","watch","create","patch","update","delete"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["serviceplans"] - verbs: ["get","list","watch","create","patch","update","delete"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["servicebrokers"] - verbs: ["get","list","watch"] - - apiGroups: ["servicecatalog.k8s.io"] - resources: ["servicebrokers/status","serviceclasses/status","serviceplans/status"] - verbs: ["update"] - - serviceAccountName: service-catalog-apiserver - rules: - - apiGroups: [""] - resources: ["configmaps"] - resourceNames: ["extension-apiserver-authentication"] - verbs: ["get"] - - apiGroups: [""] - resources: ["namespaces"] - verbs: ["get", "list", "watch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["validatingwebhookconfigurations"] - verbs: ["get", "list", "watch"] - - apiGroups: ["admissionregistration.k8s.io"] - resources: ["mutatingwebhookconfigurations"] - verbs: ["get", "list", "watch"] - - apiGroups: ["authentication.k8s.io"] - resources: ["tokenreviews"] - verbs: ["create"] - - apiGroups: ["authorization.k8s.io"] - resources: ["subjectaccessreviews"] - verbs: ["create"] - deployments: - - name: apiserver - spec: - replicas: 1 - strategy: - type: RollingUpdate - selector: - matchLabels: - app: apiserver - template: - metadata: - labels: - app: apiserver - spec: - serviceAccountName: service-catalog-apiserver - containers: - - name: apiserver - image: quay.io/openshift/origin-service-catalog:v4.0.0 - imagePullPolicy: IfNotPresent - command: ["/usr/bin/service-catalog"] - resources: - limits: - cpu: 100m - memory: 140Mi - requests: - cpu: 100m - memory: 40Mi - args: - - apiserver - - --enable-admission-plugins - - "NamespaceLifecycle,DefaultServicePlan,ServiceBindingsLifecycle,ServicePlanChangeValidator,BrokerAuthSarCheck" - - --secure-port - - "5443" - - --etcd-servers - - http://localhost:2379 - - -v - - "3" - - --feature-gates - - OriginatingIdentity=true - - --feature-gates - - NamespacedServiceBroker=true - ports: - - containerPort: 5443 - volumeMounts: - - name: apiservice-cert - mountPath: /var/run/kubernetes-service-catalog - readinessProbe: - httpGet: - port: 5443 - path: /healthz - scheme: HTTPS - failureThreshold: 1 - initialDelaySeconds: 30 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - livenessProbe: - httpGet: - port: 5443 - path: /healthz - scheme: HTTPS - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - - name: etcd - image: quay.io/coreos/etcd:latest - imagePullPolicy: Always - resources: - limits: - cpu: 100m - memory: 150Mi - requests: - cpu: 100m - memory: 50Mi - env: - - name: ETCD_DATA_DIR - value: /etcd-data-dir - command: - - /usr/local/bin/etcd - - --listen-client-urls - - http://0.0.0.0:2379 - - --advertise-client-urls - - http://localhost:2379 - ports: - - containerPort: 2379 - volumeMounts: - - name: etcd-data-dir - mountPath: /etcd-data-dir - readinessProbe: - httpGet: - port: 2379 - path: /health - failureThreshold: 1 - initialDelaySeconds: 30 - periodSeconds: 5 - successThreshold: 1 - timeoutSeconds: 5 - livenessProbe: - httpGet: - port: 2379 - path: /health - failureThreshold: 3 - initialDelaySeconds: 30 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 - volumes: - - name: etcd-data-dir - emptyDir: {} - - name: controller-manager - spec: - replicas: 1 - strategy: - type: RollingUpdate - selector: - matchLabels: - app: controller-manager - template: - metadata: - labels: - app: controller-manager - spec: - serviceAccountName: service-catalog-controller - containers: - - name: controller-manager - image: quay.io/openshift/origin-service-catalog:v4.0.0 - imagePullPolicy: IfNotPresent - command: ["/usr/bin/service-catalog"] - resources: - limits: - cpu: 100m - memory: 150Mi - requests: - cpu: 100m - memory: 100Mi - env: - - name: K8S_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - args: - - controller-manager - - --secure-port - - "8444" - - -v - - "3" - - --leader-election-namespace - - kube-service-catalog - - --leader-elect-resource-lock - - configmaps - - --cluster-id-configmap-namespace=kube-service-catalog - - --broker-relist-interval - - "5m" - - --feature-gates - - "OriginatingIdentity=true" - - --feature-gates - - "AsyncBindingOperations=true" - - --feature-gates - - "NamespacedServiceBroker=true" - ports: - - containerPort: 8444 - readinessProbe: - httpGet: - port: 8444 - path: /healthz - scheme: HTTPS - failureThreshold: 1 - initialDelaySeconds: 20 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - livenessProbe: - httpGet: - port: 8444 - path: /healthz - scheme: HTTPS - failureThreshold: 3 - initialDelaySeconds: 20 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 - # The following apiservice-cert is borrowed from the apiservice - it should be - # replaced with one specific for the controller manager. How to create service - # for controller manager?? - volumeMounts: - - name: apiservice-cert - mountPath: /var/run/kubernetes-service-catalog - volumes: - - name: apiservice-cert - secret: - defaultMode: 420 - items: - - key: tls.crt - path: apiserver.crt - - key: tls.key - path: apiserver.key - secretName: v1beta1.servicecatalog.k8s.io-cert - maturity: alpha - version: 0.1.34 - apiservicedefinitions: - owned: - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ClusterServiceClass - name: clusterserviceclasses - displayName: ClusterServiceClass - description: A service catalog resource - deploymentName: apiserver - containerPort: 5443 - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ClusterServicePlan - name: clusterserviceplans - displayName: ClusterServicePlan - description: A service catalog resource - deploymentName: apiserver - containerPort: 5443 - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ClusterServiceBroker - name: clusterservicebrokers - displayName: ClusterServiceBroker - description: A service catalog resource - deploymentName: apiserver - containerPort: 5443 - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ServiceInstance - name: serviceinstances - displayName: ServiceInstance - description: A service catalog resource - deploymentName: apiserver - containerPort: 5443 - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ServiceBinding - name: servicebindings - displayName: ServiceBinding - description: A service catalog resource - deploymentName: apiserver - containerPort: 5443 - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ServiceClass - name: serviceclasses - displayName: ServiceClass - description: A service catalog resource - deploymentName: apiserver - containerPort: 5443 - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ServicePlan - name: serviceplans - displayName: ServicePlan - description: A service catalog resource - deploymentName: apiserver - containerPort: 5443 - - group: servicecatalog.k8s.io - version: v1beta1 - kind: ServiceBroker - name: servicebrokers - displayName: ServiceBroker - description: A service catalog resource - deploymentName: apiserver - containerPort: 5443 - - packages: |- - - #! package-manifest: deploy/chart/catalog_resources/rh-operators/amq-streams.v1.0.0.clusterserviceversion.yaml - packageName: amq-streams - channels: - - name: preview - currentCSV: amqstreams.v1.0.0.beta - - - #! package-manifest: ./deploy/chart/catalog_resources/rh-operators/clusterlogging.v0.0.1.clusterserviceversion.yaml - packageName: cluster-logging - channels: - - name: preview - currentCSV: clusterlogging.v0.0.1 - - - packageName: descheduler - channels: - - name: alpha - currentCSV: descheduler.v0.0.1 - - - #! package-manifest: deploy/chart/catalog_resources/rh-operators/etcdoperator.v0.9.2.clusterserviceversion.yaml - packageName: etcd - channels: - - name: alpha - currentCSV: etcdoperator.v0.9.2 - - - packageName: federationv2 - channels: - - name: alpha - currentCSV: federationv2.v0.0.2 - - - #! package-manifest: deploy/chart/catalog_resources/rh-operators/metering-operator.v0.12.0.clusterserviceversion.yaml - packageName: metering - channels: - - name: alpha - currentCSV: metering-operator.v0.12.0 - - - #! package-manifest: deploy/chart/catalog_resources/rh-operators/prometheusoperator.0.22.2.clusterserviceversion.yaml - packageName: prometheus - channels: - - name: preview - currentCSV: prometheusoperator.0.22.2 - - - #! package-manifest: deploy/chart/catalog_resources/rh-operators/svcat.v0.1.34.clusterserviceversion.yaml - packageName: svcat - channels: - - name: alpha - currentCSV: svcat.v0.1.34 - - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_09-rh-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_09-rh-operators.catalogsource.yaml deleted file mode 100644 index cf3f008840..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_09-rh-operators.catalogsource.yaml +++ /dev/null @@ -1,16 +0,0 @@ -##--- -# Source: olm/templates/0000_30_09-rh-operators.catalogsource.yaml - -#! validate-crd: ./deploy/chart/templates/05-catalogsource.crd.yaml -#! parse-kind: CatalogSource -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: rh-operators - namespace: olm -spec: - sourceType: internal - configMap: rh-operators - displayName: Red Hat Operators - publisher: Red Hat - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_10-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_10-olm-operator.deployment.yaml deleted file mode 100644 index aaa0573b08..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_10-olm-operator.deployment.yaml +++ /dev/null @@ -1,46 +0,0 @@ -##--- -# Source: olm/templates/0000_30_10-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: olm - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - args: - image: quay.io/coreos/olm@sha256:1639d570809c5827810a1870763016e8c046283632d47e0b47183c82f8e515f2 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - env: - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_11-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_11-catalog-operator.deployment.yaml deleted file mode 100644 index 5aae853809..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_11-catalog-operator.deployment.yaml +++ /dev/null @@ -1,41 +0,0 @@ -##--- -# Source: olm/templates/0000_30_11-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: olm - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - args: - - '-namespace' - - olm - image: quay.io/coreos/olm@sha256:1639d570809c5827810a1870763016e8c046283632d47e0b47183c82f8e515f2 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_12-aggregated.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_12-aggregated.clusterrole.yaml deleted file mode 100644 index e91d70cb0a..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_12-aggregated.clusterrole.yaml +++ /dev/null @@ -1,26 +0,0 @@ -##--- -# Source: olm/templates/0000_30_12-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "packagemanifests"] - verbs: ["create", "update", "patch", "delete"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "view" default roles - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "packagemanifests"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_13-operatorgroup.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_13-operatorgroup.crd.yaml deleted file mode 100644 index 995ab2e07e..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_13-operatorgroup.crd.yaml +++ /dev/null @@ -1,86 +0,0 @@ -##--- -# Source: olm/templates/0000_30_13-operatorgroup.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: operatorgroups.operators.coreos.com -spec: - group: operators.coreos.com - version: v1alpha2 - versions: - - name: v1alpha2 - served: true - storage: true - names: - plural: operatorgroups - singular: operatorgroup - kind: OperatorGroup - listKind: OperatorGroupList - shortNames: - - og - categories: - - olm - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - selector: - type: object - description: Label selector to find resources associated with or managed by the operator - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - targetNamespaces: - type: array - items: - type: string - pattern: ^\S+$ - serviceAccountName: - type: string - type: object - status: - properties: - lastUpdated: - format: date-time - type: string - namespaces: - items: - type: string - type: array - required: - - namespaces - - lastUpdated - type: object - required: - - metadata diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_14-olm-operators.configmap.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_14-olm-operators.configmap.yaml deleted file mode 100644 index 78a3d910e0..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_14-olm-operators.configmap.yaml +++ /dev/null @@ -1,128 +0,0 @@ -##--- -# Source: olm/templates/0000_30_14-olm-operators.configmap.yaml -kind: ConfigMap -apiVersion: v1 -metadata: - name: olm-operators - namespace: olm - -data: - customResourceDefinitions: |- - clusterServiceVersions: |- - - - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: packageserver.v0.8.0 - namespace: olm - spec: - displayName: Package Server - description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion. - keywords: ['packagemanifests', 'olm', 'packages'] - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - provider: - name: Red Hat - links: - - name: Package Server - url: https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/packageserver - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: true - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - clusterPermissions: - - serviceAccountName: packageserver - rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "operators.coreos.com" - resources: - - catalogsources - verbs: - - get - - list - - watch - - apiGroups: - - "packages.apps.redhat.com" - resources: - - packagemanifests - verbs: - - get - - list - - watch - - create - - delete - - patch - - update - deployments: - - name: packageserver - spec: - replicas: 1 - strategy: - type: RollingUpdate - selector: - matchLabels: - app: packageserver - template: - metadata: - labels: - app: packageserver - spec: - serviceAccountName: packageserver - containers: - - name: packageserver - command: - - /bin/package-server - - -v=4 - - --secure-port - - "5443" - - --global-namespace - - olm - image: quay.io/coreos/olm@sha256:1639d570809c5827810a1870763016e8c046283632d47e0b47183c82f8e515f2 - imagePullPolicy: Always - ports: - - containerPort: 5443 - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - maturity: alpha - version: 0.8.0 - apiservicedefinitions: - owned: - - group: packages.apps.redhat.com - version: v1alpha1 - kind: PackageManifest - displayName: PackageManifest - description: A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps - deploymentName: packageserver - containerPort: 5443 - packages: |- - - - packageName: packageserver - channels: - - name: alpha - currentCSV: packageserver.v0.8.0 - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_15-olm-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_15-olm-operators.catalogsource.yaml deleted file mode 100644 index 7f50890e57..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_15-olm-operators.catalogsource.yaml +++ /dev/null @@ -1,14 +0,0 @@ -##--- -# Source: olm/templates/0000_30_15-olm-operators.catalogsource.yaml -#! validate-crd: ./deploy/chart/templates/05-catalogsource.crd.yaml -#! parse-kind: CatalogSource -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: olm-operators - namespace: olm -spec: - sourceType: internal - configMap: olm-operators - displayName: OLM Operators - publisher: Red Hat diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_16-operatorgroup-default.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_16-operatorgroup-default.yaml deleted file mode 100644 index bd30009a81..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_16-operatorgroup-default.yaml +++ /dev/null @@ -1,16 +0,0 @@ -##--- -# Source: olm/templates/0000_30_16-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1alpha2 -kind: OperatorGroup -metadata: - name: global-operators - namespace: operators ---- -apiVersion: operators.coreos.com/v1alpha2 -kind: OperatorGroup -metadata: - name: olm-operators - namespace: olm -spec: - targetNamespaces: - - olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_17-packageserver.subscription.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_17-packageserver.subscription.yaml deleted file mode 100644 index 301e02cc54..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.0/0000_30_17-packageserver.subscription.yaml +++ /dev/null @@ -1,14 +0,0 @@ -##--- -# Source: olm/templates/0000_30_17-packageserver.subscription.yaml -#! validate-crd: ./deploy/chart/templates/04-subscription.crd.yaml -#! parse-kind: Subscription -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - name: packageserver - namespace: olm -spec: - source: olm-operators - sourceNamespace: olm - name: packageserver - channel: alpha diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_00-namespace.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_00-namespace.yaml deleted file mode 100644 index e86d3aae1f..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_00-namespace.yaml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: olm - labels: - openshift.io/run-level: "1" ---- -apiVersion: v1 -kind: Namespace -metadata: - name: operators - labels: - openshift.io/run-level: "1" diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_01-olm-operator.serviceaccount.yaml deleted file mode 100644 index 1a2e303d86..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] ---- -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-olm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_02-clusterserviceversion.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_02-clusterserviceversion.crd.yaml deleted file mode 100644 index 3a8453efe7..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_02-clusterserviceversion.crd.yaml +++ /dev/null @@ -1,767 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_02-clusterserviceversion.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterserviceversions.operators.coreos.com - annotations: - displayName: Operator Version - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. -spec: - names: - plural: clusterserviceversions - singular: clusterserviceversion - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - shortNames: - - csv - - csvs - categories: - - olm - additionalPrinterColumns: - - name: Display - type: string - description: The name of the CSV - JSONPath: .spec.displayName - - name: Version - type: string - description: The version of the CSV - JSONPath: .spec.version - - name: Replaces - type: string - description: The name of a CSV that this one replaces - JSONPath: .spec.replaces - - name: Phase - type: string - JSONPath: .status.phase - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for a ClusterServiceVersion - required: - - displayName - - install - properties: - displayName: - type: string - description: Human readable name of the application that will be displayed in the ALM UI - - description: - type: string - description: Human readable description of what the application does - - minKubeVersion: - type: string - description: Minimum kubernetes version requirement on the server to deploy operator - pattern: ^\bv?(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - keywords: - type: array - description: List of keywords which will be used to discover and categorize app types - items: - type: string - - maintainers: - type: array - description: Those responsible for the creation of this specific app type - items: - type: object - description: Information for a single maintainer - required: - - name - - email - properties: - name: - type: string - description: Maintainer's name - email: - type: string - description: Maintainer's email address - format: email - optionalProperties: - type: string - description: "Any additional key-value metadata you wish to expose about the maintainer, e.g. github: " - - links: - type: array - description: Interesting links to find more information about the project, such as marketing page, documentation, or github page - items: - type: object - description: A single link to describe one aspect of the project - required: - - name - - url - properties: - name: - type: string - description: Name of the link type, e.g. homepage or github url - url: - type: string - description: URL to which the link should point - format: uri - - icon: - type: array - description: Icon which should be rendered with the application information - items: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - description: Base64 binary representation of the icon image - mediatype: - type: string - description: Mediatype for the binary data specified in the base64data property - enum: - - image/gif - - image/jpeg - - image/png - - image/svg+xml - version: - type: string - description: Version string, recommended that users use semantic versioning - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - replaces: - type: string - description: Name of the ClusterServiceVersion custom resource that this version replaces - - maturity: - type: string - description: What level of maturity the software has achieved at this version - enum: - - planning - - pre-alpha - - alpha - - beta - - stable - - mature - - inactive - - deprecated - labels: - type: object - description: Labels that will be applied to associated resources created by the operator. - selector: - type: object - description: Label selector to find resources associated with or managed by the operator - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - nativeAPIs: - type: array - description: What resources are required by the Operator, but must be provided by the underlying cluster and not as an extension. - items: - type: object - required: - - group - - version - - kind - properties: - group: - type: string - description: Group of the API resource - version: - type: string - description: Version of the API resource - kind: - type: string - description: Kind of the API resource - apiservicedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - name - - deploymentName - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - name: - type: string - description: The plural name for the APIService provided - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the APIService - required: - - kind - - version - properties: - name: - type: string - description: If a APIService, the fully qualified name of the APIService (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the API resource and can be found here instead of on the API resource. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the APIService resource. - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this spec is the same for all instances of the API Resource and can be found here instead of on the API resource. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - description: If present, the value of this action is the same for all instances of the API resource and can be found here instead of on the API resource. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - name - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - name: - type: string - description: The plural name for the APIService provided - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the APIService - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API Resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the API Resource and can be found here instead of on the API Resource. - - customresourcedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the CRD - required: - - kind - - version - properties: - name: - type: string - description: If a CRD, the fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this spec is the same for all instances of the CRD and can be found here instead of on the CR. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - description: If present, the value of this action is the same for all instances of the CRD and can be found here instead of on the CR. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - - - install: - type: object - description: Information required to install this specific version of the operator software - oneOf: - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['image'] - spec: - type: object - required: - - image - properties: - image: - type: string - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['deployment'] - spec: - type: object - required: - - deployments - properties: - installModes: - type: array - description: List of supported install modes for the operator - items: - type: object - description: A tuple representing a mode of installation and whether the operator supports it - required: - - type - - supported - properties: - type: - type: string - description: A type of install mode - enum: - - OwnNamespace - - SingleNamespace - - MultiNamespace - - AllNamespaces - supported: - type: boolean - description: Represents if the install mode type is supported - deployments: - type: array - description: List of deployments to create - items: - type: object - description: A name and deployment to create in the cluster - required: - - name - - spec - properties: - name: - type: string - description: the consistent name of the deployment - spec: - type: object - description: The deployment spec to create in the cluster - permissions: - type: array - description: Permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - assign - - get - - list - - watch - - create - - update - - patch - - delete - - deletecollection - - initialize - - use - clusterPermissions: - type: array - description: Cluster permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - required: - - verbs - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - nonResourceURLs: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - assign - - get - - list - - watch - - create - - update - - patch - - put - - post - - delete - - deletecollection - - initialize - - use - status: - type: object - description: Status for a ClusterServiceVersion diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_03-installplan.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_03-installplan.crd.yaml deleted file mode 100644 index c7b8eab724..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_03-installplan.crd.yaml +++ /dev/null @@ -1,79 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_03-installplan.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: installplans.operators.coreos.com - annotations: - displayName: Install Plan - description: Represents a plan to install and resolve dependencies for Cluster Services -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: installplans - singular: installplan - kind: InstallPlan - listKind: InstallPlanList - shortNames: - - ip - categories: - - olm - additionalPrinterColumns: - - name: CSV - type: string - description: The first CSV in the list of clusterServiceVersionNames - JSONPath: .spec.clusterServiceVersionNames[0] - - name: Source - type: string - description: The catalog source for the specified CSVs. - JSONPath: .spec.source - - name: Approval - type: string - description: The approval mode - JSONPath: .spec.approval - - name: Approved - type: boolean - JSONPath: .spec.approved - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for an InstallPlan - required: - - clusterServiceVersionNames - - approval - properties: - source: - type: string - description: Name of the preferred CatalogSource - sourceNamespace: - type: string - description: Namespace that contains the preffered CatalogSource - clusterServiceVersionNames: - type: array - description: A list of the names of the Cluster Services - items: - type: string - anyOf: - - properties: - approval: - enum: - - Manual - approved: - type: boolean - required: - - approved - - properties: - approval: - enum: - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_04-subscription.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_04-subscription.crd.yaml deleted file mode 100644 index 24d3648b62..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_04-subscription.crd.yaml +++ /dev/null @@ -1,74 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_04-subscription.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.operators.coreos.com - annotations: - displayName: Subscription - description: Subcribes service catalog to a source and channel to recieve updates for packages. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: subscriptions - singular: subscription - kind: Subscription - listKind: SubscriptionList - shortNames: - - sub - - subs - categories: - - olm - additionalPrinterColumns: - - name: Package - type: string - description: The package subscribed to - JSONPath: .spec.name - - name: Source - type: string - description: The catalog source for the specified package - JSONPath: .spec.source - - name: Channel - type: string - description: The channel of updates to subscribe to - JSONPath: .spec.channel - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for a Subscription - required: - - source - - name - properties: - source: - type: string - description: Name of a CatalogSource that defines where and how to find the channel - sourceNamespace: - type: string - description: The Kubernetes namespace where the CatalogSource used is located - name: - type: string - description: Name of the package that defines the application - channel: - type: string - description: Name of the channel to track - startingCSV: - type: string - description: Name of the AppType that this subscription tracks - installPlanApproval: - type: string - description: Approval mode for emitted InstallPlans - enum: - - Manual - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_05-catalogsource.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_05-catalogsource.crd.yaml deleted file mode 100644 index c8a64bb133..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_05-catalogsource.crd.yaml +++ /dev/null @@ -1,129 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_05-catalogsource.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: catalogsources.operators.coreos.com - annotations: - displayName: CatalogSource - description: A source configured to find packages and updates. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: catalogsources - singular: catalogsource - kind: CatalogSource - listKind: CatalogSourceList - shortNames: - - catsrc - categories: - - olm - additionalPrinterColumns: - - name: Name - type: string - description: The pretty name of the catalog - JSONPath: .spec.displayName - - name: Type - type: string - description: The type of the catalog - JSONPath: .spec.sourceType - - name: Publisher - type: string - description: The publisher of the catalog - JSONPath: .spec.publisher - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for a catalog source. - required: - - sourceType - properties: - sourceType: - type: string - description: The type of the source. `configmap` is the new name for `internal` - enum: - - internal # deprecated - - configmap - - grpc - - configMap: - type: string - description: The name of a ConfigMap that holds the entries for an in-memory catalog. - - address: - type: string - description: An optional address. When set, directs OLM to connect to use a pre-existing registry server at this address. - - image: - type: string - description: An image that serves a grpc registry. Only valid for `grpc` sourceType. If both image and address are set, OLM does not use the address field. - - displayName: - type: string - description: Pretty name for display - - publisher: - type: string - description: The name of an entity that publishes this catalog - - secrets: - type: array - description: A set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. - items: - type: string - description: A name of a secret in the namespace where the CatalogSource is defined. - status: - type: object - description: The status of the CatalogSource - properties: - configMapReference: - type: object - description: If sourceType is `internal` or `configmap`, then this holds a reference to the configmap associated with this CatalogSource. - properties: - name: - type: string - description: name of the configmap - namespace: - type: string - description: namespace of the configmap - resourceVersion: - type: string - description: resourceVersion of the configmap - uid: - type: string - description: uid of the configmap - registryService: - type: object - properties: - protocol: - type: string - description: protocol of the registry service - enum: - - grpc - serviceName: - type: string - description: name of the registry service - serviceNamespace: - type: string - description: namespace of the registry service - port: - type: string - description: port of the registry service - lastSync: - type: string - description: the last time the catalog was updated. If this time is less than the last updated time on the object, the catalog will be re-cached. - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_06-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_06-olm-operator.deployment.yaml deleted file mode 100644 index 9d581350dd..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_06-olm-operator.deployment.yaml +++ /dev/null @@ -1,52 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_06-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: olm - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - args: - - -writeStatusName - - "" - image: quay.io/operator-framework/olm@sha256:4b7dec341fc754fdd2c8784ca7d81747ebbb2b87866b9e61ebbebc8c5614cfdc - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - env: - - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator - nodeSelector: - beta.kubernetes.io/os: linux - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_07-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_07-catalog-operator.deployment.yaml deleted file mode 100644 index 9685da1d2b..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_07-catalog-operator.deployment.yaml +++ /dev/null @@ -1,45 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_07-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: olm - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - args: - - '-namespace' - - olm - - -configmapServerImage=quay.io/operatorframework/configmap-operator-registry:latest - image: quay.io/operator-framework/olm@sha256:4b7dec341fc754fdd2c8784ca7d81747ebbb2b87866b9e61ebbebc8c5614cfdc - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - nodeSelector: - beta.kubernetes.io/os: linux - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_08-aggregated.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_08-aggregated.clusterrole.yaml deleted file mode 100644 index 1d07e091a4..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_08-aggregated.clusterrole.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_08-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "packagemanifests"] - verbs: ["create", "update", "patch", "delete"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "admin", "edit" and "view" default roles - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "packagemanifests"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_09-operatorgroup.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_09-operatorgroup.crd.yaml deleted file mode 100644 index 3bac32d2ba..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_09-operatorgroup.crd.yaml +++ /dev/null @@ -1,96 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_09-operatorgroup.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: operatorgroups.operators.coreos.com -spec: - group: operators.coreos.com - version: v1alpha2 - versions: - - name: v1alpha2 - served: true - storage: true - names: - plural: operatorgroups - singular: operatorgroup - kind: OperatorGroup - listKind: OperatorGroupList - shortNames: - - og - categories: - - olm - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - selector: - type: object - description: Optional label selector to find resources associated with or managed by the operator - anyOf: - - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - required: - - matchLabels - - properties: - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - required: - - matchExpressions - targetNamespaces: - type: array - description: Optional list of target namespaces. If set, OLM will ignore selector. - items: - type: string - pattern: ^\S+$ - serviceAccountName: - type: string - staticProvidedAPIs: - type: boolean - description: If true, OLM will not modify the OperatorGroup's providedAPIs annotation. - type: object - status: - properties: - lastUpdated: - format: date-time - type: string - namespaces: - items: - type: string - type: array - required: - - namespaces - - lastUpdated - type: object - required: - - metadata \ No newline at end of file diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_10-olm-operators.configmap.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_10-olm-operators.configmap.yaml deleted file mode 100644 index d576559e31..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_10-olm-operators.configmap.yaml +++ /dev/null @@ -1,128 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_10-olm-operators.configmap.yaml -kind: ConfigMap -apiVersion: v1 -metadata: - name: olm-operators - namespace: olm - -data: - customResourceDefinitions: |- - clusterServiceVersions: |- - - - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: packageserver.v0.8.1 - namespace: olm - spec: - displayName: Package Server - description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion. - minKubeVersion: 1.11.0 - keywords: ['packagemanifests', 'olm', 'packages'] - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - provider: - name: Red Hat - links: - - name: Package Server - url: https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/package-server - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: true - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - clusterPermissions: - - serviceAccountName: packageserver - rules: - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "operators.coreos.com" - resources: - - catalogsources - verbs: - - get - - list - - watch - - apiGroups: - - "packages.apps.redhat.com" - resources: - - packagemanifests - verbs: - - get - - list - deployments: - - name: packageserver - spec: - replicas: 2 - strategy: - type: RollingUpdate - selector: - matchLabels: - app: packageserver - template: - metadata: - labels: - app: packageserver - spec: - serviceAccountName: packageserver - nodeSelector: - beta.kubernetes.io/os: linux - - containers: - - name: packageserver - command: - - /bin/package-server - - -v=4 - - --secure-port - - "5443" - - --global-namespace - - olm - image: quay.io/operator-framework/olm@sha256:4b7dec341fc754fdd2c8784ca7d81747ebbb2b87866b9e61ebbebc8c5614cfdc - imagePullPolicy: Always - ports: - - containerPort: 5443 - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - maturity: alpha - version: 0.8.1 - apiservicedefinitions: - owned: - - group: packages.apps.redhat.com - version: v1alpha1 - kind: PackageManifest - name: packagemanifests - displayName: PackageManifest - description: A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps - deploymentName: packageserver - containerPort: 5443 - packages: |- - - - packageName: packageserver - channels: - - name: alpha - currentCSV: packageserver.v0.8.1 - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_11-olm-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_11-olm-operators.catalogsource.yaml deleted file mode 100644 index d1da937025..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_11-olm-operators.catalogsource.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_11-olm-operators.catalogsource.yaml -#! validate-crd: ./deploy/chart/templates/05-catalogsource.crd.yaml -#! parse-kind: CatalogSource -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: olm-operators - namespace: olm -spec: - sourceType: internal - configMap: olm-operators - displayName: OLM Operators - publisher: Red Hat diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_12-operatorgroup-default.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_12-operatorgroup-default.yaml deleted file mode 100644 index 4e9a730687..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_12-operatorgroup-default.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_12-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1alpha2 -kind: OperatorGroup -metadata: - name: global-operators - namespace: operators ---- -apiVersion: operators.coreos.com/v1alpha2 -kind: OperatorGroup -metadata: - name: olm-operators - namespace: olm -spec: - targetNamespaces: - - olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_13-packageserver.subscription.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_13-packageserver.subscription.yaml deleted file mode 100644 index d36d4bb1b0..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_13-packageserver.subscription.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_13-packageserver.subscription.yaml -#! validate-crd: ./deploy/chart/templates/04-subscription.crd.yaml -#! parse-kind: Subscription -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - name: packageserver - namespace: olm -spec: - source: olm-operators - sourceNamespace: olm - name: packageserver - channel: alpha diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_17-upstream-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_17-upstream-operators.catalogsource.yaml deleted file mode 100644 index 710d22224d..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.8.1/0000_50_olm_17-upstream-operators.catalogsource.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_17-upstream-operators.catalogsource.yaml - -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: operatorhubio-catalog - namespace: olm -spec: - sourceType: grpc - image: quay.io/operator-framework/upstream-community-operators:latest - displayName: Community Operators - publisher: OperatorHub.io - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_00-namespace.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_00-namespace.yaml deleted file mode 100644 index f2eda530b0..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_00-namespace.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_00-namespace.yaml -apiVersion: v1 -kind: Namespace -metadata: - name: olm - ---- -apiVersion: v1 -kind: Namespace -metadata: - name: operators - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_01-olm-operator.serviceaccount.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_01-olm-operator.serviceaccount.yaml deleted file mode 100644 index 1a2e303d86..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_01-olm-operator.serviceaccount.yaml +++ /dev/null @@ -1,31 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_01-olm-operator.serviceaccount.yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: system:controller:operator-lifecycle-manager -rules: -- apiGroups: ["*"] - resources: ["*"] - verbs: ["*"] -- nonResourceURLs: ["*"] - verbs: ["*"] ---- -kind: ServiceAccount -apiVersion: v1 -metadata: - name: olm-operator-serviceaccount - namespace: olm ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: olm-operator-binding-olm -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: system:controller:operator-lifecycle-manager -subjects: -- kind: ServiceAccount - name: olm-operator-serviceaccount - namespace: olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_03-clusterserviceversion.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_03-clusterserviceversion.crd.yaml deleted file mode 100644 index f11ca58af5..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_03-clusterserviceversion.crd.yaml +++ /dev/null @@ -1,767 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_03-clusterserviceversion.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterserviceversions.operators.coreos.com - annotations: - displayName: Operator Version - description: Represents an Operator that should be running on the cluster, including requirements and install strategy. -spec: - names: - plural: clusterserviceversions - singular: clusterserviceversion - kind: ClusterServiceVersion - listKind: ClusterServiceVersionList - shortNames: - - csv - - csvs - categories: - - olm - additionalPrinterColumns: - - name: Display - type: string - description: The name of the CSV - JSONPath: .spec.displayName - - name: Version - type: string - description: The version of the CSV - JSONPath: .spec.version - - name: Replaces - type: string - description: The name of a CSV that this one replaces - JSONPath: .spec.replaces - - name: Phase - type: string - JSONPath: .status.phase - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for a ClusterServiceVersion - required: - - displayName - - install - properties: - displayName: - type: string - description: Human readable name of the application that will be displayed in the ALM UI - - description: - type: string - description: Human readable description of what the application does - - minKubeVersion: - type: string - description: Minimum kubernetes version requirement on the server to deploy operator - pattern: ^\bv?(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - keywords: - type: array - description: List of keywords which will be used to discover and categorize app types - items: - type: string - - maintainers: - type: array - description: Those responsible for the creation of this specific app type - items: - type: object - description: Information for a single maintainer - required: - - name - - email - properties: - name: - type: string - description: Maintainer's name - email: - type: string - description: Maintainer's email address - format: email - optionalProperties: - type: string - description: "Any additional key-value metadata you wish to expose about the maintainer, e.g. github: " - - links: - type: array - description: Interesting links to find more information about the project, such as marketing page, documentation, or github page - items: - type: object - description: A single link to describe one aspect of the project - required: - - name - - url - properties: - name: - type: string - description: Name of the link type, e.g. homepage or github url - url: - type: string - description: URL to which the link should point - format: uri - - icon: - type: array - description: Icon which should be rendered with the application information - items: - type: object - required: - - base64data - - mediatype - properties: - base64data: - type: string - description: Base64 binary representation of the icon image - mediatype: - type: string - description: Mediatype for the binary data specified in the base64data property - enum: - - image/gif - - image/jpeg - - image/png - - image/svg+xml - version: - type: string - description: Version string, recommended that users use semantic versioning - pattern: ^(0|[1-9]\d*)\.(0|[1-9]\d*)\.(0|[1-9]\d*)(-(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9]\d*|\d*[a-zA-Z-][0-9a-zA-Z-]*))*)?(\+[0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*)?$ - - replaces: - type: string - description: Name of the ClusterServiceVersion custom resource that this version replaces - - maturity: - type: string - description: What level of maturity the software has achieved at this version - enum: - - planning - - pre-alpha - - alpha - - beta - - stable - - mature - - inactive - - deprecated - labels: - type: object - description: Labels that will be applied to associated resources created by the operator. - selector: - type: object - description: Label selector to find resources associated with or managed by the operator - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - nativeAPIs: - type: array - description: What resources are required by the Operator, but must be provided by the underlying cluster and not as an extension. - items: - type: object - required: - - group - - version - - kind - properties: - group: - type: string - description: Group of the API resource - version: - type: string - description: Version of the API resource - kind: - type: string - description: Kind of the API resource - apiservicedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - name - - deploymentName - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - name: - type: string - description: The plural name for the APIService provided - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the APIService - required: - - kind - - version - properties: - name: - type: string - description: If a APIService, the fully qualified name of the APIService (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the API resource and can be found here instead of on the API resource. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the APIService resource. - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this spec is the same for all instances of the API Resource and can be found here instead of on the API resource. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the API resource - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the API resource where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - description: If present, the value of this action is the same for all instances of the API resource and can be found here instead of on the API resource. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - group - - version - - kind - - name - - displayName - - description - properties: - group: - type: string - description: Group of the APIService (e.g. app.coreos.com) - version: - type: string - description: The version field of the APIService - kind: - type: string - description: The kind field of the APIService - name: - type: string - description: The plural name for the APIService provided - deploymentName: - type: string - description: Name of the extension api-server's deployment - containerPort: - type: number - description: Port where the extension api-server serves TLS traffic - displayName: - type: string - description: A human-readable name for the APIService. - description: - type: string - description: A description of the APIService - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the APIService - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the API Resource where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the API Resource and can be found here instead of on the API Resource. - - customresourcedefinitions: - type: object - properties: - owned: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - resources: - type: array - items: - type: object - description: A list of resources that should be displayed for the CRD - required: - - kind - - version - properties: - name: - type: string - description: If a CRD, the fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version of the resource kind - kind: - type: string - description: The kind field of the resource kind - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - specDescriptors: - type: array - items: - type: object - description: A spec for a field in the spec block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the spec entry. - description: - type: string - description: A description of the spec entry. - x-descriptors: - type: array - description: A list of descriptors for the spec entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this spec is the same for all instances of the CRD and can be found here instead of on the CR. - actionDescriptors: - type: array - items: - type: object - description: A spec for actions that can be performed on instances of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the spec object on the CR where the the spec value can be found. - displayName: - type: string - description: A human-readable name for the action. - description: - type: string - description: A description of the action. - x-descriptors: - type: array - description: A list of descriptors for the action that indicate the meaning of the action. - items: - type: string - value: - description: If present, the value of this action is the same for all instances of the CRD and can be found here instead of on the CR. - required: - type: array - description: What resources this operator is responsible for managing. No two running operators should manage the same resource. - items: - type: object - required: - - name - - version - - kind - - displayName - - description - properties: - name: - type: string - description: Fully qualified name of the CustomResourceDefinition (e.g. my-resource-v1.app.coreos.com) - version: - type: string - description: The version field of the CustomResourceDefinition - kind: - type: string - description: The kind field of the CustomResourceDefinition - displayName: - type: string - description: A human-readable name for the CRD. - description: - type: string - description: A description of the CRD - statusDescriptors: - type: array - items: - type: object - description: A spec for a field in the status block of the CRD - required: - - path - - displayName - - description - properties: - path: - type: string - description: A jsonpath indexing into the status object on the CR where the the status value can be found. - displayName: - type: string - description: A human-readable name for the status entry. - description: - type: string - description: A description of the status entry. - x-descriptors: - type: array - description: A list of descriptors for the status entry that indicate the meaning of the field. - items: - type: string - value: - description: If present, the value of this status is the same for all instances of the CRD and can be found here instead of on the CR. - - - install: - type: object - description: Information required to install this specific version of the operator software - oneOf: - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['image'] - spec: - type: object - required: - - image - properties: - image: - type: string - - type: object - required: - - strategy - - spec - properties: - strategy: - type: string - enum: ['deployment'] - spec: - type: object - required: - - deployments - properties: - installModes: - type: array - description: List of supported install modes for the operator - items: - type: object - description: A tuple representing a mode of installation and whether the operator supports it - required: - - type - - supported - properties: - type: - type: string - description: A type of install mode - enum: - - OwnNamespace - - SingleNamespace - - MultiNamespace - - AllNamespaces - supported: - type: boolean - description: Represents if the install mode type is supported - deployments: - type: array - description: List of deployments to create - items: - type: object - description: A name and deployment to create in the cluster - required: - - name - - spec - properties: - name: - type: string - description: the consistent name of the deployment - spec: - type: object - description: The deployment spec to create in the cluster - permissions: - type: array - description: Permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - assign - - get - - list - - watch - - create - - update - - patch - - delete - - deletecollection - - initialize - - use - clusterPermissions: - type: array - description: Cluster permissions needed by the deployement to run correctly - items: - type: object - required: - - serviceAccountName - - rules - properties: - serviceAccountName: - type: string - description: The service account name to create for the deployment - rules: - type: array - items: - type: object - required: - - verbs - description: a rule required by the service account - properties: - apiGroups: - type: array - description: apiGroups the rule applies to - items: - type: string - resources: - type: array - items: - type: string - resourceNames: - type: array - items: - type: string - nonResourceURLs: - type: array - items: - type: string - verbs: - type: array - items: - type: string - enum: - - "*" - - assign - - get - - list - - watch - - create - - update - - patch - - put - - post - - delete - - deletecollection - - initialize - - use - status: - type: object - description: Status for a ClusterServiceVersion diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_04-installplan.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_04-installplan.crd.yaml deleted file mode 100644 index 3e83c677fb..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_04-installplan.crd.yaml +++ /dev/null @@ -1,79 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_04-installplan.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: installplans.operators.coreos.com - annotations: - displayName: Install Plan - description: Represents a plan to install and resolve dependencies for Cluster Services -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: installplans - singular: installplan - kind: InstallPlan - listKind: InstallPlanList - shortNames: - - ip - categories: - - olm - additionalPrinterColumns: - - name: CSV - type: string - description: The first CSV in the list of clusterServiceVersionNames - JSONPath: .spec.clusterServiceVersionNames[0] - - name: Source - type: string - description: The catalog source for the specified CSVs. - JSONPath: .spec.source - - name: Approval - type: string - description: The approval mode - JSONPath: .spec.approval - - name: Approved - type: boolean - JSONPath: .spec.approved - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for an InstallPlan - required: - - clusterServiceVersionNames - - approval - properties: - source: - type: string - description: Name of the preferred CatalogSource - sourceNamespace: - type: string - description: Namespace that contains the preffered CatalogSource - clusterServiceVersionNames: - type: array - description: A list of the names of the Cluster Services - items: - type: string - anyOf: - - properties: - approval: - enum: - - Manual - approved: - type: boolean - required: - - approved - - properties: - approval: - enum: - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_05-subscription.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_05-subscription.crd.yaml deleted file mode 100644 index 5ba0b3cd58..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_05-subscription.crd.yaml +++ /dev/null @@ -1,74 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_05-subscription.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: subscriptions.operators.coreos.com - annotations: - displayName: Subscription - description: Subcribes service catalog to a source and channel to recieve updates for packages. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: subscriptions - singular: subscription - kind: Subscription - listKind: SubscriptionList - shortNames: - - sub - - subs - categories: - - olm - additionalPrinterColumns: - - name: Package - type: string - description: The package subscribed to - JSONPath: .spec.name - - name: Source - type: string - description: The catalog source for the specified package - JSONPath: .spec.source - - name: Channel - type: string - description: The channel of updates to subscribe to - JSONPath: .spec.channel - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for a Subscription - required: - - source - - name - properties: - source: - type: string - description: Name of a CatalogSource that defines where and how to find the channel - sourceNamespace: - type: string - description: The Kubernetes namespace where the CatalogSource used is located - name: - type: string - description: Name of the package that defines the application - channel: - type: string - description: Name of the channel to track - startingCSV: - type: string - description: Name of the AppType that this subscription tracks - installPlanApproval: - type: string - description: Approval mode for emitted InstallPlans - enum: - - Manual - - Automatic diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_06-catalogsource.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_06-catalogsource.crd.yaml deleted file mode 100644 index 26f0274274..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_06-catalogsource.crd.yaml +++ /dev/null @@ -1,129 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_06-catalogsource.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: catalogsources.operators.coreos.com - annotations: - displayName: CatalogSource - description: A source configured to find packages and updates. -spec: - group: operators.coreos.com - version: v1alpha1 - versions: - - name: v1alpha1 - served: true - storage: true - scope: Namespaced - names: - plural: catalogsources - singular: catalogsource - kind: CatalogSource - listKind: CatalogSourceList - shortNames: - - catsrc - categories: - - olm - additionalPrinterColumns: - - name: Name - type: string - description: The pretty name of the catalog - JSONPath: .spec.displayName - - name: Type - type: string - description: The type of the catalog - JSONPath: .spec.sourceType - - name: Publisher - type: string - description: The publisher of the catalog - JSONPath: .spec.publisher - - name: Age - type: date - JSONPath: .metadata.creationTimestamp - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - type: object - description: Spec for a catalog source. - required: - - sourceType - properties: - sourceType: - type: string - description: The type of the source. `configmap` is the new name for `internal` - enum: - - internal # deprecated - - configmap - - grpc - - configMap: - type: string - description: The name of a ConfigMap that holds the entries for an in-memory catalog. - - address: - type: string - description: An optional address. When set, directs OLM to connect to use a pre-existing registry server at this address. - - image: - type: string - description: An image that serves a grpc registry. Only valid for `grpc` sourceType. If both image and address are set, OLM does not use the address field. - - displayName: - type: string - description: Pretty name for display - - publisher: - type: string - description: The name of an entity that publishes this catalog - - secrets: - type: array - description: A set of secrets that can be used to access the contents of the catalog. It is best to keep this list small, since each will need to be tried for every catalog entry. - items: - type: string - description: A name of a secret in the namespace where the CatalogSource is defined. - status: - type: object - description: The status of the CatalogSource - properties: - configMapReference: - type: object - description: If sourceType is `internal` or `configmap`, then this holds a reference to the configmap associated with this CatalogSource. - properties: - name: - type: string - description: name of the configmap - namespace: - type: string - description: namespace of the configmap - resourceVersion: - type: string - description: resourceVersion of the configmap - uid: - type: string - description: uid of the configmap - registryService: - type: object - properties: - protocol: - type: string - description: protocol of the registry service - enum: - - grpc - serviceName: - type: string - description: name of the registry service - serviceNamespace: - type: string - description: namespace of the registry service - port: - type: string - description: port of the registry service - lastSync: - type: string - description: the last time the catalog was updated. If this time is less than the last updated time on the object, the catalog will be re-cached. - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_07-olm-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_07-olm-operator.deployment.yaml deleted file mode 100644 index 598e0a708f..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_07-olm-operator.deployment.yaml +++ /dev/null @@ -1,57 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_07-olm-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: olm-operator - namespace: olm - labels: - app: olm-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: olm-operator - template: - metadata: - labels: - app: olm-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: olm-operator - command: - - /bin/olm - args: - - -writeStatusName - - "" - image: quay.io/operator-framework/olm@sha256:7e4b13b89b3d59876b228697bbd0c9e364fd73f946ab90308c34fd82053a5a76 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - env: - - - name: OPERATOR_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: OPERATOR_NAME - value: olm-operator - - - nodeSelector: - beta.kubernetes.io/os: linux - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_08-catalog-operator.deployment.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_08-catalog-operator.deployment.yaml deleted file mode 100644 index 56884c6075..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_08-catalog-operator.deployment.yaml +++ /dev/null @@ -1,52 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_08-catalog-operator.deployment.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: catalog-operator - namespace: olm - labels: - app: catalog-operator -spec: - strategy: - type: RollingUpdate - replicas: 1 - selector: - matchLabels: - app: catalog-operator - template: - metadata: - labels: - app: catalog-operator - spec: - serviceAccountName: olm-operator-serviceaccount - containers: - - name: catalog-operator - command: - - /bin/catalog - args: - - '-namespace' - - olm - - -configmapServerImage=quay.io/operator-framework/configmap-operator-registry:latest - image: quay.io/operator-framework/olm@sha256:7e4b13b89b3d59876b228697bbd0c9e364fd73f946ab90308c34fd82053a5a76 - imagePullPolicy: IfNotPresent - ports: - - containerPort: 8080 - - containerPort: 8081 - name: metrics - protocol: TCP - livenessProbe: - httpGet: - path: /healthz - port: 8080 - readinessProbe: - httpGet: - path: /healthz - port: 8080 - env: - - - - nodeSelector: - beta.kubernetes.io/os: linux - diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_09-aggregated.clusterrole.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_09-aggregated.clusterrole.yaml deleted file mode 100644 index 5bc6832fc4..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_09-aggregated.clusterrole.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_09-aggregated.clusterrole.yaml -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-edit - labels: - # Add these permissions to the "admin" and "edit" default roles. - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "packagemanifests"] - verbs: ["create", "update", "patch", "delete"] ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: aggregate-olm-view - labels: - # Add these permissions to the "admin", "edit" and "view" default roles - rbac.authorization.k8s.io/aggregate-to-admin: "true" - rbac.authorization.k8s.io/aggregate-to-edit: "true" - rbac.authorization.k8s.io/aggregate-to-view: "true" -rules: -- apiGroups: ["operators.coreos.com"] - resources: ["clusterserviceversions", "catalogsources", "installplans", "subscriptions", "packagemanifests"] - verbs: ["get", "list", "watch"] diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_10-operatorgroup.crd.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_10-operatorgroup.crd.yaml deleted file mode 100644 index e9a7de6698..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_10-operatorgroup.crd.yaml +++ /dev/null @@ -1,99 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_10-operatorgroup.crd.yaml -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: operatorgroups.operators.coreos.com -spec: - group: operators.coreos.com - version: v1 - versions: - - name: v1 - served: true - storage: true - - name: v1alpha2 - served: true - storage: false - names: - plural: operatorgroups - singular: operatorgroup - kind: OperatorGroup - listKind: OperatorGroupList - shortNames: - - og - categories: - - olm - scope: Namespaced - subresources: - # status enables the status subresource. - status: {} - validation: - openAPIV3Schema: - properties: - spec: - properties: - selector: - type: object - description: Optional label selector to find resources associated with or managed by the operator - anyOf: - - properties: - matchLabels: - type: object - description: Label key:value pairs to match directly - required: - - matchLabels - - properties: - matchExpressions: - type: array - description: A set of expressions to match against the resource. - items: - allOf: - - type: object - required: - - key - - operator - - values - properties: - key: - type: string - description: the key to match - operator: - type: string - description: the operator for the expression - enum: - - In - - NotIn - - Exists - - DoesNotExist - values: - type: array - description: set of values for the expression - required: - - matchExpressions - targetNamespaces: - type: array - description: Optional list of target namespaces. If set, OLM will ignore selector. - items: - type: string - pattern: ^\S+$ - serviceAccountName: - type: string - staticProvidedAPIs: - type: boolean - description: If true, OLM will not modify the OperatorGroup's providedAPIs annotation. - type: object - status: - properties: - lastUpdated: - format: date-time - type: string - namespaces: - items: - type: string - type: array - required: - - namespaces - - lastUpdated - type: object - required: - - metadata diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_11-olm-operators.configmap.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_11-olm-operators.configmap.yaml deleted file mode 100644 index d870db803f..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_11-olm-operators.configmap.yaml +++ /dev/null @@ -1,131 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_11-olm-operators.configmap.yaml -kind: ConfigMap -apiVersion: v1 -metadata: - name: olm-operators - namespace: olm -data: - customResourceDefinitions: |- - clusterServiceVersions: |- - - apiVersion: operators.coreos.com/v1alpha1 - kind: ClusterServiceVersion - metadata: - name: packageserver.v0.9.0 - namespace: olm - spec: - displayName: Package Server - description: Represents an Operator package that is available from a given CatalogSource which will resolve to a ClusterServiceVersion. - minKubeVersion: 1.11.0 - keywords: ['packagemanifests', 'olm', 'packages'] - maintainers: - - name: Red Hat - email: openshift-operators@redhat.com - provider: - name: Red Hat - links: - - name: Package Server - url: https://github.com/operator-framework/operator-lifecycle-manager/tree/master/pkg/package-server - installModes: - - type: OwnNamespace - supported: true - - type: SingleNamespace - supported: true - - type: MultiNamespace - supported: true - - type: AllNamespaces - supported: true - install: - strategy: deployment - spec: - clusterPermissions: - - serviceAccountName: packageserver - rules: - - apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create - - get - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - apiGroups: - - "operators.coreos.com" - resources: - - catalogsources - verbs: - - get - - list - - watch - - apiGroups: - - "packages.operators.coreos.com" - resources: - - packagemanifests - verbs: - - get - - list - deployments: - - name: packageserver - spec: - strategy: - type: RollingUpdate - replicas: 2 - selector: - matchLabels: - app: packageserver - template: - metadata: - labels: - app: packageserver - spec: - serviceAccountName: packageserver - nodeSelector: - beta.kubernetes.io/os: linux - - containers: - - name: packageserver - command: - - /bin/package-server - - -v=4 - - --secure-port - - "5443" - - --global-namespace - - olm - image: quay.io/operator-framework/olm@sha256:7e4b13b89b3d59876b228697bbd0c9e364fd73f946ab90308c34fd82053a5a76 - imagePullPolicy: Always - ports: - - containerPort: 5443 - livenessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - readinessProbe: - httpGet: - scheme: HTTPS - path: /healthz - port: 5443 - maturity: alpha - version: 0.9.0 - apiservicedefinitions: - owned: - - group: packages.operators.coreos.com - version: v1 - kind: PackageManifest - name: packagemanifests - displayName: PackageManifest - description: A PackageManifest is a resource generated from existing CatalogSources and their ConfigMaps - deploymentName: packageserver - containerPort: 5443 - packages: |- - - packageName: packageserver - channels: - - name: alpha - currentCSV: packageserver.v0.9.0 \ No newline at end of file diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_12-olm-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_12-olm-operators.catalogsource.yaml deleted file mode 100644 index b1be6a6556..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_12-olm-operators.catalogsource.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_12-olm-operators.catalogsource.yaml -#! validate-crd: ./deploy/chart/templates/06-catalogsource.crd.yaml -#! parse-kind: CatalogSource -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: olm-operators - namespace: olm -spec: - sourceType: internal - configMap: olm-operators - displayName: OLM Operators - publisher: Red Hat diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_13-operatorgroup-default.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_13-operatorgroup-default.yaml deleted file mode 100644 index 0284583006..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_13-operatorgroup-default.yaml +++ /dev/null @@ -1,16 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_13-operatorgroup-default.yaml -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: global-operators - namespace: operators ---- -apiVersion: operators.coreos.com/v1 -kind: OperatorGroup -metadata: - name: olm-operators - namespace: olm -spec: - targetNamespaces: - - olm diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_14-packageserver.subscription.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_14-packageserver.subscription.yaml deleted file mode 100644 index 69ea7b01aa..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_14-packageserver.subscription.yaml +++ /dev/null @@ -1,14 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_14-packageserver.subscription.yaml -#! validate-crd: ./deploy/chart/templates/05-subscription.crd.yaml -#! parse-kind: Subscription -apiVersion: operators.coreos.com/v1alpha1 -kind: Subscription -metadata: - name: packageserver - namespace: olm -spec: - source: olm-operators - sourceNamespace: olm - name: packageserver - channel: alpha diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_18-upstream-operators.catalogsource.yaml b/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_18-upstream-operators.catalogsource.yaml deleted file mode 100644 index 3275c6f278..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/0.9.0/0000_50_olm_18-upstream-operators.catalogsource.yaml +++ /dev/null @@ -1,12 +0,0 @@ ---- -# Source: olm/templates/0000_50_olm_18-upstream-operators.catalogsource.yaml -apiVersion: operators.coreos.com/v1alpha1 -kind: CatalogSource -metadata: - name: operatorhubio-catalog - namespace: olm -spec: - sourceType: grpc - image: quay.io/operator-framework/upstream-community-operators:latest - displayName: Community Operators - publisher: OperatorHub.io diff --git a/staging/operator-lifecycle-manager/deploy/upstream/manifests/latest b/staging/operator-lifecycle-manager/deploy/upstream/manifests/latest deleted file mode 120000 index dbfa849a36..0000000000 --- a/staging/operator-lifecycle-manager/deploy/upstream/manifests/latest +++ /dev/null @@ -1 +0,0 @@ -./0.18.3 \ No newline at end of file diff --git a/staging/operator-lifecycle-manager/test/e2e/collect-ci-artifacts.sh b/staging/operator-lifecycle-manager/test/e2e/collect-ci-artifacts.sh index 813c162695..14d2ad0b00 100755 --- a/staging/operator-lifecycle-manager/test/e2e/collect-ci-artifacts.sh +++ b/staging/operator-lifecycle-manager/test/e2e/collect-ci-artifacts.sh @@ -4,7 +4,6 @@ set -o pipefail set -o nounset set -o errexit -: "${KUBECONFIG:?}" : "${TEST_NAMESPACE:?}" : "${TEST_ARTIFACTS_DIR:?}" : "${KUBECTL:=kubectl}" diff --git a/staging/operator-lifecycle-manager/test/e2e/webhook_e2e_test.go b/staging/operator-lifecycle-manager/test/e2e/webhook_e2e_test.go index ed99d46ef4..5cb3b01c8f 100644 --- a/staging/operator-lifecycle-manager/test/e2e/webhook_e2e_test.go +++ b/staging/operator-lifecycle-manager/test/e2e/webhook_e2e_test.go @@ -650,7 +650,7 @@ var _ = Describe("CSVs with a Webhook", Label("Webhooks"), func() { }).Should(Equal(2)) }) When("Installed from a catalog Source", func() { - const csvName = "webhook-operator.v0.0.1" + const csvName = "webhook-operator.v0.0.5" var cleanupCSV cleanupFunc var cleanupCatSrc cleanupFunc var cleanupSubscription cleanupFunc @@ -665,7 +665,7 @@ var _ = Describe("CSVs with a Webhook", Label("Webhooks"), func() { packageName := "webhook-operator" channelName := "alpha" - catSrcImage := "quay.io/operator-framework/webhook-operator-index" + catSrcImage := "quay.io/olmtest/webhook-operator-index" By(`Create gRPC CatalogSource`) source := &operatorsv1alpha1.CatalogSource{ @@ -679,7 +679,7 @@ var _ = Describe("CSVs with a Webhook", Label("Webhooks"), func() { }, Spec: operatorsv1alpha1.CatalogSourceSpec{ SourceType: operatorsv1alpha1.SourceTypeGrpc, - Image: catSrcImage + ":0.0.3", + Image: catSrcImage + ":v0.0.5", GrpcPodConfig: &operatorsv1alpha1.GrpcPodConfig{ SecurityContextConfig: operatorsv1alpha1.Restricted, }, @@ -709,6 +709,57 @@ var _ = Describe("CSVs with a Webhook", Label("Webhooks"), func() { require.NoError(GinkgoT(), err) cleanupCSV = buildCSVCleanupFunc(c, crc, *csv, source.GetNamespace(), true, true) + + By(`Wait for the ValidatingWebhookConfiguration to be created`) + Eventually(func() error { + webhookList, err := c.KubernetesInterface().AdmissionregistrationV1().ValidatingWebhookConfigurations().List(context.TODO(), metav1.ListOptions{}) + if err != nil { + return err + } + for _, webhook := range webhookList.Items { + for _, wh := range webhook.Webhooks { + if wh.Name == "vwebhooktest-v1.kb.io" { + return nil + } + } + } + return fmt.Errorf("ValidatingWebhookConfiguration with webhook name vwebhooktest-v1.kb.io not found") + }, 2*time.Minute, 2*time.Second).Should(Succeed(), "ValidatingWebhookConfiguration should be created after CSV succeeds") + + By(`Wait for the webhook service to have endpoints`) + Eventually(func() error { + // Find the webhook deployment from the CSV + if len(csv.Spec.WebhookDefinitions) == 0 { + return fmt.Errorf("CSV has no webhook definitions") + } + webhookDef := csv.Spec.WebhookDefinitions[0] + serviceName := install.ServiceName(webhookDef.DeploymentName) + + // Check if the service has endpoints + endpoints, err := c.KubernetesInterface().CoreV1().Endpoints(source.GetNamespace()).Get(context.TODO(), serviceName, metav1.GetOptions{}) + if err != nil { + return err + } + if len(endpoints.Subsets) == 0 || len(endpoints.Subsets[0].Addresses) == 0 { + return fmt.Errorf("service %s has no ready endpoints", serviceName) + } + return nil + }, 2*time.Minute, 2*time.Second).Should(Succeed(), "Webhook service should have ready endpoints") + + By(`Wait for the webhooktests CRD to be established`) + Eventually(func() error { + crd, err := c.ApiextensionsInterface().ApiextensionsV1().CustomResourceDefinitions().Get(context.TODO(), "webhooktests.webhook.operators.coreos.io", metav1.GetOptions{}) + if err != nil { + return err + } + // Check if CRD is established + for _, cond := range crd.Status.Conditions { + if cond.Type == apiextensionsv1.Established && cond.Status == apiextensionsv1.ConditionTrue { + return nil + } + } + return fmt.Errorf("CRD webhooktests.webhook.operators.coreos.io is not established yet") + }, 2*time.Minute, 2*time.Second).Should(Succeed(), "WebhookTest CRD should be established") }) AfterEach(func() { @@ -738,14 +789,39 @@ var _ = Describe("CSVs with a Webhook", Label("Webhooks"), func() { }, }, } - expectedErrorMessage := "admission webhook \"vwebhooktest.kb.io\" denied the request: WebhookTest.test.operators.coreos.com \"my-cr-1\" is invalid: spec.schedule: Invalid value: false: Spec.Valid must be true" - Eventually(func() bool { + // Use more flexible error matching - check for key parts of the error message + // instead of exact string match which can be fragile + Eventually(func() (bool, error) { err := c.CreateCustomResource(invalidCR) - if err == nil || expectedErrorMessage != err.Error() { - return false + if err == nil { + // CR was created successfully - this shouldn't happen! + // Clean it up and return an error so we can see what's wrong + _ = c.DeleteCustomResource("webhook.operators.coreos.io", "v1", generatedNamespace.GetName(), "webhooktests", "my-cr-1") + return false, fmt.Errorf("CreateCustomResource succeeded but should have been rejected by webhook") + } + + errMsg := err.Error() + + // Skip "already exists" errors from previous retry attempts + if strings.Contains(errMsg, "already exists") { + // Clean up and retry + _ = c.DeleteCustomResource("webhook.operators.coreos.io", "v1", generatedNamespace.GetName(), "webhooktests", "my-cr-1") + return false, nil + } + + // Check that the error contains the expected key components + hasWebhookName := strings.Contains(errMsg, "vwebhooktest-v1.kb.io") + hasDenied := strings.Contains(errMsg, "denied the request") + hasResourceName := strings.Contains(errMsg, "my-cr-1") + hasValidationMsg := strings.Contains(errMsg, "Spec.Valid must be true") + + if hasWebhookName && hasDenied && hasResourceName && hasValidationMsg { + return true, nil } - return true - }).Should(BeTrue(), "The admission webhook should have rejected the invalid resource") + // Return error with details about what's missing for debugging + return false, fmt.Errorf("error message missing expected parts (webhook:%v, denied:%v, name:%v, validation:%v): %s", + hasWebhookName, hasDenied, hasResourceName, hasValidationMsg, errMsg) + }, 1*time.Minute, 2*time.Second).Should(BeTrue(), "The admission webhook should have rejected the invalid resource") By(`An valid custom resource is acceoted by the validating webhook and the mutating webhook sets the CR's spec.mutate field to true.`) validCR := &unstructured.Unstructured{